From MAILER-DAEMON at ecs.soton.ac.uk  Sun Dec  4 15:32:29 2005
From: MAILER-DAEMON at ecs.soton.ac.uk (Mail System Internal Data)
Date: Thu Jan 12 21:14:01 2006
Subject: DON'T DELETE THIS MESSAGE -- FOLDER INTERNAL DATA
Message-ID: <1133710349@ecs.soton.ac.uk>

This text is part of the internal format of your mail folder, and is not
a real message.  It is created automatically by the mail system software.
If deleted, important folder data will be lost, and it will be re-created
with the data reset to initial values.

From technician at CENPAC.NET.NR  Thu Dec  1 00:13:02 2005
From: technician at CENPAC.NET.NR (Jon Leeman)
Date: Thu Jan 12 21:31:19 2006
Subject: Mail::ClamAV Install problem
Message-ID: <mailman.17344.1137101479.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

>>Group,
>>
>>I have recently installed MS on a Mandrake 10.0 machine from
>>"install-Clam-SA.tar.gz" and "MailScanner-4.47.4-2.rpm.tar.gz".
>>
>>(I have a production MDK 10.0 machine I installed about 7 months ago
>>running MS 4.40.6 / ClamAV 0.83 /  0.17  Mail::ClamAV.)
> 
> 
> Why would you stay with dreary ol' 10.0? I've installed exactly this
> on a LE2005 (10.2) with no problems whatsoever... And will probably
> move up to 10.3 (2006) when I get a free timeslot or two...:-)

As soon as a friend sends the 10.2 CD's from overseas - ever tried
downloading the three ISO's via a congested 64 Kbps satellite link ? -
I'll do a complete re-install.

<snip>


> (snip)
> Do you have any other errors that might pertain to this? That "failed
> in require" indicate that you can't get hold of the libclamav
> functions somehow (assuming I read the code correctly:-), one option
> of which would be for it to fail to build at all...

I came in at about 0400 this morning and did a complete re-install of
the machine with 10.0 again.  Mail-ClamAV-0.17.tar.gz installed with 
absolutely no problems this time.  I must have screwed something badly 
with the original install.

Thanks for your time.


> BTW, you should really update that Clamav install on the "old
> (working) system" regardless of this problem, since 0.83 will fail to
> get signature updates (run a "freshclam -v" if you need "proof":).

Thanks for the 'heads up' and I have upgraded.  Just as well I run 
Bitdefender in parallel.

Regards,

Jon [Nauru, Central Pacific]

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jwilliams at COURTESYMORTGAGE.COM  Thu Dec  1 00:41:13 2005
From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams)
Date: Thu Jan 12 21:31:19 2006
Subject: spam checks on outgoing mail
Message-ID: <mailman.17345.1137101479.24926.mailscanner@lists.mailscanner.info>


Something I was thinking about today.


First, does anyone here just whitelist their internal mail server so
MailScanner never checks the mail to be as SPAM?

 

Are there any disadvantages to this setup?

 

Lastly, if you wanted to do so, the quickest way to whitelist your
internal mail from never being marked as spam, would be to put the IP
address in spam.whitelist.rules?

 

Just curious and thought I&#8217;d ask.

 

Cheers,

 

Jason


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From alex at NKPANAMA.COM  Thu Dec  1 01:26:33 2005
From: alex at NKPANAMA.COM (Alex Neuman van der Hans)
Date: Thu Jan 12 21:31:19 2006
Subject: Mailling List!
Message-ID: <mailman.17346.1137101479.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

What would traffic/disk space be like if I wanted to offer a spot for 
the list on my rack? Perhaps I could also act as a backup MX in case of 
4xx temp failures? Just thinking out loud...

Glenn Steen wrote:

>On 25/11/05, Doug Hall <DougHall@sankyo.co.uk> wrote:
>  
>
>>I can provide the server for the list if you like
>>
>>
>>-----Original Message-----
>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
>>Behalf Of Glenn Steen
>>Sent: 23 November 2005 13:30
>>To: MAILSCANNER@JISCMAIL.AC.UK
>>Subject: Re: Test mail, please ignore
>>
>>On 23/11/05, Glenn Steen <glenn.steen@gmail.com> wrote:
>>    
>>
>>>As said, please ignore ... I'm just trying to see (with telnet) what's
>>>      
>>>
>>preventing my messages to go to the list...Sigh.
>>    
>>
>>>-- Glenn
>>>
>>>      
>>>
>>And now I know... Probably someone else have already mentioned this...
>>Tempfail on kili.jiscmail.ac.uk ... Sigh. Since this is unlikely to
>>reach the list I'll mail Jules too.
>>
>>Couldn't we move the list to something a bit more reliable? ("We" in
>>this case would be Jules ... and possibly Mr Michele Neylon:)
>>
>>Transcript of communication with kili:
>># telnet kili.jiscmail.ac.uk 25
>>Trying 130.246.192.52...
>>Connected to kili.jiscmail.ac.uk (130.246.192.52).
>>Escape character is '^]'.
>>220 kili.jiscmail.ac.uk ESMTP JISCmail mailer; Wed, 23 Nov 2005 13:23:39
>>GMT EHLO aa.nn.se 250-kili.jiscmail.ac.uk Hello xxxx [xxxxxxxx], pleased
>>to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE
>>250-DSN 250-ETRN 250-DELIVERBY 250 HELP MAIL
>>from:<glenn.steen@gmail.com>
>>452 4.4.5 Insufficient disk space; try again later quit
>>452 4.4.5 Insufficient disk space; try again later quit
>>221 2.0.0 kili.jiscmail.ac.uk closing connection Connection closed by
>>foreign host.
>>
>>--
>>-- Glenn
>>email: glenn < dot > steen < at > gmail < dot > com
>>work: glenn < dot > steen < at > ap1 < dot > se
>>
>>    
>>
>
>Well, that took it's sweet time getting to the list. Just had a new
>rejection from the list (both fili and kili giving me a "connection
>refused"), probably from when they've restarted them... Or else
>they've decided to hate me for suggesting a move:-):-).
>
>Anyway, As I said in the initial mail, I CC:d Jules, who has been in
>contact with jisc about this. Without saying too much, there might be
>a hint of a possibility that things are looking to change for the
>list... Perhaps not a move, as such, but ... we'll see:).
>
>If you all feel like it, this would be a good spot to enumerate
>everything good/bad with the current list service...
>
>My #1 peeve is that it simply seems to be rather badly
>managed/administered... If they want to "set up and forget", they
>should at least monitor simple things (like disk usage) via SNMP or
>similar. Has someone been keeping count on the number of occasions the
>last year that it's been erratic/unavailable?
>
>(BTW thanks for offering an alternative home... I'm sure Julian will
>be very grateful, if it comes to that)
>--
>-- Glenn
>email: glenn < dot > steen < at > gmail < dot > com
>work: glenn < dot > steen < at > ap1 < dot > se
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>  
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From alex at NKPANAMA.COM  Thu Dec  1 01:36:33 2005
From: alex at NKPANAMA.COM (Alex Neuman van der Hans)
Date: Thu Jan 12 21:31:19 2006
Subject: New feature: "Reject Message"
Message-ID: <mailman.17347.1137101479.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>
>When you want to reject messages to or from a particular address, the  
>usual answer is "do it in the MTA". The hazard with this is that the  
>rejection message sent back to the sender is very brief and very  
>technical. Somewhere in it, the message will probably say "550 Access  
>denied" or some equally unhelpful message.
>  
>
I usually make my MTA reject crap with entries like:

551 Mail Rejected - Please check http://www.my-server.com/bounces/

or

551 Mail Rejected - Please visit 
http://my-server.com/whybounce.php?ip=1.2.3.4

... where whybounce.php is just a form that shows a more specific reason 
(date, time and content that triggered the blacklisting) and a contact 
number, along with a gmail.com address that gets checked once per day.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From michele at BLACKNIGHT.IE  Thu Dec  1 01:40:26 2005
From: michele at BLACKNIGHT.IE (Michele Neylon:: Blacknight.ie)
Date: Thu Jan 12 21:31:19 2006
Subject: New feature: "Reject Message"
Message-ID: <mailman.17348.1137101479.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Alex Neuman van der Hans wrote:
> I usually make my MTA reject crap with entries like:
> 
> 551 Mail Rejected - Please check http://www.my-server.com/bounces/
> 
> or
> 
> 551 Mail Rejected - Please visit
> http://my-server.com/whybounce.php?ip=1.2.3.4
> 
> ... where whybounce.php is just a form that shows a more specific reason
> (date, time and content that triggered the blacklisting) and a contact
> number, along with a gmail.com address that gets checked once per day.

How do you update the reject reason on the form?


-- 
Mr Michele Neylon
Blacknight Solutions
Quality Business Hosting & Colocation
http://www.blacknight.ie/
Tel. 1850 927 280
Intl. +353 (0) 59  9183072
Direct Dial: +353 (0)59 9183090
Fax. +353 (0) 59  9164239

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From alex at NKPANAMA.COM  Thu Dec  1 01:41:13 2005
From: alex at NKPANAMA.COM (Alex Neuman van der Hans)
Date: Thu Jan 12 21:31:19 2006
Subject: spam checks on outgoing mail
Message-ID: <mailman.17349.1137101479.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "windows-1252" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Actually I'd use a ruleset and "From:127.0.0.1 no" to things like "spam 
checks = "; but it would leave your server open to being used as a spam 
proxy if, for whatever reason, your server gets exploited or something.

Jason Williams wrote:

> Something I was thinking about today.
>
>
> First, does anyone here just whitelist their internal mail server so 
> MailScanner never checks the mail to be as SPAM?
>
> Are there any disadvantages to this setup?
>
> Lastly, if you wanted to do so, the quickest way to whitelist your 
> internal mail from never being marked as spam, would be to put the IP 
> address in spam.whitelist.rules?
>
> Just curious and thought I^Òd ask.
>
> Cheers,
>
> Jason
>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> *Support MailScanner development - buy the book off the website!*

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From michele at BLACKNIGHT.IE  Thu Dec  1 01:47:33 2005
From: michele at BLACKNIGHT.IE (Michele Neylon:: Blacknight.ie)
Date: Thu Jan 12 21:31:19 2006
Subject: spam checks on outgoing mail
Message-ID: <mailman.17350.1137101479.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "windows-1252" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

> First, does anyone here just whitelist their internal mail server so
>> MailScanner never checks the mail to be as SPAM?
>>
>> Are there any disadvantages to this setup?
>>

It obviously depends on what your mail server(s) are doing and where
they are located etc.,

Our office mailserver only handles mail (outgoing) and serves files
etc., while the majority of other servers on our network would also
serve web content etc., Naturally, from our perspective, outbound spam
checks on all servers not only makes sense, but has saved us from
"issues" on more than one occassion.

YMMV

Michele


-- 
Mr Michele Neylon
Blacknight Solutions
Quality Business Hosting & Colocation
http://www.blacknight.ie/
Tel. 1850 927 280
Intl. +353 (0) 59  9183072
Direct Dial: +353 (0)59 9183090
Fax. +353 (0) 59  9164239

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From pete at ENITECH.COM.AU  Thu Dec  1 02:02:52 2005
From: pete at ENITECH.COM.AU (Peter Russell)
Date: Thu Jan 12 21:31:19 2006
Subject: (OT) Postfix Virtual
Message-ID: <mailman.17351.1137101479.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Many thanks again for your help i really appreciate it.

I have run out of time so i simply need to build the maps manually and 
come back to them later to automate and simply.

As i will building them manually (mail merge) I think i will do 
something simple like;

/pete@.*domain1.tld/ pete1@domain3.tld

This should handle any subs for domain1 ?

Thanks again
Pete

Glenn Steen wrote:
> On 30/11/05, Glenn Steen <glenn.steen@gmail.com> wrote:
> (snip)
> 
>>I think you need test this fairly carefully, if you decide to go this
>>way, since PF will not do the "magic exploding" it usually does when
>>matching regular expressions.
> 
> (snip)
> I'm just too tired.... Really bad wording on my part there... The
> "magic address exploding" is done when _not_ using an RE map, so that
> that type of matching get fed nice things like
> "user+local@domain.tld", user@domain.tld", "user+local", "user",
> "@domain.tld" ...
> When you use a regular expression type of map (regexp and pcre), that
> type of "exploding" is _not_ done. You get the address in all its gory
> details;)
> Sigh. Off to bed:-).
> --
> -- Glenn
> email: glenn < dot > steen < at > gmail < dot > com
> work: glenn < dot > steen < at > ap1 < dot > se
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 
> 
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Nicolas.Schmitz at EC-NANTES.FR  Thu Dec  1 09:12:48 2005
From: Nicolas.Schmitz at EC-NANTES.FR (Nicolas Schmitz)
Date: Thu Jan 12 21:31:19 2006
Subject: Files hidden in very deeply nested archive
Message-ID: <mailman.17352.1137101479.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hello,
I have quite often false positive with "Files hidden in very deeply 
nested archive". Is there a setting I can change to avoid that ?

Thanks.

-- 
Nicolas Schmitz

Centre de Ressources Informatiques
Ecole Centrale de Nantes

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Thu Dec  1 09:23:26 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:19 2006
Subject: My RelayDB implementation in perl for MailScanner
Message-ID: <mailman.17353.1137101479.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 01/12/05, Csillag Tamas <cstamas@digitus.itk.ppke.hu> wrote:
> On 11/30, Glenn Steen wrote:
> > On 30/11/05, Csillag Tamas <cstamas@digitus.itk.ppke.hu> wrote:
> > > On 11/30, Csillag Tamas wrote:
> > > ..
> > > > 2. You have to replace (or extend your current) CustomConfig.pm with my attached file.
> > >
> > > Attaching that file is a good idea.
> > >
> > >
> >
> > Looks kind of neat.... If I wasn't restricted by what is legal for a
> > Swedish government agency to do, I might have looked hard on both this
> > and the Vispan auto-blacklist thing .... (I especially like the
> > vindictive quality of this one:-).
>
> That legal thing is interesting...
> Uhm, Thanks :-)

Not really interresting:-). All government agencies in Sweden are
required to be "available to the public", which in the case of email
means we need to take care exactly what measures are applied
automagically... Since we who implement spam and virus filters
typically aren't lawyers, Statskontoret (a kind of
uber-service-office:-) has issued some fairly detailed guidelines on
what we can do, and what we can't... It's still a bit murky in these
waters, but the type of automatic blocking of traffic (no matter the
FP/FN rate) is specifically detailed as a no-no. Sigh.
So for the time being, I can only look upon such schemes ... with longing:-)

>
> > Would you mind typing this into the wiki? Would make a nice addition,
> > I think. It's rather easy to manage, just register and follow Ugos
> > crisp guidelines at
> > http://wiki.mailscanner.info/doku.php?id=documentation:volunteers
>
> http://wiki.mailscanner.info/doku.php?id=documentation:related_software:management:relaydb:description
>

Thank you.
I took the liberty of changing the <code> tag to <code perl> to get
some nice syntax highlighting... Feel free to change it back:-).
(snip)

Cheers
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Thu Dec  1 09:27:27 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:19 2006
Subject: Files hidden in very deeply nested archive
Message-ID: <mailman.17354.1137101479.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----

"Maximum Archive Depth" setting in MailScanner.conf.

On 1 Dec 2005, at 09:12, Nicolas Schmitz wrote:

> Hello,
> I have quite often false positive with "Files hidden in very deeply  
> nested archive". Is there a setting I can change to avoid that ?

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBQ47CAfw32o+k+q+hAQHevAgAh6k78AyF+yysOB1Z2UE5hlXSioUmDsFM
CM7lOIithAj435+pF9+5EOBzwc6qE7ARSL7fxGkjfURVKGQzERn6mjXFMvnrA6Lp
CiLo5tpa104Y+wfV0U3PbXMu7N2mQarsNuRTbbt7/Kcx+8FxkybWxe++tepkwo3w
tvQ7aFE/Uc7hsNfVPFlhkX0PIg7gpjWyR9LbxqzGlud+sj8GoV/8BBjpMTJN00J/
Ly23c0e18hxzXPDrxmCKMXeFVWSLRunvCSBP73VxIuy+UdPqtEh5Vi3W1nHcOJht
skt21NIomjJnTb5lOcAdbGWGOi30NnyKc/vX/b1uIcI2E+MaKiBwMQ==
=j7dd
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Thu Dec  1 09:50:15 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:19 2006
Subject: Mail::ClamAV Install problem
Message-ID: <mailman.17355.1137101479.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 01/12/05, Jon Leeman <technician@cenpac.net.nr> wrote:
> >>Group,
> >>
> >>I have recently installed MS on a Mandrake 10.0 machine from
> >>"install-Clam-SA.tar.gz" and "MailScanner-4.47.4-2.rpm.tar.gz".
> >>
> >>(I have a production MDK 10.0 machine I installed about 7 months ago
> >>running MS 4.40.6 / ClamAV 0.83 /  0.17  Mail::ClamAV.)
> >
> >
> > Why would you stay with dreary ol' 10.0? I've installed exactly this
> > on a LE2005 (10.2) with no problems whatsoever... And will probably
> > move up to 10.3 (2006) when I get a free timeslot or two...:-)
>
> As soon as a friend sends the 10.2 CD's from overseas - ever tried
> downloading the three ISO's via a congested 64 Kbps satellite link ? -
> I'll do a complete re-install.
>

Ah. Avert the horror (Brings back memories from the bad ol' "thin-band" days).
When I went from <64Kbps to c:a 256 was when I started actually
downloading images... And that was entirely painful too, although I
was sooo happy back then... Must have been just after the dinosaurs
checked out:-).
I'm in Sweden, so postage might be a bit steep... But if you cannot
get it from anywhere else (closer by), then give a shout and I'll see
to burning a set for you.

> <snip>
>
>
> > (snip)
> > Do you have any other errors that might pertain to this? That "failed
> > in require" indicate that you can't get hold of the libclamav
> > functions somehow (assuming I read the code correctly:-), one option
> > of which would be for it to fail to build at all...
>
> I came in at about 0400 this morning and did a complete re-install of
> the machine with 10.0 again.  Mail-ClamAV-0.17.tar.gz installed with
> absolutely no problems this time.  I must have screwed something badly
> with the original install.

Lets blame it on sun-spot activities or somesuch then... If the
machine behaves itself hence:-).

> Thanks for your time.

You're welcome.

>
>
> > BTW, you should really update that Clamav install on the "old
> > (working) system" regardless of this problem, since 0.83 will fail to
> > get signature updates (run a "freshclam -v" if you need "proof":).
>
> Thanks for the 'heads up' and I have upgraded.  Just as well I run
> Bitdefender in parallel.
>
> Regards,
>
> Jon [Nauru, Central Pacific]
>
Ah, good.
Now, if you can use one of the other AVs claiming to be free under
certain conditions, or if you have access to some "lenient licensing"
(like a corporate McAfee or a Panda (so that you have access to the
signature updates) or ....), then you might have another that will
work for you when the others are on the blink:-). I run BD, Clamav and
McAfee, and have seen them all be "sole saving factor"... Then again,
if you can't get one and budget is tight, BD and clam in conjunction
with MS filename/type will be good enough.

Cheers
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Thu Dec  1 09:58:26 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:19 2006
Subject: New feature: "Reject Message"
Message-ID: <mailman.17356.1137101479.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 30/11/05, Julian Field <MailScanner@ecs.soton.ac.uk> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> When you want to reject messages to or from a particular address, the
> usual answer is "do it in the MTA". The hazard with this is that the
> rejection message sent back to the sender is very brief and very
> technical. Somewhere in it, the message will probably say "550 Access
> denied" or some equally unhelpful message.
>
> So now there is a "Reject Message" setting which you should use with
> a ruleset. When this evaluates to "yes", then the "Rejection Report"
> message is sent back to the sender, and the message is dropped. If
> you want to archive mail that gets this treatment, then use an equal
> ruleset on the "Archive Mail" setting. The "Rejection Report" can
> also be a ruleset, so you can different reports back to different
> places.
>
> This allows you to produce a readable report instead of the unhelpful
> technical garbage produced by most MTAs.
> - --
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
I can see this feature making sense in the way you describe it, but on
the other hand... The "technical gunk" have some things going for it
too.
- Familiarity (at least for us admin types:-).
- No need for MailScanner to handle the message at all, thus saving
resources (sure, I'm confident you'll implement this in a really lean
way, but still...)
- No need for the MailScanner system to generate the "informed reject
message" and subsequently handle the (sometimes icky) delivery of said
message.

I'm sure smarter persons can come up with better arguments (at least
smarter persons that have had more sleep than I:-).
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Thu Dec  1 10:06:55 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:19 2006
Subject: (OT) Postfix Virtual
Message-ID: <mailman.17357.1137101479.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 01/12/05, Peter Russell <pete@enitech.com.au> wrote:
> Many thanks again for your help i really appreciate it.
>
> I have run out of time so i simply need to build the maps manually and
> come back to them later to automate and simply.
>
> As i will building them manually (mail merge) I think i will do
> something simple like;
>
> /pete@.*domain1.tld/ pete1@domain3.tld
>
> This should handle any subs for domain1 ?
>
> Thanks again
> Pete
>
Yes, although I'd really recommend that you make it a bit more specific:

/^pete@.*domain1\.tld/ pete1@domain3.tld

the "^" to anchor the test at the begining of the address tested
(makes the RE faster, and less prone to errors, like matching both
"pete" and "compete"), whic the "\." is a literal dot (instead of a
dot matching any character).

Hope this works out well for you.
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Thu Dec  1 10:16:51 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:19 2006
Subject: MailScanner ANNOUNCE: 4.48 released
Message-ID: <mailman.17358.1137101479.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----

I have just released the December version of MailScanner, version 4.48.

Download it as usual from www.mailscanner.info

The major new features this month are:

- - The way spam.assassin.prefs.conf is used has changed.
   **You don't have to worry about this, the install.sh scripts  
handle it all for you.**
   The file used to be effectively read by MailScanner specially as  
SpamAssassin starts up, but there have been various problems with  
this as it breaks the rules on what SpamAssassin settings can be in  
what files. The file is now linked into the SpamAssassin directories  
(/etc/mail/spamassassin on most Linux, for example). It is no longer  
read specially by MailScanner, it is just read by SpamAssassin as  
part of its normal startup.

- - There is a new "Reject Message" configuration option that can cause  
some messages to be rejected and a rejection report sent back to the  
original sender of the message. This is designed to be used with a  
ruleset. Although you can easily configure your MTA (sendmail,  
Postfix, etc) to do this for you, you only have 1 line to use as the  
error message. Doing it in MailScanner allows you to send back a  
polite well-formatted message that can explain to the sender what  
happened and why. There is a matching "Rejection Report" setting that  
will set the name and location of the report sent to the sender.

The full Change Log is this:

* New Features and Improvements *
- - Added a new configuration option "Reject Message". This is designed  
to be
   used with a ruleset. Any message matching the ruleset will be  
deleted and
   the "rejection.report.txt" email message will be sent back to the  
original
   sender of the offending message. To save a copy of the message as  
well as
   reject it, use the "Archive Mail" setting.
- - Rearranged SpamAssassin spam.assassin.prefs.conf file, it is now  
read by
   SpamAssassin via a link called "mailscanner.cf" in the site_rules  
directory.
   It is no longer read directly by MailScanner, it is just read by  
Spam-
   Assassin during its normal initialisation process.
- - Enabled blocking of messages containing web bugs. Note this may  
have some
   false alarms, as a web bug is any image of 2x2 or smaller.
- - Improved ClamAVmodule scanning by adding new suggestions from  
ClamAV author.
- - Changed ClamAV parser to not generate warning output when it sees  
lines it
   wasn't expected, as there are so many false positives that no-one  
ever
   looks at them anyway.
- - Improved Sophos wrapper script to allow for EM library installations.
   No support for Sophos V5.0 yet.
- - Upgraded ClamAV to 0.87.1.
- - Added HTML::Parser to the list of Perl modules installed by my  
ClamAV+SA
   package so it can be used separately from MailScanner, without  
needing
   MailScanner to be installed first.
- - Improved Clam+SA package and other installation scripts to create  
the soft-
   link whenever possible.
- - Rewritten comments at the top of spam.assassin.prefs.conf.
- - Speed improvement changing &POSIX::WNOHANG to WNOHANG in sub Explode.

* Fixes *
- - Added "report-type" MIME attribute to spam notification multipart/ 
report
   messages as the RFC says it should be there, and this lacking  
caused a
   problem in a few email apps. Thanks for Georg@hackt.net for this.
- - Added missing ", 0777" from mkdir call in internal TNEF code.
- - Fixed startup problems reading rulesets from LDAP on first message  
batch.
- - Subject lines are all MIME-decoded properly now.

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBQ47Nlfw32o+k+q+hAQEnvwf9GR1dMgqFLSkMjpOJl1zAbLC9A7guGibk
ZCWQ8bUjdDA3I5+QrtQWUOK6NaCqVqP+TFgOd4/ZNgr/qEeIaRU6q38wYja1ihrx
yn0QTFLh99T1Bo307YHZQPOrdP3koPom6zKhqTGJT4EX+2ORU7WNN28r5OAR3MVl
tb37/6QZcDc9+kw8d/rFU6RgYeyLeEmHTovuEjMnPGbZY9NKsWy5ydnJxznqoIpx
5JMtQhHUUENa+/tTjtjq38wDrXTHQ5LdtDJOSuvj10iWTbhjtA/aRSbOjwKhaUpN
LxhWDFOv2dJx9uiWPj+2BQ8UEuwV43PVwcMoX0qLctrdI68zM3iKkA==
=Rf9n
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Thu Dec  1 10:16:51 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:20 2006
Subject: MailScanner ANNOUNCE: 4.48 released
Message-ID: <mailman.17359.1137101479.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----

I have just released the December version of MailScanner, version 4.48.

Download it as usual from www.mailscanner.info

The major new features this month are:

- - The way spam.assassin.prefs.conf is used has changed.
   **You don't have to worry about this, the install.sh scripts  
handle it all for you.**
   The file used to be effectively read by MailScanner specially as  
SpamAssassin starts up, but there have been various problems with  
this as it breaks the rules on what SpamAssassin settings can be in  
what files. The file is now linked into the SpamAssassin directories  
(/etc/mail/spamassassin on most Linux, for example). It is no longer  
read specially by MailScanner, it is just read by SpamAssassin as  
part of its normal startup.

- - There is a new "Reject Message" configuration option that can cause  
some messages to be rejected and a rejection report sent back to the  
original sender of the message. This is designed to be used with a  
ruleset. Although you can easily configure your MTA (sendmail,  
Postfix, etc) to do this for you, you only have 1 line to use as the  
error message. Doing it in MailScanner allows you to send back a  
polite well-formatted message that can explain to the sender what  
happened and why. There is a matching "Rejection Report" setting that  
will set the name and location of the report sent to the sender.

The full Change Log is this:

* New Features and Improvements *
- - Added a new configuration option "Reject Message". This is designed  
to be
   used with a ruleset. Any message matching the ruleset will be  
deleted and
   the "rejection.report.txt" email message will be sent back to the  
original
   sender of the offending message. To save a copy of the message as  
well as
   reject it, use the "Archive Mail" setting.
- - Rearranged SpamAssassin spam.assassin.prefs.conf file, it is now  
read by
   SpamAssassin via a link called "mailscanner.cf" in the site_rules  
directory.
   It is no longer read directly by MailScanner, it is just read by  
Spam-
   Assassin during its normal initialisation process.
- - Enabled blocking of messages containing web bugs. Note this may  
have some
   false alarms, as a web bug is any image of 2x2 or smaller.
- - Improved ClamAVmodule scanning by adding new suggestions from  
ClamAV author.
- - Changed ClamAV parser to not generate warning output when it sees  
lines it
   wasn't expected, as there are so many false positives that no-one  
ever
   looks at them anyway.
- - Improved Sophos wrapper script to allow for EM library installations.
   No support for Sophos V5.0 yet.
- - Upgraded ClamAV to 0.87.1.
- - Added HTML::Parser to the list of Perl modules installed by my  
ClamAV+SA
   package so it can be used separately from MailScanner, without  
needing
   MailScanner to be installed first.
- - Improved Clam+SA package and other installation scripts to create  
the soft-
   link whenever possible.
- - Rewritten comments at the top of spam.assassin.prefs.conf.
- - Speed improvement changing &POSIX::WNOHANG to WNOHANG in sub Explode.

* Fixes *
- - Added "report-type" MIME attribute to spam notification multipart/ 
report
   messages as the RFC says it should be there, and this lacking  
caused a
   problem in a few email apps. Thanks for Georg@hackt.net for this.
- - Added missing ", 0777" from mkdir call in internal TNEF code.
- - Fixed startup problems reading rulesets from LDAP on first message  
batch.
- - Subject lines are all MIME-decoded properly now.

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBQ47Nlfw32o+k+q+hAQEnvwf9GR1dMgqFLSkMjpOJl1zAbLC9A7guGibk
ZCWQ8bUjdDA3I5+QrtQWUOK6NaCqVqP+TFgOd4/ZNgr/qEeIaRU6q38wYja1ihrx
yn0QTFLh99T1Bo307YHZQPOrdP3koPom6zKhqTGJT4EX+2ORU7WNN28r5OAR3MVl
tb37/6QZcDc9+kw8d/rFU6RgYeyLeEmHTovuEjMnPGbZY9NKsWy5ydnJxznqoIpx
5JMtQhHUUENa+/tTjtjq38wDrXTHQ5LdtDJOSuvj10iWTbhjtA/aRSbOjwKhaUpN
LxhWDFOv2dJx9uiWPj+2BQ8UEuwV43PVwcMoX0qLctrdI68zM3iKkA==
=Rf9n
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Thu Dec  1 10:16:51 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:20 2006
Subject: MailScanner ANNOUNCE: 4.48 released
Message-ID: <mailman.17360.1137101480.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----

I have just released the December version of MailScanner, version 4.48.

Download it as usual from www.mailscanner.info

The major new features this month are:

- - The way spam.assassin.prefs.conf is used has changed.
   **You don't have to worry about this, the install.sh scripts  
handle it all for you.**
   The file used to be effectively read by MailScanner specially as  
SpamAssassin starts up, but there have been various problems with  
this as it breaks the rules on what SpamAssassin settings can be in  
what files. The file is now linked into the SpamAssassin directories  
(/etc/mail/spamassassin on most Linux, for example). It is no longer  
read specially by MailScanner, it is just read by SpamAssassin as  
part of its normal startup.

- - There is a new "Reject Message" configuration option that can cause  
some messages to be rejected and a rejection report sent back to the  
original sender of the message. This is designed to be used with a  
ruleset. Although you can easily configure your MTA (sendmail,  
Postfix, etc) to do this for you, you only have 1 line to use as the  
error message. Doing it in MailScanner allows you to send back a  
polite well-formatted message that can explain to the sender what  
happened and why. There is a matching "Rejection Report" setting that  
will set the name and location of the report sent to the sender.

The full Change Log is this:

* New Features and Improvements *
- - Added a new configuration option "Reject Message". This is designed  
to be
   used with a ruleset. Any message matching the ruleset will be  
deleted and
   the "rejection.report.txt" email message will be sent back to the  
original
   sender of the offending message. To save a copy of the message as  
well as
   reject it, use the "Archive Mail" setting.
- - Rearranged SpamAssassin spam.assassin.prefs.conf file, it is now  
read by
   SpamAssassin via a link called "mailscanner.cf" in the site_rules  
directory.
   It is no longer read directly by MailScanner, it is just read by  
Spam-
   Assassin during its normal initialisation process.
- - Enabled blocking of messages containing web bugs. Note this may  
have some
   false alarms, as a web bug is any image of 2x2 or smaller.
- - Improved ClamAVmodule scanning by adding new suggestions from  
ClamAV author.
- - Changed ClamAV parser to not generate warning output when it sees  
lines it
   wasn't expected, as there are so many false positives that no-one  
ever
   looks at them anyway.
- - Improved Sophos wrapper script to allow for EM library installations.
   No support for Sophos V5.0 yet.
- - Upgraded ClamAV to 0.87.1.
- - Added HTML::Parser to the list of Perl modules installed by my  
ClamAV+SA
   package so it can be used separately from MailScanner, without  
needing
   MailScanner to be installed first.
- - Improved Clam+SA package and other installation scripts to create  
the soft-
   link whenever possible.
- - Rewritten comments at the top of spam.assassin.prefs.conf.
- - Speed improvement changing &POSIX::WNOHANG to WNOHANG in sub Explode.

* Fixes *
- - Added "report-type" MIME attribute to spam notification multipart/ 
report
   messages as the RFC says it should be there, and this lacking  
caused a
   problem in a few email apps. Thanks for Georg@hackt.net for this.
- - Added missing ", 0777" from mkdir call in internal TNEF code.
- - Fixed startup problems reading rulesets from LDAP on first message  
batch.
- - Subject lines are all MIME-decoded properly now.

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBQ47Nlfw32o+k+q+hAQEnvwf9GR1dMgqFLSkMjpOJl1zAbLC9A7guGibk
ZCWQ8bUjdDA3I5+QrtQWUOK6NaCqVqP+TFgOd4/ZNgr/qEeIaRU6q38wYja1ihrx
yn0QTFLh99T1Bo307YHZQPOrdP3koPom6zKhqTGJT4EX+2ORU7WNN28r5OAR3MVl
tb37/6QZcDc9+kw8d/rFU6RgYeyLeEmHTovuEjMnPGbZY9NKsWy5ydnJxznqoIpx
5JMtQhHUUENa+/tTjtjq38wDrXTHQ5LdtDJOSuvj10iWTbhjtA/aRSbOjwKhaUpN
LxhWDFOv2dJx9uiWPj+2BQ8UEuwV43PVwcMoX0qLctrdI68zM3iKkA==
=Rf9n
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner-announce' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From pete at ENITECH.COM.AU  Thu Dec  1 12:02:51 2005
From: pete at ENITECH.COM.AU (Pete Russell)
Date: Thu Jan 12 21:31:20 2006
Subject: (OT) Postfix Virtual
Message-ID: <mailman.17361.1137101480.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Glenn Steen wrote:
> On 01/12/05, Peter Russell <pete@enitech.com.au> wrote:
> 
>>Many thanks again for your help i really appreciate it.
>>
>>I have run out of time so i simply need to build the maps manually and
>>come back to them later to automate and simply.
>>
>>As i will building them manually (mail merge) I think i will do
>>something simple like;
>>
>>/pete@.*domain1.tld/ pete1@domain3.tld
>>
>>This should handle any subs for domain1 ?
>>
>>Thanks again
>>Pete
>>
> 
> Yes, although I'd really recommend that you make it a bit more specific:
> 
> /^pete@.*domain1\.tld/ pete1@domain3.tld
> 
> the "^" to anchor the test at the begining of the address tested
> (makes the RE faster, and less prone to errors, like matching both
> "pete" and "compete"), whic the "\." is a literal dot (instead of a
> dot matching any character).
> 
> Hope this works out well for you.
> --
> -- Glenn
> email: glenn < dot > steen < at > gmail < dot > com
> work: glenn < dot > steen < at > ap1 < dot > se

Thanks again i will follow your recomendations. I am moving the services 
for these domains tomorrow, and will test it then.

Many thanks for your help
Pete

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mailscanner at BARENDSE.TO  Thu Dec  1 12:28:51 2005
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:31:20 2006
Subject: Why is MS doing spam checks first?
Message-ID: <mailman.17362.1137101480.24926.mailscanner@lists.mailscanner.info>

I am getting flooded with these stupid "you visit illegal websites" crap 
as well as the login/pass scam mails

All are about 75 Kb in size and contain a zip file with an .exe

The body of those mails is almost empty, there is just this one zip file.

Still it is causing my mailserver to overflow and spamass starts to time 
out

I would assume the zipfiles contain a virus / trojan, but why isn't MS 
doing virus and filename checks first? It would save a lot of cpu cycles 
on spamass which is putting more and more mail servers to a grinding halt

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dh at UPTIME.AT  Thu Dec  1 12:35:40 2005
From: dh at UPTIME.AT (David H.)
Date: Thu Jan 12 21:31:20 2006
Subject: Why is MS doing spam checks first?
Message-ID: <mailman.17363.1137101480.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "UTF-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Remco Barendse wrote:
> I am getting flooded with these stupid "you visit illegal websites" crap
> as well as the login/pass scam mails
> 
> All are about 75 Kb in size and contain a zip file with an .exe
> 
> The body of those mails is almost empty, there is just this one zip file.
> 
> Still it is causing my mailserver to overflow and spamass starts to time
> out
> 
> I would assume the zipfiles contain a virus / trojan, but why isn't MS
> doing virus and filename checks first? It would save a lot of cpu cycles

I am sorry to be an ass. But this has been discussed over and over again,
please check the archives of this mailing list and you shall be answered in
abundance :)

-d

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From drew at THEMARSHALLS.CO.UK  Thu Dec  1 12:40:33 2005
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:31:20 2006
Subject: (OT) Postfix Virtual
Message-ID: <mailman.17364.1137101480.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On Wed, November 30, 2005 00:40, Peter Russell wrote:
> Hi there, this is slightly OT question about postfix virtual alias
> maps/domains.
>
> We have a Domino network that we no longer to receive mail, all
> forwarded to an Exchange environment.
>
> Domino had 2 domains names for each username. So user1@domain1.com and
> user1@domain2.com mail was delivered to the same mailbox.
>
> Now i will to use Postfix on my mailscanner gateway to redirect either
> of those examples to a third domain. eg
>
> virtual_alias_map
> user1@domain2.com, user1@domain2.com	user2@domain3.com
>
> But since user1 is the same for 2 domains, is there any easy way to do
> this without specifying the 2 domains for each entry? So any mail for
> domain1.com or domain2.com lookup the same alias map, eg
>
> user1	user2@domain3.com

Here is another way to look at this (Other than using virtual maps).

How about using alias maps on the local side as opposed to virtual?

Let me explain further. In the aliases file is a list of local users and
where their addresses alias to. Now from Postfix's perspective any domain
listed as local in main.cf will use this database to check aliases and
user maps, so if you create one list for example:

pete:    pete@exchange.domain.com

(Don't forget to run newaliases) and then modify main.cf to list your
incoming domains (All of them) as local in main.cf. All you then need to
do is modify your transport map file like:

exchange.domain.com    smtp:[exchange.ip.add.ress]

and postmap the transport file.

This will tell Postfix to alias all mail addressed to pete@<domains listed
as local> to pete@exchange.domain.com, MailScanner will do it's bit and
then the transport map will tell the delivery agent where to direct mail
to exchange.domain.com.

Doing it this way you may even be able to extract the users from AD and
add them to the aliases file automatically.

My 2p anyway

Drew


-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Thu Dec  1 13:08:20 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:20 2006
Subject: (OT) Postfix Virtual
Message-ID: <mailman.17365.1137101480.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 01/12/05, Drew Marshall <drew@themarshalls.co.uk> wrote:
> On Wed, November 30, 2005 00:40, Peter Russell wrote:
> > Hi there, this is slightly OT question about postfix virtual alias
> > maps/domains.
> >
> > We have a Domino network that we no longer to receive mail, all
> > forwarded to an Exchange environment.
> >
> > Domino had 2 domains names for each username. So user1@domain1.com and
> > user1@domain2.com mail was delivered to the same mailbox.
> >
> > Now i will to use Postfix on my mailscanner gateway to redirect either
> > of those examples to a third domain. eg
> >
> > virtual_alias_map
> > user1@domain2.com, user1@domain2.com  user2@domain3.com
> >
> > But since user1 is the same for 2 domains, is there any easy way to do
> > this without specifying the 2 domains for each entry? So any mail for
> > domain1.com or domain2.com lookup the same alias map, eg
> >
> > user1 user2@domain3.com
>
> Here is another way to look at this (Other than using virtual maps).
>
> How about using alias maps on the local side as opposed to virtual?
>
> Let me explain further. In the aliases file is a list of local users and
> where their addresses alias to. Now from Postfix's perspective any domain
> listed as local in main.cf will use this database to check aliases and
> user maps, so if you create one list for example:
>
> pete:    pete@exchange.domain.com
>
> (Don't forget to run newaliases) and then modify main.cf to list your
> incoming domains (All of them) as local in main.cf. All you then need to
> do is modify your transport map file like:
>
> exchange.domain.com    smtp:[exchange.ip.add.ress]
>
> and postmap the transport file.
>
> This will tell Postfix to alias all mail addressed to pete@<domains listed
> as local> to pete@exchange.domain.com, MailScanner will do it's bit and
> then the transport map will tell the delivery agent where to direct mail
> to exchange.domain.com.
>
> Doing it this way you may even be able to extract the users from AD and
> add them to the aliases file automatically.
>
> My 2p anyway
>
> Drew
>

That is simply a lovely solution. Go with that if you can Pete, would
likely be a faster solution (and simpler to "script around", in some
ways, if you do that for admin ease).
Now, why didn't I think of that:-)

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From pete at ENITECH.COM.AU  Thu Dec  1 13:13:59 2005
From: pete at ENITECH.COM.AU (Pete Russell)
Date: Thu Jan 12 21:31:20 2006
Subject: (OT) Postfix Virtual
Message-ID: <mailman.17366.1137101480.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

> 
> Here is another way to look at this (Other than using virtual maps).
> 
> How about using alias maps on the local side as opposed to virtual?
> 
> Let me explain further. In the aliases file is a list of local users and
> where their addresses alias to. Now from Postfix's perspective any domain
> listed as local in main.cf will use this database to check aliases and
> user maps, so if you create one list for example:
> 
> pete:    pete@exchange.domain.com
> 
> (Don't forget to run newaliases) and then modify main.cf to list your
> incoming domains (All of them) as local in main.cf. All you then need to
> do is modify your transport map file like:
> 
> exchange.domain.com    smtp:[exchange.ip.add.ress]
> 
> and postmap the transport file.
> 
> This will tell Postfix to alias all mail addressed to pete@<domains listed
> as local> to pete@exchange.domain.com, MailScanner will do it's bit and
> then the transport map will tell the delivery agent where to direct mail
> to exchange.domain.com.
> 
> Doing it this way you may even be able to extract the users from AD and
> add them to the aliases file automatically.
> 
> My 2p anyway
> 
> Drew
> 

Thanks for your response, only draw back is that i have half a dozen 
domains on these machines now, some already virtual and therefore i 
would have no way of seperating the duplicates?

The 2 new domains in my example, the address books are Lotus Domino on 
NT4 - so LDAP only, which i currently query with perl to build recipient 
maps (which cuts 50%+ of mail off at helo :), i also query AD for a 
couple of domains. I am modifying one of these scripts to build my maps 
automatically, but i am running behind, at this time i just need to 
decom one Domino server that currently does the aliasing.

I will use Glenn's example /^pete@.*domain1\.tld/ pete1@domain3.tld for 
the format of the map and make them manually doing view exports from the 
NAB and mail merge for tomorrow :)

Thanks very much for your advice, much appreciated
Pete

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From drew at THEMARSHALLS.CO.UK  Thu Dec  1 13:32:45 2005
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:31:20 2006
Subject: (OT) Postfix Virtual
Message-ID: <mailman.17367.1137101480.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On Thu, December 1, 2005 13:13, Pete Russell wrote:
> Thanks for your response, only draw back is that i have half a dozen
> domains on these machines now, some already virtual and therefore i
> would have no way of seperating the duplicates?

No worries but I am confused by your duplicates problem. If the user is
currently listed in a virtual domain, just remove that domain from the
virtual list in main.cf and add it to the local domain list, or have I
totally missed the mark?

>
> The 2 new domains in my example, the address books are Lotus Domino on
> NT4 - so LDAP only, which i currently query with perl to build recipient
> maps (which cuts 50%+ of mail off at helo :), i also query AD for a
> couple of domains. I am modifying one of these scripts to build my maps
> automatically, but i am running behind, at this time i just need to
> decom one Domino server that currently does the aliasing.
>
> I will use Glenn's example /^pete@.*domain1\.tld/ pete1@domain3.tld for
> the format of the map and make them manually doing view exports from the
> NAB and mail merge for tomorrow :)

Good luck! Hope it all goes well.
>
> Thanks very much for your advice, much appreciated

No worries.

Drew



-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From support-lists at PETDOCTORS.CO.UK  Thu Dec  1 13:46:39 2005
From: support-lists at PETDOCTORS.CO.UK (Nigel kendrick)
Date: Thu Jan 12 21:31:20 2006
Subject: MailScanner ANNOUNCE: 4.48 released
Message-ID: <mailman.17368.1137101480.24926.mailscanner@lists.mailscanner.info>

Dec  1 13:44:29 chichester MailScanner[12403]: MailScanner E-Mail Virus
Scanner version 4.48.4 starting... 
Dec  1 13:44:29 chichester MailScanner[12403]: Syntax error(s) in
configuration file: 
Dec  1 13:44:29 chichester MailScanner[12403]: Unrecognised keyword
"spamassassinprefsfile" at line 1399 
Dec  1 13:44:29 chichester MailScanner[12403]: Aborting due to syntax errors
in /etc/MailScanner/MailScanner.conf. 

??

Nigel

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Thu Dec  1 13:57:25 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:20 2006
Subject: MailScanner ANNOUNCE: 4.48 released
Message-ID: <mailman.17369.1137101480.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----

Did you run upgrade_MailScanner_conf ?

On 1 Dec 2005, at 13:46, Nigel kendrick wrote:

> Dec  1 13:44:29 chichester MailScanner[12403]: MailScanner E-Mail  
> Virus
> Scanner version 4.48.4 starting...
> Dec  1 13:44:29 chichester MailScanner[12403]: Syntax error(s) in
> configuration file:
> Dec  1 13:44:29 chichester MailScanner[12403]: Unrecognised keyword
> "spamassassinprefsfile" at line 1399
> Dec  1 13:44:29 chichester MailScanner[12403]: Aborting due to  
> syntax errors
> in /etc/MailScanner/MailScanner.conf.
>
> ??

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBQ48BR/w32o+k+q+hAQGFWwgAl4W6fa+v6UHSOgZitqCYjkAob/0yHsEf
GvEQGVaITRnO9ohSECI6XAPcipsmQ4Z9b54W8h/yEpiq496+gTZXx6kM6UQSZVW2
6sd8ufkjJ4JD33ZGDKcAwjghAhQhB6mYmAIxAsliEsey065HNOOVAtkVZ1M21GkZ
v8puRsARwmIiou9k1LVg4t4P6FLZ3r5nAjbwfa4OSzhu/hakPY4YF5nyW5hAf2iv
26iAm47kJjiW5MNos8jpDcem1UN/ImirYY2LaBOPnsDmpM5wNcQk+kFJBYI2lVV2
EDBH7SYDI486N9F7cwebk9pBRrOvnJwkWdupWlsdC/T3Vu3lFlGTAA==
=At8I
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From martinh at SOLID-STATE-LOGIC.COM  Thu Dec  1 13:58:34 2005
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:31:20 2006
Subject: MailScanner ANNOUNCE: 4.48 released
Message-ID: <mailman.17370.1137101480.24926.mailscanner@lists.mailscanner.info>

Looks like you've not upgrade properly.

That setting was commented out when I ran the upgrade_MailScanner_conf
script.

How did you upgrade?

--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Nigel kendrick
> Sent: 01 December 2005 13:47
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: [MAILSCANNER] MailScanner ANNOUNCE: 4.48 released
> 
> Dec  1 13:44:29 chichester MailScanner[12403]: MailScanner E-Mail Virus
> Scanner version 4.48.4 starting...
> Dec  1 13:44:29 chichester MailScanner[12403]: Syntax error(s) in
> configuration file:
> Dec  1 13:44:29 chichester MailScanner[12403]: Unrecognised keyword
> "spamassassinprefsfile" at line 1399
> Dec  1 13:44:29 chichester MailScanner[12403]: Aborting due to syntax
> errors
> in /etc/MailScanner/MailScanner.conf.
> 
> ??
> 
> Nigel
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mailscanner at BARENDSE.TO  Thu Dec  1 14:06:07 2005
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:31:20 2006
Subject: Why is MS doing spam checks first?
Message-ID: <mailman.17371.1137101480.24926.mailscanner@lists.mailscanner.info>

On Thu, 1 Dec 2005, David H. wrote:

> Remco Barendse wrote:
>> I am getting flooded with these stupid "you visit illegal websites" crap
>> as well as the login/pass scam mails
>>
>> All are about 75 Kb in size and contain a zip file with an .exe
>>
>> The body of those mails is almost empty, there is just this one zip file.
>>
>> Still it is causing my mailserver to overflow and spamass starts to time
>> out
>>
>> I would assume the zipfiles contain a virus / trojan, but why isn't MS
>> doing virus and filename checks first? It would save a lot of cpu cycles
>
> I am sorry to be an ass. But this has been discussed over and over again,
> please check the archives of this mailing list and you shall be answered in
> abundance :)

You are excused ;)

But I think that the last few months SpamAss has turned out to be more of 
a cpu+mem hog than any other check you would be doing on an e-mail.

I think that any virusscanner will have scanned the average message in 
less than half a second wheras SpamAss is taking several seconds at least

Sorry if my message was unclear but maybe it's time to switch priorities?


Thanks!!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ebruce at HPMICH.COM  Thu Dec  1 14:13:59 2005
From: ebruce at HPMICH.COM (Ed Bruce)
Date: Thu Jan 12 21:31:20 2006
Subject: Why is MS doing spam checks first?
Message-ID: <mailman.17372.1137101480.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Remco Barendse wrote:
>
> You are excused ;)
>
> But I think that the last few months SpamAss has turned out to be more 
> of a cpu+mem hog than any other check you would be doing on an e-mail.
>
> I think that any virusscanner will have scanned the average message in 
> less than half a second wheras SpamAss is taking several seconds at least
>
> Sorry if my message was unclear but maybe it's time to switch priorities?

But its still true that the majority of the email we receive is spam. 
I'm guessing this is still true for the majority of users of MS.

But I would prefer, for personal reasons, to have virus scanning first.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Thu Dec  1 14:15:16 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:20 2006
Subject: Why is MS doing spam checks first?
Message-ID: <mailman.17373.1137101480.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----


On 1 Dec 2005, at 14:06, Remco Barendse wrote:

> On Thu, 1 Dec 2005, David H. wrote:
>
>> Remco Barendse wrote:
>>> I am getting flooded with these stupid "you visit illegal  
>>> websites" crap
>>> as well as the login/pass scam mails
>>>
>>> All are about 75 Kb in size and contain a zip file with an .exe
>>>
>>> The body of those mails is almost empty, there is just this one  
>>> zip file.
>>>
>>> Still it is causing my mailserver to overflow and spamass starts  
>>> to time
>>> out
>>>
>>> I would assume the zipfiles contain a virus / trojan, but why  
>>> isn't MS
>>> doing virus and filename checks first? It would save a lot of cpu  
>>> cycles
>>
>> I am sorry to be an ass. But this has been discussed over and over  
>> again,
>> please check the archives of this mailing list and you shall be  
>> answered in
>> abundance :)
>
> You are excused ;)
>
> But I think that the last few months SpamAss has turned out to be  
> more of a cpu+mem hog than any other check you would be doing on an  
> e-mail.
>
> I think that any virusscanner will have scanned the average message  
> in less than half a second wheras SpamAss is taking several seconds  
> at least
>
> Sorry if my message was unclear but maybe it's time to switch  
> priorities?

This old chestnut...

What is most of your mail? Spam. So what should you reject first? Spam.
Rejecting viruses first only reduces your mail by about 2%, leaving  
98% to be spam checked. Which makes virtually no difference to your  
load whatsoever.
Rejecting spam first reduces your mail by about 70%, leaving only 30%  
to be virus checked and all the other tests. Which makes considerably  
more difference.

That's all there is to it. Do tests in decreasing order of effect.
- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBQ48Fdvw32o+k+q+hAQEf3wgApeD4GgBQvAPvTwSLRwIaUIsaeE71YC9l
BcdwBerrr6/oFDdL5uuNSogiJcG7sshzqxiEY8ked8SyZzv5FBB2PjxSUtSrRcUn
GAJsMZ7lRS51VrwNmeKpotKORRLCcfZMJVig0AOqKlpK3YaNUg8itnvfVh/2dQD9
8wV5p/zvMmV7QNlQ28XpUrqA0fSPXk4XuTa0PIEkZIH3MzVq01UsSaBr5C5lHP3T
e6dh3whku0ku2sasnoasOjdV23MKumQHEvALix7k8OWG8aA8pDi8uEYVWEFL3Z0W
YcK34DI+OQbY+yHNomTgkfw4PEPo3So8nRxRDtrQAN+qLJE3DmizCg==
=ATH+
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From bpumphrey at WOODMACLAW.COM  Thu Dec  1 14:59:00 2005
From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey)
Date: Thu Jan 12 21:31:20 2006
Subject: Blocking sexually explicit material...
Message-ID: <mailman.17374.1137101480.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Roger Poore
> Sent: Wednesday, November 30, 2005 6:52 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Blocking sexually explicit material...
> 
> > That will not work. I did not say /etc/mail/mailscanner. I said
> > /etc/mail/spamassassin/. This is a spamassassin rulefile, not a
> > mailscanner file.
> 
> Typo on my part. I meant /etc/mail/spamassassin
> 
> Thanks again for your help.
> 

To add...
I have DCC, Razer, and pyzor

Here are what rules that I have:
In /usr/share/spamassassin (I think I am correct in saying that these
are the default rules)
[root@WoodenMS spamassassin]# ls
10_misc.cf             20_phrases.cf        30_text_fr.cf
20_anti_ratware.cf     20_porn.cf           30_text_nl.cf
20_body_tests.cf       20_ratware.cf        30_text_pl.cf
20_compensate.cf       20_uri_tests.cf      50_scores.cf
20_dnsbl_tests.cf      23_bayes.cf          60_whitelist.cf
20_drugs.cf            25_body_tests_es.cf  languages
20_fake_helo_tests.cf  25_hashcash.cf       triplets.txt
20_head_tests.cf       25_spf.cf            user_prefs.template
20_html_tests.cf       25_uribl.cf
20_meta_tests.cf       30_text_de.cf

In /etc/mail/spamassassin
[root@WoodenMS spamassassin]# ls
70_sare_adult.cf             71_sare_bml_pre25x.cf
70_sare_bayes_poison_nxm.cf  72_sare_bml_post25x.cf
70_sare_evilnum0.cf          72_sare_redirect_post3.0.0.cf
70_sare_evilnum1.cf          99_sare_fraud_post25x.cf
70_sare_evilnum2.cf          99_sare_fraud_pre25x.cf
70_sare_header.cf            antidrug.cf
70_sare_html0.cf             bogus-virus-warnings.cf
70_sare_html.cf              chickenpox.cf
70_sare_obfu0.cf             german.cf
70_sare_oem.cf               init.pre
70_sare_random.cf            local.cf.saved
70_sare_ratware.cf           mime_validate.cf
70_sare_specific.cf          random.cf
70_sare_spoof.cf             RulesDuJour
70_sare_uri0.cf              spamassassin-default.rc
70_sare_uri1.cf              spamassassin-helper.sh
70_sare_uri3.cf              spamassassin-spamc.rc
70_sare_uri_arc.cf           tripwire.cf
70_sare_uri_eng.cf

Notice the RulesDuJour directory above, in that directory there is:

[root@WoodenMS RulesDuJour]# ls
70_sare_adult.cf
70_sare_specific.cf.20050528-0215
70_sare_adult.cf.2
70_sare_specific.cf.20050602-0212
70_sare_bayes_poison_nxm.cf
70_sare_specific.cf.20050923-0135
70_sare_bayes_poison_nxm.cf.20050602-0212
70_sare_specific.cf.20051002-0157
70_sare_evilnum0.cf
70_sare_specific.cf.20051014-0207
70_sare_evilnum0.cf.20051006-0132
70_sare_specific.cf.20051120-0205
70_sare_evilnum1.cf
70_sare_specific.cf.20051125-0213
70_sare_evilnum2.cf
70_sare_specific.cf.20051126-0131
70_sare_header.cf                          70_sare_spoof.cf
70_sare_header.cf.20050523-0134
70_sare_spoof.cf.20050527-0134
70_sare_header.cf.20050527-0134
70_sare_spoof.cf.20050602-0212
70_sare_header.cf.20050602-0212
70_sare_spoof.cf.20050921-0209
70_sare_header.cf.20050612-0128
70_sare_spoof.cf.20050930-0203
70_sare_header.cf.20050809-0221
70_sare_spoof.cf.20051006-0132
70_sare_header.cf.20051031-0209
70_sare_spoof.cf.20051013-0133
70_sare_html.cf
70_sare_spoof.cf.20051026-0220
70_sare_html.cf.20050602-0212
70_sare_spoof.cf.20051102-0201
70_sare_html.cf.20050605-0225
70_sare_spoof.cf.20051103-0212
70_sare_html.cf.20050703-0215
70_sare_spoof.cf.20051115-0202
70_sare_html.cf.20051006-0132
70_sare_spoof.cf.20051119-0129
70_sare_oem.cf                             71_sare_bml_pre25x.cf
70_sare_oem.cf.20050602-0212               72_sare_bml_post25x.cf
70_sare_oem.cf.20051013-0133               72_sare_bml_post25x.cf.2
70_sare_oem.cf.20051026-0220               72_sare_redirect_post3.0.0.cf
70_sare_oem.cf.20051101-0128               99_FVGT_Tripwire.cf
70_sare_oem.cf.20051102-0201               99_sare_fraud_post25x.cf
70_sare_oem.cf.20051104-0209               99_sare_fraud_post25x.cf.2
70_sare_random.cf                          99_sare_fraud_pre25x.cf
70_sare_random.cf.20050528-0215            antidrug.cf
70_sare_random.cf.20050602-0212            bigevil.cf
70_sare_random.cf.20051015-0206            bigevil.cf.2
70_sare_random.cf.20051026-0220            blacklist.cf.20050711-1334
70_sare_random.cf.20051101-0128            bogus-virus-warnings.cf
70_sare_random.cf.20051126-0131            random.current.cf
70_sare_ratware.cf                         rules_du_jour
70_sare_specific.cf                        sa-blacklist.current
70_sare_specific.cf.20050526-0206          sa-blacklist.current.uri.cf
70_sare_specific.cf.20050527-0134          tripwire.cf.20050602-0212





Seems like a ton of rules.  



I do not know really what percentage of spam gets through, but I see it
doing really good.

I actively seen and was told by the user that this helped a great
deal....
We have Microsoft Exchange
I had her put her spam that she got into a certain folder so that I
could 	feed bayes with it
I feed bayes with it and her spam dramatically dropped in a few months.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From support-lists at PETDOCTORS.CO.UK  Thu Dec  1 14:43:20 2005
From: support-lists at PETDOCTORS.CO.UK (Nigel kendrick)
Date: Thu Jan 12 21:31:20 2006
Subject: MailScanner ANNOUNCE: 4.48 released
Message-ID: <mailman.17375.1137101480.24926.mailscanner@lists.mailscanner.info>

Sorry guys - forgot to run upgrade_MailScanner_conf (yeah, pillock!)

Mind you - now I have...

Dec  1 14:36:31 chichester MailScanner[12720]: MailScanner E-Mail Virus
Scanner version 4.48.4 starting... 
Dec  1 14:36:32 chichester MailScanner[12720]: Could not read file
/etc/MailScanner/reports/en/rejection.report.txt 
Dec  1 14:36:32 chichester MailScanner[12720]: Error in line 865, file
"/etc/MailScanner/reports/en/rejection.report.txt" for rejectionreport does
not exist (or can not be read) 

I have created the file and we seem to be starting up now. 

(This is from the RedHat rpm install)

Nigel

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Martin Hepworth
Sent: 01 December 2005 13:59
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: MailScanner ANNOUNCE: 4.48 released

Looks like you've not upgrade properly.

That setting was commented out when I ran the upgrade_MailScanner_conf
script.

How did you upgrade?

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On 
> Behalf Of Nigel kendrick
> Sent: 01 December 2005 13:47
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: [MAILSCANNER] MailScanner ANNOUNCE: 4.48 released
> 
> Dec  1 13:44:29 chichester MailScanner[12403]: MailScanner E-Mail 
> Virus Scanner version 4.48.4 starting...
> Dec  1 13:44:29 chichester MailScanner[12403]: Syntax error(s) in 
> configuration file:
> Dec  1 13:44:29 chichester MailScanner[12403]: Unrecognised keyword 
> "spamassassinprefsfile" at line 1399 Dec  1 13:44:29 chichester 
> MailScanner[12403]: Aborting due to syntax errors in 
> /etc/MailScanner/MailScanner.conf.
> 
> ??
> 
> Nigel
> 
> ------------------------ MailScanner list ------------------------ To 
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and the 
> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!


**********************************************************************

This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From P.G.M.Peters at UTWENTE.NL  Thu Dec  1 15:08:04 2005
From: P.G.M.Peters at UTWENTE.NL (Peter Peters)
Date: Thu Jan 12 21:31:20 2006
Subject: spam checks on outgoing mail
Message-ID: <mailman.17376.1137101480.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jason Williams wrote on 1-12-2005 1:41:

> First, does anyone here just whitelist their internal mail server so
> MailScanner never checks the mail to be as SPAM?

I don't whitelist our server. It generates to few messaes to bother. And
we certainly don't whitelist other servers in our network.

- --
Peter Peters, senior beheerder (Security)
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente,  Postbus 217,  7500 AE  Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDjxHUMbmy+DDgnIURAmFLAJ9sgGD8XfCYzoeVqD5+fGQ2NVMgNACgxD/m
27oEjBQlPDZNXS4azniOoeQ=
=Fqy/
-----END PGP SIGNATURE-----

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From gborders at jlewiscooper.com  Thu Dec  1 15:52:16 2005
From: gborders at jlewiscooper.com (Greg Borders)
Date: Thu Jan 12 21:31:20 2006
Subject: Blocking sexually explicit material...
Message-ID: <mailman.17377.1137101480.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Billy A. Pumphrey wrote:
>> -----Original Message-----
>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
>> Behalf Of Roger Poore
>> Sent: Wednesday, November 30, 2005 6:52 PM
>> To: MAILSCANNER@JISCMAIL.AC.UK
>> Subject: Re: Blocking sexually explicit material...
>>
>>     
>>> That will not work. I did not say /etc/mail/mailscanner. I said
>>> /etc/mail/spamassassin/. This is a spamassassin rulefile, not a
>>> mailscanner file.
>>>       
>> Typo on my part. I meant /etc/mail/spamassassin
>>
>> Thanks again for your help.
>>
>>     
>
> To add...
> I have DCC, Razer, and pyzor
>
> Here are what rules that I have:
> In /usr/share/spamassassin (I think I am correct in saying that these
> are the default rules)
> <snip>
Yes. Default rules that come with SA
>
> In /etc/mail/spamassassin
> <snip>
Active 3rd party rules (user, ju dour, etc.)

>
> Notice the RulesDuJour directory above, in that directory there is:
> <snip>
>
>   
As far as I know, this is the "old folks home" for retired rulesets.  
The Rules_Du_jour script migrates the replaced .cf's to this folder.  
You could probably clean this out periodically.
> Seems like a ton of rules.  
>
>
>   
It's a balancing game, more rules = slower processing, so you need to 
find the mix that suits your environment.
> I do not know really what percentage of spam gets through, but I see it
> doing really good.
>
> I actively seen and was told by the user that this helped a great
> deal....
> We have Microsoft Exchange
> I had her put her spam that she got into a certain folder so that I
> could 	feed bayes with it
> I feed bayes with it and her spam dramatically dropped in a few months.
>   
So far, I've been capturing most spam at my site without the use of the 
bayes system.  I read that it can really be a resource hog, but 
necessary of you get a lot of junk.
Good luck!

--
This transmission may contain information that is privileged, confidential
and/or exempt from disclosure under applicable law. If you are not the
intended recipient, you are hereby notified that any disclosure, copying,
distribution, or use of the information contained herein (including any
reliance thereon) is STRICTLY PROHIBITED. If you received this transmission
in error, please immediately contact the sender and destroy the material in
its entirety, whether in electronic or hard copy format. Thank you.

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From chris at scorpion.nl  Thu Dec  1 15:58:03 2005
From: chris at scorpion.nl (Christiaan den Besten)
Date: Thu Jan 12 21:31:20 2006
Subject: Why is MS doing spam checks first?
Message-ID: <mailman.17378.1137101480.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

> This old chestnut...

Hi, we had a different scenario with the latest Sober outbreak the other day. People got 'bounces' due to non-allowed file-extention 
(.exe).

a) They got a message bounced, but the 'From' was offcourse fake.
b) The (incorrect) bounce contained a virus because it was not yet scanned.

Usually this does not occur because messages are virus scanned on our edge smtp relay's before hitting the spam/attachment relay's. 
But due to some timing constraint the edge relay's AV-engine's did not yet recognise the 'new' virus ....

I know it has been discussed over and over .. and (having read the source some time ago ... ) I know it's a mayor switch, but 
it -is- viable for some to have an other priority in which order scanning, bouncing on illegal attachment etc is done .....

bye,
Chris
 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Thu Dec  1 16:22:42 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:20 2006
Subject: Why is MS doing spam checks first?
Message-ID: <mailman.17379.1137101480.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Ed Bruce spake the following on 12/1/2005 6:13 AM:
> Remco Barendse wrote:
> 
>>
>> You are excused ;)
>>
>> But I think that the last few months SpamAss has turned out to be more
>> of a cpu+mem hog than any other check you would be doing on an e-mail.
>>
>> I think that any virusscanner will have scanned the average message in
>> less than half a second wheras SpamAss is taking several seconds at least
>>
>> Sorry if my message was unclear but maybe it's time to switch priorities?
> 
> 
> But its still true that the majority of the email we receive is spam.
> I'm guessing this is still true for the majority of users of MS.
> 
> But I would prefer, for personal reasons, to have virus scanning first.
> 
IF you must have virus scanning first, you could use mimedefang or
clamav milter and scan for viruses first. But you will probably have
more load, not less.

-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From itdept at FRACTALWEB.COM  Thu Dec  1 17:15:22 2005
From: itdept at FRACTALWEB.COM (IT Dept)
Date: Thu Jan 12 21:31:20 2006
Subject: worm emails marked as possible spam
Message-ID: <mailman.17380.1137101480.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi Everyone,

I'm getting tons of complaints from my users that are complaining about 
the amount of "spam" they're getting over the past week or so. These are 
messages with subjects such as "hi, ive a new mail address" and so 
forth. Obviously, it's not really spam, but the result of one of the 
Sober worm variants. But the problem is that although SOME of the 
messages get tagged as high spam, and therefore the users aren't 
notified...many of the messages don't score high enough for that, so get 
tagged as possible spam and the user's inbox gets bigger...some users 
are apparently getting hundreds of these a day.

How do I block these damned things, or at least not have the system 
notify my users about them?

Thanks,
Chris

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From vachanta at GMAIL.COM  Thu Dec  1 17:21:57 2005
From: vachanta at GMAIL.COM (Venkata Achanta)
Date: Thu Jan 12 21:31:20 2006
Subject: worm emails marked as possible spam
Message-ID: <mailman.17381.1137101480.24926.mailscanner@lists.mailscanner.info>

They should be caught as viruses. i had the same exact problem last week. 

Are you using clamav or clamavmodule ? change it to clamav in 
mailscanner.conf and you should be fine.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From itdept at FRACTALWEB.COM  Thu Dec  1 17:33:32 2005
From: itdept at FRACTALWEB.COM (IT Dept)
Date: Thu Jan 12 21:31:20 2006
Subject: worm emails marked as possible spam
Message-ID: <mailman.17382.1137101480.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Venkata Achanta wrote:

>They should be caught as viruses. i had the same exact problem last week. 
>
>Are you using clamav or clamavmodule ? change it to clamav in 
>mailscanner.conf and you should be fine.
>  
>
Thanks. I am already using clamav, not clamavmodule.

I just ran freshclam, and it says everything is up to date. Not sure 
where else to look.

Thanks,
Chris

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jwilliams at COURTESYMORTGAGE.COM  Thu Dec  1 17:47:00 2005
From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams)
Date: Thu Jan 12 21:31:20 2006
Subject: Incoming attachments with multiple "." in the name
Message-ID: <mailman.17383.1137101480.24926.mailscanner@lists.mailscanner.info>


Just a quick question.

 

Recently, our investors have been sending us spreadsheet files with
information that is important to us. However, they have been naming the
files with multiple &#8220;periods&#8221; in them. For example:

 

Todays.file.01.xls

 

These files get stripped off at the mailgateway as ClamAV:

 

Filename Checks: Found possible filename hiding (jB1EO4rT076234
051201.F1.WFL.xls)

 

Is there a way around this, but ensuring that no true hidden viruses get
to the internal network? Is there some type of customization I can make
so this won&#8217;t happen, and my users won&#8217;t freak out?

 

I appreciate it.

 

-Jason


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From glenn.steen at GMAIL.COM  Thu Dec  1 17:48:34 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:20 2006
Subject: worm emails marked as possible spam
Message-ID: <mailman.17384.1137101480.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 01/12/05, IT Dept <itdept@fractalweb.com> wrote:
> Venkata Achanta wrote:
>
> >They should be caught as viruses. i had the same exact problem last week.
> >
> >Are you using clamav or clamavmodule ? change it to clamav in
> >mailscanner.conf and you should be fine.
> >
> >
> Thanks. I am already using clamav, not clamavmodule.
>
> I just ran freshclam, and it says everything is up to date. Not sure
> where else to look.
>
> Thanks,
> Chris
>

Just out of curiosity, what does "clamscan --version" give?

Does the mails have the usual zip/exe things attached? If so, you
could always block the filenames/types...
If not, why then they are already "sanitized" perhaps?

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Thu Dec  1 17:29:25 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:20 2006
Subject: worm emails marked as possible spam
Message-ID: <mailman.17385.1137101480.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

IT Dept spake the following on 12/1/2005 9:15 AM:
> Hi Everyone,
> 
> I'm getting tons of complaints from my users that are complaining about
> the amount of "spam" they're getting over the past week or so. These are
> messages with subjects such as "hi, ive a new mail address" and so
> forth. Obviously, it's not really spam, but the result of one of the
> Sober worm variants. But the problem is that although SOME of the
> messages get tagged as high spam, and therefore the users aren't
> notified...many of the messages don't score high enough for that, so get
> tagged as possible spam and the user's inbox gets bigger...some users
> are apparently getting hundreds of these a day.
> 
> How do I block these damned things, or at least not have the system
> notify my users about them?
> 
> Thanks,
> Chris
> 
You could look for something in common in them and write a filter.
See if they hit an existing optional ruleset.
Maybe put some examples up on a website and post a link. Some of us
could test them and see if we have rules that hit them. If you are
getting them, then many of the other people on this list are also seeing
this traffic. The only thing I have seen get through were some corrupted
sober.u mails. Since they were corrupted, they were harmless and didn't
trip a virus scanner.
 Unfortunately, they happened to go to a Vice President who was not too
amused.

-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From itdept at FRACTALWEB.COM  Thu Dec  1 18:05:55 2005
From: itdept at FRACTALWEB.COM (IT Dept)
Date: Thu Jan 12 21:31:20 2006
Subject: worm emails marked as possible spam
Message-ID: <mailman.17386.1137101480.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Glenn Steen wrote:

>Just out of curiosity, what does "clamscan --version" give?
>
>Does the mails have the usual zip/exe things attached? If so, you
>could always block the filenames/types...
>If not, why then they are already "sanitized" perhaps?
>  
>
Hi Glenn,

# clamscan --version
ClamAV 0.87.1/1199/Thu Dec  1 01:39:16 2005

"zip/exe things"???

Chris

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ml at NETGROUPES.CA  Thu Dec  1 17:57:50 2005
From: ml at NETGROUPES.CA (Mailing List)
Date: Thu Jan 12 21:31:20 2006
Subject: GreyListing experiences
Message-ID: <mailman.17387.1137101480.24926.mailscanner@lists.mailscanner.info>


Hi

 

Did anyone implemented a greylisting product on a multiSite configuration
(I mean MailScanner/SA split on more than one server)  ?

 

We're searching for a reliable product providing greylisting for a multi
server Topology. But the BD will have to be share on something as
MySQL&#8230;

 

JF

 

IF you wan to see a funny AntiSpam company Christmas card,  take a look
at http://www.lastspam.com/main_noel.php?ref=113   lol

 

 


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From ssilva at SGVWATER.COM  Thu Dec  1 17:58:58 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:20 2006
Subject: Incoming attachments with multiple "." in the name
Message-ID: <mailman.17388.1137101480.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "windows-1252" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Jason Williams spake the following on 12/1/2005 9:47 AM:
> Just a quick question.
> 
>  
> 
> Recently, our investors have been sending us spreadsheet files with
> information that is important to us. However, they have been naming the
> files with multiple ^Óperiods^Ô in them. For example:
> 
>  
> 
> Todays.file.01.xls
> 
>  
> 
> These files get stripped off at the mailgateway as ClamAV:
> 
>  
> 
> Filename Checks: Found possible filename hiding (jB1EO4rT076234
> 051201.F1.WFL.xls)
> 
>  
> 
> Is there a way around this, but ensuring that no true hidden viruses get
> to the internal network? Is there some type of customization I can make
> so this won^Òt happen, and my users won^Òt freak out?
> 
>  
> 
> I appreciate it.
This isn't from clamav. This is from the filename checks in MailScanner.
You could disable this, maybe dangerous maybe not, or get your users to
use some other de-limiter like - or _ instead of a "dot". If you are
using the filetype checks, you might get away with disabling this.

-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Thu Dec  1 18:19:01 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:20 2006
Subject: worm emails marked as possible spam
Message-ID: <mailman.17389.1137101480.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 01/12/05, IT Dept <itdept@fractalweb.com> wrote:
> Glenn Steen wrote:
>
> >Just out of curiosity, what does "clamscan --version" give?
> >
> >Does the mails have the usual zip/exe things attached? If so, you
> >could always block the filenames/types...
> >If not, why then they are already "sanitized" perhaps?
> >
> >
> Hi Glenn,
>
> # clamscan --version
> ClamAV 0.87.1/1199/Thu Dec  1 01:39:16 2005

Looks good. And if you run it on one of the messages (assuming they
get quarantined somewhere), this fails to see a problem?
>
> "zip/exe things"???
Sloppy way of expressing myself ".zip files (archives) containing
executable files (.exe)" would perhaps be more intelligible:-).
If not, then you're probably just seeing some form of "backwash", like
the previous Sober outbreak generating a lot of ... German spam.... In
that case, Scotts suggestion is probably the best way to go: Identify
some common features and create SA rules for 'em.

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jaearick at COLBY.EDU  Thu Dec  1 18:27:04 2005
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:31:20 2006
Subject: worm emails marked as possible spam
Message-ID: <mailman.17390.1137101480.24926.mailscanner@lists.mailscanner.info>

This sounds like the problem of ClamAV not catching Sober.U/Sober-Z
with ClamAV 0.87.1, check the list archives from earlier this week.
I changed to the latest CVS version of Clam and the problem went
away.  I'm totally baffled as to why Clam hasn't put out a new release
to fix this nasty bug.

Jeff Earickson
Colby College

On Thu, 1 Dec 2005, IT Dept wrote:

> Date: Thu, 1 Dec 2005 09:15:22 -0800
> From: IT Dept <itdept@FRACTALWEB.COM>
> Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: worm emails marked as possible spam
> 
> Hi Everyone,
>
> I'm getting tons of complaints from my users that are complaining about the 
> amount of "spam" they're getting over the past week or so. These are messages 
> with subjects such as "hi, ive a new mail address" and so forth. Obviously, 
> it's not really spam, but the result of one of the Sober worm variants. But 
> the problem is that although SOME of the messages get tagged as high spam, 
> and therefore the users aren't notified...many of the messages don't score 
> high enough for that, so get tagged as possible spam and the user's inbox 
> gets bigger...some users are apparently getting hundreds of these a day.
>
> How do I block these damned things, or at least not have the system notify my 
> users about them?
>
> Thanks,
> Chris
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From amoore at DEKALBMEMORIAL.COM  Thu Dec  1 18:38:08 2005
From: amoore at DEKALBMEMORIAL.COM (Aaron K. Moore)
Date: Thu Jan 12 21:31:20 2006
Subject: Blocking sexually explicit material...
Message-ID: <mailman.17391.1137101480.24926.mailscanner@lists.mailscanner.info>

Billy A. Pumphrey wrote:
>> -----Original Message-----
>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]
>> On Behalf Of Roger Poore Sent: Wednesday, November 30, 2005 6:52 PM
>> To: MAILSCANNER@JISCMAIL.AC.UK
>> Subject: Re: Blocking sexually explicit material...
>> 
>>> That will not work. I did not say /etc/mail/mailscanner. I said
>>> /etc/mail/spamassassin/. This is a spamassassin rulefile, not a
>>> mailscanner file.
>> 
>> Typo on my part. I meant /etc/mail/spamassassin
>> 
>> Thanks again for your help.
>> 
> 
> To add...
> I have DCC, Razer, and pyzor
> 
> Here are what rules that I have:
> In /usr/share/spamassassin (I think I am correct in saying that these
> are the default rules)
> [root@WoodenMS spamassassin]# ls
> 10_misc.cf             20_phrases.cf        30_text_fr.cf
> 20_anti_ratware.cf     20_porn.cf           30_text_nl.cf
> 20_body_tests.cf       20_ratware.cf        30_text_pl.cf
> 20_compensate.cf       20_uri_tests.cf      50_scores.cf
> 20_dnsbl_tests.cf      23_bayes.cf          60_whitelist.cf
> 20_drugs.cf            25_body_tests_es.cf  languages
> 20_fake_helo_tests.cf  25_hashcash.cf       triplets.txt
> 20_head_tests.cf       25_spf.cf            user_prefs.template
> 20_html_tests.cf       25_uribl.cf
> 20_meta_tests.cf       30_text_de.cf

Those are the deafult rules.

> In /etc/mail/spamassassin
> [root@WoodenMS spamassassin]# ls
> 70_sare_adult.cf             71_sare_bml_pre25x.cf
> 70_sare_bayes_poison_nxm.cf  72_sare_bml_post25x.cf
> 70_sare_evilnum0.cf          72_sare_redirect_post3.0.0.cf
> 70_sare_evilnum1.cf          99_sare_fraud_post25x.cf
> 70_sare_evilnum2.cf          99_sare_fraud_pre25x.cf
> 70_sare_header.cf            antidrug.cf
> 70_sare_html0.cf             bogus-virus-warnings.cf
> 70_sare_html.cf              chickenpox.cf
> 70_sare_obfu0.cf             german.cf
> 70_sare_oem.cf               init.pre
> 70_sare_random.cf            local.cf.saved
> 70_sare_ratware.cf           mime_validate.cf
> 70_sare_specific.cf          random.cf
> 70_sare_spoof.cf             RulesDuJour
> 70_sare_uri0.cf              spamassassin-default.rc
> 70_sare_uri1.cf              spamassassin-helper.sh
> 70_sare_uri3.cf              spamassassin-spamc.rc
> 70_sare_uri_arc.cf           tripwire.cf
> 70_sare_uri_eng.cf

These are your local rules and config files.

What version of spamassassin are you running?  You should have only one
of the 99_sare_fraud_post25x.cf and 99_sare_fraud_pre25x.cf in your
local configuration directory not both.
 
> Notice the RulesDuJour directory above, in that directory there is:
> 
> [root@WoodenMS RulesDuJour]# ls
> 70_sare_adult.cf
> 70_sare_specific.cf.20050528-0215
> 70_sare_adult.cf.2
> 70_sare_specific.cf.20050602-0212
> 70_sare_bayes_poison_nxm.cf
> 70_sare_specific.cf.20050923-0135
> 70_sare_bayes_poison_nxm.cf.20050602-0212
> 70_sare_specific.cf.20051002-0157
> 70_sare_evilnum0.cf
> 70_sare_specific.cf.20051014-0207
> 70_sare_evilnum0.cf.20051006-0132
> 70_sare_specific.cf.20051120-0205
> 70_sare_evilnum1.cf
> 70_sare_specific.cf.20051125-0213
> 70_sare_evilnum2.cf
> 70_sare_specific.cf.20051126-0131
> 70_sare_header.cf                          70_sare_spoof.cf
> 70_sare_header.cf.20050523-0134
> 70_sare_spoof.cf.20050527-0134
> 70_sare_header.cf.20050527-0134
> 70_sare_spoof.cf.20050602-0212
> 70_sare_header.cf.20050602-0212
> 70_sare_spoof.cf.20050921-0209
> 70_sare_header.cf.20050612-0128
> 70_sare_spoof.cf.20050930-0203
> 70_sare_header.cf.20050809-0221
> 70_sare_spoof.cf.20051006-0132
> 70_sare_header.cf.20051031-0209
> 70_sare_spoof.cf.20051013-0133
> 70_sare_html.cf
> 70_sare_spoof.cf.20051026-0220
> 70_sare_html.cf.20050602-0212
> 70_sare_spoof.cf.20051102-0201
> 70_sare_html.cf.20050605-0225
> 70_sare_spoof.cf.20051103-0212
> 70_sare_html.cf.20050703-0215
> 70_sare_spoof.cf.20051115-0202
> 70_sare_html.cf.20051006-0132
> 70_sare_spoof.cf.20051119-0129
> 70_sare_oem.cf                             71_sare_bml_pre25x.cf
> 70_sare_oem.cf.20050602-0212               72_sare_bml_post25x.cf
> 70_sare_oem.cf.20051013-0133               72_sare_bml_post25x.cf.2
> 70_sare_oem.cf.20051026-0220              
> 72_sare_redirect_post3.0.0.cf 70_sare_oem.cf.20051101-0128           
> 99_FVGT_Tripwire.cf 70_sare_oem.cf.20051102-0201              
> 99_sare_fraud_post25x.cf 70_sare_oem.cf.20051104-0209              
> 99_sare_fraud_post25x.cf.2 70_sare_random.cf                         
> 99_sare_fraud_pre25x.cf 70_sare_random.cf.20050528-0215           
> antidrug.cf 70_sare_random.cf.20050602-0212            bigevil.cf
> 70_sare_random.cf.20051015-0206            bigevil.cf.2
> 70_sare_random.cf.20051026-0220            blacklist.cf.20050711-1334
> 70_sare_random.cf.20051101-0128            bogus-virus-warnings.cf
> 70_sare_random.cf.20051126-0131            random.current.cf
> 70_sare_ratware.cf                         rules_du_jour
> 70_sare_specific.cf                        sa-blacklist.current
> 70_sare_specific.cf.20050526-0206          sa-blacklist.current.uri.cf
> 70_sare_specific.cf.20050527-0134          tripwire.cf.20050602-0212

This is the working directory for the rules_du_jour script.  It keeps
current, and previous versions of the scripts that it downloads as well
as updates to the actual rules_du_jour script itself.

I keep mine over on /var/spool so that it's clear that this isn't a
directory of rules that are being processed by spamassassin.

Check the rules_du_jour script for documentation on it's various
settings.

-- 
Aaron Kent Moore
Information Technology Services
DeKalb Memorial Hospital, Inc.
Auburn, IN

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Dave  Thu Dec  1 18:40:19 2005
From: Dave (Dave)
Date: Thu Jan 12 21:31:20 2006
Subject: worm emails marked as possible spam
Message-ID: <mailman.17392.1137101480.24926.mailscanner@lists.mailscanner.info>

On Thu, Dec 01, 2005 at 01:27:04PM -0500, Jeff A. Earickson wrote:
> This sounds like the problem of ClamAV not catching Sober.U/Sober-Z
> with ClamAV 0.87.1, check the list archives from earlier this week.
> I changed to the latest CVS version of Clam and the problem went
> away.  I'm totally baffled as to why Clam hasn't put out a new release
> to fix this nasty bug.
> 
> Jeff Earickson
> Colby College
>

Clamav is up to date.

Look at:

http://doctor.nl2k.ab.ca/cgi-bin/virus/display.pl?number
 
> On Thu, 1 Dec 2005, IT Dept wrote:
> 
> >Date: Thu, 1 Dec 2005 09:15:22 -0800
> >From: IT Dept <itdept@FRACTALWEB.COM>
> >Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
> >To: MAILSCANNER@JISCMAIL.AC.UK
> >Subject: worm emails marked as possible spam
> >
> >Hi Everyone,
> >
> >I'm getting tons of complaints from my users that are complaining about 
> >the amount of "spam" they're getting over the past week or so. These are 
> >messages with subjects such as "hi, ive a new mail address" and so forth. 
> >Obviously, it's not really spam, but the result of one of the Sober worm 
> >variants. But the problem is that although SOME of the messages get tagged 
> >as high spam, and therefore the users aren't notified...many of the 
> >messages don't score high enough for that, so get tagged as possible spam 
> >and the user's inbox gets bigger...some users are apparently getting 
> >hundreds of these a day.
> >
> >How do I block these damned things, or at least not have the system notify 
> >my users about them?
> >
> >Thanks,
> >Chris
> >
> >------------------------ MailScanner list ------------------------
> >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> >'leave mailscanner' in the body of the email.
> >Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> >Support MailScanner development - buy the book off the website!
> >
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Thu Dec  1 18:28:18 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:20 2006
Subject: worm emails marked as possible spam
Message-ID: <mailman.17393.1137101480.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

IT Dept spake the following on 12/1/2005 9:15 AM:
> Hi Everyone,
> 
> I'm getting tons of complaints from my users that are complaining about
> the amount of "spam" they're getting over the past week or so. These are
> messages with subjects such as "hi, ive a new mail address" and so
> forth. Obviously, it's not really spam, but the result of one of the
> Sober worm variants. But the problem is that although SOME of the
> messages get tagged as high spam, and therefore the users aren't
> notified...many of the messages don't score high enough for that, so get
> tagged as possible spam and the user's inbox gets bigger...some users
> are apparently getting hundreds of these a day.
> 
> How do I block these damned things, or at least not have the system
> notify my users about them?
> 
> Thanks,
> Chris
> 
I looked for one of these and got the following scores;

3.50	BAYES_99	Bayesian spam probability is 99 to 100%
2.17	DCC_CHECK	Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
0.77	DIGEST_MULTIPLE	Message hits more than one network digest check
0.20	DNS_FROM_RFC_ABUSE	Envelope sender in abuse.rfc-ignorant.org
1.45	DNS_FROM_RFC_WHOIS	Envelope sender in whois.rfc-ignorant.org
0.14	FORGED_RCVD_HELO	Received: contains a forged HELO
1.61	MISSING_MIMEOLE	Message has X-MSMail-Priority, but no X-MimeOLE
0.96	NO_REAL_NAME	From: does not include a real name
2.70	PRIORITY_NO_NAME	Message has priority, but no user agent name
1.50	RAZOR2_CF_RANGE_51_100	Razor2 gives confidence level above 50%
1.50	RAZOR2_CF_RANGE_E4_51_100	Razor2 gives engine 4 confidence level
above 50%
0.50	RAZOR2_CHECK	Listed in Razor2 (http://razor.sf.net/)
1.00	RCVD_IN_JAMM	Received via a relay in JAMMConsulting
1.50	RCVD_IN_NJABL_DUL	NJABL: dialup sender did non-local SMTP
2.05	RCVD_IN_SORBS_DUL	SORBS: sent directly from dynamic IP address
1.38	SPF_SOFTFAIL	SPF: sender does not match SPF record (softfail)

Spamassassin Score: 22.92


Maybe you need some more tuning?

-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mkettler at EVI-INC.COM  Thu Dec  1 18:44:35 2005
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:31:20 2006
Subject: Blocking sexually explicit material...
Message-ID: <mailman.17394.1137101480.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Billy A. Pumphrey wrote:

> Here are what rules that I have:
> In /usr/share/spamassassin (I think I am correct in saying that these
> are the default rules)
> [root@WoodenMS spamassassin]# ls
>
> 20_drugs.cf            

<snip>

> 
> In /etc/mail/spamassassin
> [root@WoodenMS spamassassin]# ls
           antidrug.cf

> 
> Notice the RulesDuJour directory above, in that directory there is:
> 

Billy, you should remove antidrug.cf. Antidrug.cf is *ONLY* for users of SA 2.6x
and older. SA 3.0.0 and higher has these rules built-in as a part of 20_drugs.cf.

I'll forward my deprecation announcement to this list (I posted it on
spamassassin users recently)

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mkettler at EVI-INC.COM  Thu Dec  1 18:45:39 2005
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:31:20 2006
Subject: Antidrug.cf deprecated and no longer maintained.
Message-ID: <mailman.17395.1137101480.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

(Re-post of my 11/29/2005 post to spamassassin users)

Since a lot of people are still using antidrug.cf, I'm making a public
announcement here to clarify.

Antidrug.cf is deprecated and obsolete for all users of SpamAssassin 3.0.0 or
higher. These rules are now a part of the standard SA distribution, and any
improvements will likely happen directly in the SA project and not on the .cf file.

I may at some point in the future, if I ever have spare time again, make a new
ruleset, but it will be a separate file (ie: antidrug_post31.cf).

Unless you're using SA 2.64, remove the ruleset, as it will cover-up any future
improvements that may be contributed to the SA distribution.

If you're using a version older than 2.64, you almost certainly have a remotely
exploitable DoS vulnerability, and need to upgrade.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From itdept at FRACTALWEB.COM  Thu Dec  1 18:48:40 2005
From: itdept at FRACTALWEB.COM (IT Dept)
Date: Thu Jan 12 21:31:20 2006
Subject: worm emails marked as possible spam
Message-ID: <mailman.17396.1137101480.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Jeff A. Earickson wrote:

> This sounds like the problem of ClamAV not catching Sober.U/Sober-Z
> with ClamAV 0.87.1, check the list archives from earlier this week.
> I changed to the latest CVS version of Clam and the problem went
> away.  I'm totally baffled as to why Clam hasn't put out a new release
> to fix this nasty bug.
>
> Jeff Earickson
> Colby College

Jeff,

I agree. This seems like EXACTLY what's happening. I haven't been over 
on the clamav list lately...what are people saying there about this issue?

Cheers,
Chris

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jakari at BLUEAVIAN.COM  Thu Dec  1 18:57:48 2005
From: jakari at BLUEAVIAN.COM (Jameel Akari)
Date: Thu Jan 12 21:31:20 2006
Subject: Sign outbound messages
Message-ID: <mailman.17397.1137101480.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Reviewing the archives I saw that a question was recently asked about
disclaimers/signatures appended to outbound mail.

I currently implement this per-domain with:
Sign Clean Messages = /etc/MailScanner/rules/signing.rules
I have %org-name% set and we also have:
Sign Messages Already Processed = no

Is there any other way I can prevent Mailscanner from signing messages
where the body already contains our disclaimer?  That is, we send, and the
recipient replies without stripping off the disclaimer - but their MTA/MUA
do not keep the org-name header. When we reply again to that message, it
now has two copies of the disclaimer inlined.

It's more an annoyance than anything else (much the like the disclaimers
themselves!) but can anyone think of a clean way to not sign when the text
is already there?

One ugly way I can think of would be to make a custom SA rule that matched
a line of our disclaimer in the body, score it zero but make sure it still
shows up by name in the SA header.  Then one would have to patch
Mailscanner so that the "Sign Messages Already Processed" also looks at
the SA header as well as org-name.  Nasty.  Any other ideas are welcome.

Thanks,
-- 
Jameel Akari

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From itdept at FRACTALWEB.COM  Thu Dec  1 19:00:23 2005
From: itdept at FRACTALWEB.COM (IT Dept)
Date: Thu Jan 12 21:31:20 2006
Subject: bayes fails learning, but only sometimes
Message-ID: <mailman.17398.1137101480.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi Everyone,

Having a problem where sometimes I get errors when trying to teach bayes 
that a message is spam. MailWatch gives the following error:

    SA Learn: bayes: failed rename /etc/MailScanner/bayes/_journal to
    /etc/MailScanner/bayes/_journal.old, bayes: failed rename
    /etc/MailScanner/bayes/_journal to
    /etc/MailScanner/bayes/_journal.old, Learned from 0 message(s) (1
    message(s) examined)


Yet other times, it works fine.

Is this a MailWatch issue (in which case, I'll ask over there), or a 
MailScanner one?

Thanks,
Chris

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mkettler at EVI-INC.COM  Thu Dec  1 19:10:20 2005
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:31:20 2006
Subject: bayes fails learning, but only sometimes
Message-ID: <mailman.17399.1137101480.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

IT Dept wrote:
> Hi Everyone,
> 
> Having a problem where sometimes I get errors when trying to teach bayes
> that a message is spam. MailWatch gives the following error:
> 
>    SA Learn: bayes: failed rename /etc/MailScanner/bayes/_journal to
>    /etc/MailScanner/bayes/_journal.old, bayes: failed rename
>    /etc/MailScanner/bayes/_journal to
>    /etc/MailScanner/bayes/_journal.old, Learned from 0 message(s) (1
>    message(s) examined)
> 
> 
> Yet other times, it works fine.
> 
> Is this a MailWatch issue (in which case, I'll ask over there), or a
> MailScanner one?

I assume you've got a bayes_path statement in one of your configs, since it's
pointing everything to /etc/MailScanner/bayes/

Obviously sa-learn is seeing this too.

questions:

1) do you have bayes_file_mode 0777? (global bayes DBs are unfortunately not
practical unless it's world rw. Since the mode is really a mask and gets used
for directories, it needs the 'x' bit as well)


2) do you have lock_method flock in spam.assassin.prefs.conf? Is there a
matching one in /etc/mail/spamassassin/*.cf? (sa-learn needs to use the same
lock_method as the SA inside MailScanner)

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Thu Dec  1 19:15:47 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:20 2006
Subject: bayes fails learning, but only sometimes
Message-ID: <mailman.17400.1137101480.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 01/12/05, IT Dept <itdept@fractalweb.com> wrote:
> Hi Everyone,
>
> Having a problem where sometimes I get errors when trying to teach bayes
> that a message is spam. MailWatch gives the following error:
>
>     SA Learn: bayes: failed rename /etc/MailScanner/bayes/_journal to
>     /etc/MailScanner/bayes/_journal.old, bayes: failed rename
>     /etc/MailScanner/bayes/_journal to
>     /etc/MailScanner/bayes/_journal.old, Learned from 0 message(s) (1
>     message(s) examined)
>
>
> Yet other times, it works fine.
>
> Is this a MailWatch issue (in which case, I'll ask over there), or a
> MailScanner one?
>
> Thanks,
> Chris

Could you give the output from
ls -la /etc/MailScanner/bayes
.... just to rule out any permission issues ... Oh yeah, what is (if
at all) bayes_file_mode set to?

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Thu Dec  1 19:01:58 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:20 2006
Subject: worm emails marked as possible spam
Message-ID: <mailman.17401.1137101480.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

IT Dept spake the following on 12/1/2005 10:48 AM:
> Jeff A. Earickson wrote:
> 
>> This sounds like the problem of ClamAV not catching Sober.U/Sober-Z
>> with ClamAV 0.87.1, check the list archives from earlier this week.
>> I changed to the latest CVS version of Clam and the problem went
>> away.  I'm totally baffled as to why Clam hasn't put out a new release
>> to fix this nasty bug.
>>
>> Jeff Earickson
>> Colby College
> 
> 
> Jeff,
> 
> I agree. This seems like EXACTLY what's happening. I haven't been over
> on the clamav list lately...what are people saying there about this issue?
> 
> Cheers,
> Chris
> 
I am catching Sober.U with Clamavmodule, haven't checked with clamav.


-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jaearick at COLBY.EDU  Thu Dec  1 19:19:15 2005
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:31:20 2006
Subject: worm emails marked as possible spam
Message-ID: <mailman.17402.1137101480.24926.mailscanner@lists.mailscanner.info>

I don't subscribe to the Clam list so I don't know.  But the issue
of Clam 0.87.1 not catching Sober.U on some types of operating
systems (Solaris 9 in my case) seems to be a reoccurring topic
on the MS list of late.  Clam 0.87.1 seems to work fine on some
versions of UNIX (eg, Linux) but not others (Solaris, maybe BSD).
The CVS code has fixed this, at least for me.

Jeff Earickson
Colby College

On Thu, 1 Dec 2005, IT Dept wrote:

> Date: Thu, 1 Dec 2005 10:48:40 -0800
> From: IT Dept <itdept@FRACTALWEB.COM>
> Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: worm emails marked as possible spam
> 
> Jeff A. Earickson wrote:
>
>> This sounds like the problem of ClamAV not catching Sober.U/Sober-Z
>> with ClamAV 0.87.1, check the list archives from earlier this week.
>> I changed to the latest CVS version of Clam and the problem went
>> away.  I'm totally baffled as to why Clam hasn't put out a new release
>> to fix this nasty bug.
>> 
>> Jeff Earickson
>> Colby College
>
> Jeff,
>
> I agree. This seems like EXACTLY what's happening. I haven't been over on the 
> clamav list lately...what are people saying there about this issue?
>
> Cheers,
> Chris
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From michele at BLACKNIGHT.IE  Thu Dec  1 19:40:05 2005
From: michele at BLACKNIGHT.IE (Michele Neylon:: Blacknight.ie)
Date: Thu Jan 12 21:31:20 2006
Subject: Recurring abuser
Message-ID: <mailman.17403.1137101480.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Casey King wrote:
> My MailScanner boxes are still getting drilled with the Sober.Virus and
> spam (none which have made it through) from a single IP address.  I did
> a lookup on dnsstuff.com for the address {66.243.13.178} but made no
> headway on what to do about this.  What steps do I need to do in order
> to get this to stop?  I haven't seen a degridation in mail processing,
> but seeing over 150 Sober infected emails, and countless spam each day
> is a bit annoying.
> 

I'd simply firewall off the IP...

-- 
Mr Michele Neylon
Blacknight Solutions
Quality Business Hosting & Colocation
http://www.blacknight.ie/
Tel. 1850 927 280
Intl. +353 (0) 59  9183072
Direct Dial: +353 (0)59 9183090
Fax. +353 (0) 59  9164239

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Richard.Frovarp at SENDIT.NODAK.EDU  Thu Dec  1 19:41:56 2005
From: Richard.Frovarp at SENDIT.NODAK.EDU (Richard Frovarp)
Date: Thu Jan 12 21:31:20 2006
Subject: worm emails marked as possible spam
Message-ID: <mailman.17404.1137101480.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I'm catching Sober.U with clamav. Have ever since the inital breakout.

Scott Silva wrote:

>IT Dept spake the following on 12/1/2005 10:48 AM:
>  
>
>>Jeff A. Earickson wrote:
>>
>>    
>>
>>>This sounds like the problem of ClamAV not catching Sober.U/Sober-Z
>>>with ClamAV 0.87.1, check the list archives from earlier this week.
>>>I changed to the latest CVS version of Clam and the problem went
>>>away.  I'm totally baffled as to why Clam hasn't put out a new release
>>>to fix this nasty bug.
>>>
>>>Jeff Earickson
>>>Colby College
>>>      
>>>
>>Jeff,
>>
>>I agree. This seems like EXACTLY what's happening. I haven't been over
>>on the clamav list lately...what are people saying there about this issue?
>>
>>Cheers,
>>Chris
>>
>>    
>>
>I am catching Sober.U with Clamavmodule, haven't checked with clamav.
>
>
>  
>


-- 
Richard Frovarp
EduTech System Administrator
1-701-231-5127 or 
1-800-774-1091

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Marc.Dufresne at PARKS.ON.CA  Thu Dec  1 19:40:26 2005
From: Marc.Dufresne at PARKS.ON.CA (Marc Dufresne)
Date: Thu Jan 12 21:31:20 2006
Subject: SPAM Scoring not working..only modifying subject line with
    {Spam?}
Message-ID: <mailman.17405.1137101480.24926.mailscanner@lists.mailscanner.info>

This is a sample from /var/mail/spammail. Why is
X-SLPC-MailScanner-SpamCheck always blank and Subject is modified with
{Spam?}?

From mkettler at EVI-INC.COM  Thu Dec  1 19:44:05 2005
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:31:20 2006
Subject: Recurring abuser
Message-ID: <mailman.17407.1137101480.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Casey King wrote:
> My MailScanner boxes are still getting drilled with the Sober.Virus and
> spam (none which have made it through) from a single IP address.  I did
> a lookup on dnsstuff.com for the address {66.243.13.178} but made no
> headway on what to do about this.  What steps do I need to do in order
> to get this to stop?  I haven't seen a degridation in mail processing,
> but seeing over 150 Sober infected emails, and countless spam each day
> is a bit annoying.
> 
What MTA do you use? Sendmail?
/etc/mail/access:

66.243.13.178	550	virus flood from this system

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ebruce at HPMICH.COM  Thu Dec  1 19:46:03 2005
From: ebruce at HPMICH.COM (Ed Bruce)
Date: Thu Jan 12 21:31:20 2006
Subject: Why is MS doing spam checks first?
Message-ID: <mailman.17408.1137101480.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Scott Silva wrote:

 Ed Bruce spake the following on 12/1/2005 6:13 AM:
  

 Remco Barendse wrote:

    

 You are excused ;)

But I think that the last few months SpamAss has turned out to be more
of a cpu+mem hog than any other check you would be doing on an e-mail.

I think that any virusscanner will have scanned the average message in
less than half a second wheras SpamAss is taking several seconds at least

Sorry if my message was unclear but maybe it's time to switch priorities?
      

 But its still true that the majority of the email we receive is spam.
I'm guessing this is still true for the majority of users of MS.

But I would prefer, for personal reasons, to have virus scanning first.

    

 IF you must have virus scanning first, you could use mimedefang or
clamav milter and scan for viruses first. But you will probably have
more load, not less.

  


Load is not a problem, only processing about 2-3k msgs/day. More of the
way I configured MS to Work with Mailwatch so I can release msg from
quarantine. I now have infected emails in the spam directory. I've just
made sure that email from 127.0.0.1 is virus scanned to stop them. But by
scanning for viruses first then infected emails are not identified as
SPAM only with no indication that they are infected.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From dave.list at PIXELHAMMER.COM  Thu Dec  1 19:47:30 2005
From: dave.list at PIXELHAMMER.COM (DAve)
Date: Thu Jan 12 21:31:20 2006
Subject: worm emails marked as possible spam
Message-ID: <mailman.17409.1137101480.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Jeff A. Earickson wrote:
> I don't subscribe to the Clam list so I don't know.  But the issue
> of Clam 0.87.1 not catching Sober.U on some types of operating
> systems (Solaris 9 in my case) seems to be a reoccurring topic
> on the MS list of late.  Clam 0.87.1 seems to work fine on some
> versions of UNIX (eg, Linux) but not others (Solaris, maybe BSD).
> The CVS code has fixed this, at least for me.

FreeBSD 5.3.1 and 5.4, the port version of ClamAV works correctly. 
Checking one of our AV Gateways,

clamscan -ri -v /local/spool/MailScanner/quarantine/20051201/
<SNIP>
/local/spool/MailScanner/quarantine/20051201/jB1JcAhB049490/mailtext.zip:
  Worm.Sober.U FOUND

----------- SCAN SUMMARY -----------
Known viruses: 41294
Engine version: 0.87.1
Scanned directories: 1032
Scanned files: 3112
Infected files: 1077
Data scanned: 257.75 MB
Time: 137.896 sec (2 m 17 s)

Last week began a 500% increase in captured viruses for us, mostly Sober 
varients.

DAve


> 
> Jeff Earickson
> Colby College
> 
> On Thu, 1 Dec 2005, IT Dept wrote:
> 
>> Date: Thu, 1 Dec 2005 10:48:40 -0800
>> From: IT Dept <itdept@FRACTALWEB.COM>
>> Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
>> To: MAILSCANNER@JISCMAIL.AC.UK
>> Subject: Re: worm emails marked as possible spam
>>
>> Jeff A. Earickson wrote:
>>
>>> This sounds like the problem of ClamAV not catching Sober.U/Sober-Z
>>> with ClamAV 0.87.1, check the list archives from earlier this week.
>>> I changed to the latest CVS version of Clam and the problem went
>>> away.  I'm totally baffled as to why Clam hasn't put out a new release
>>> to fix this nasty bug.
>>>
>>> Jeff Earickson
>>> Colby College
>>
>>
>> Jeff,
>>
>> I agree. This seems like EXACTLY what's happening. I haven't been over 
>> on the clamav list lately...what are people saying there about this 
>> issue?
>>
>> Cheers,
>> Chris

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dave.list at PIXELHAMMER.COM  Thu Dec  1 19:51:22 2005
From: dave.list at PIXELHAMMER.COM (DAve)
Date: Thu Jan 12 21:31:20 2006
Subject: Recurring abuser
Message-ID: <mailman.17410.1137101480.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Casey King wrote:
> My MailScanner boxes are still getting drilled with the Sober.Virus and
> spam (none which have made it through) from a single IP address.  I did
> a lookup on dnsstuff.com for the address {66.243.13.178} but made no
> headway on what to do about this.  What steps do I need to do in order
> to get this to stop?  I haven't seen a degridation in mail processing,
> but seeing over 150 Sober infected emails, and countless spam each day
> is a bit annoying.
> 

This might help track down a contact address,
http://www.senderbase.org/search?searchString=66.243.13.178

  I would block them at your sendmail access file for the time being.

DAve

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From taz at TAZ-MANIA.COM  Thu Dec  1 20:03:26 2005
From: taz at TAZ-MANIA.COM (Dennis Willson)
Date: Thu Jan 12 21:31:20 2006
Subject: GreyListing experiences
Message-ID: <mailman.17411.1137101480.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "windows-1252" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Yes, I have sendmail/MailScanner/ClamAV/mailwatch/milter-greylist on CentOS4.1 running on two mail hubs and they have been working 
well for some time now. The greylisting did wonders and wouldn't want to be without it. Milter-greylist communicates with its peers 
to keep its lists updated.

Dennis

Mailing List wrote:
> Hi
> 
>  
> 
> Did anyone implemented a greylisting product on a multiSite 
> configuration (I mean MailScanner/SA split on more than one server)  ?
> 
>  
> 
> We're searching for a reliable product providing greylisting for a multi 
> server Topology. But the BD will have to be share on something as MySQL^Å
> 
>  
> 
> JF
> 
>  
> 
> IF you wan to see a funny AntiSpam company Christmas card,  take a look 
> at http://www.lastspam.com/main_noel.php?ref=113   lol
> 
>  
> 
>  
> 
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> *Support MailScanner development - buy the book off the website!*
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> *Support MailScanner development - buy the book off the website!*

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From drew at THEMARSHALLS.CO.UK  Thu Dec  1 20:05:14 2005
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:31:20 2006
Subject: worm emails marked as possible spam
Message-ID: <mailman.17412.1137101480.24926.mailscanner@lists.mailscanner.info>

On 1 Dec 2005, at 19:19, Jeff A. Earickson wrote:

> I don't subscribe to the Clam list so I don't know.  But the issue
> of Clam 0.87.1 not catching Sober.U on some types of operating
> systems (Solaris 9 in my case) seems to be a reoccurring topic
> on the MS list of late.  Clam 0.87.1 seems to work fine on some
> versions of UNIX (eg, Linux) but not others (Solaris, maybe BSD).

FreeBSD works fine for me with clamavmodule (All from the ports tree)

Drew

-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From sailer at BNL.GOV  Thu Dec  1 19:57:18 2005
From: sailer at BNL.GOV (Tim Sailer)
Date: Thu Jan 12 21:31:20 2006
Subject: Recurring abuser
Message-ID: <mailman.17413.1137101480.24926.mailscanner@lists.mailscanner.info>

On Thu, Dec 01, 2005 at 02:51:22PM -0500, DAve wrote:
> Casey King wrote:
> >My MailScanner boxes are still getting drilled with the Sober.Virus and
> >spam (none which have made it through) from a single IP address.  I did
> >a lookup on dnsstuff.com for the address {66.243.13.178} but made no
> >headway on what to do about this.  What steps do I need to do in order
> >to get this to stop?  I haven't seen a degridation in mail processing,
> >but seeing over 150 Sober infected emails, and countless spam each day
> >is a bit annoying.
> >
> 
> This might help track down a contact address,
> http://www.senderbase.org/search?searchString=66.243.13.178
> 
>  I would block them at your sendmail access file for the time being.

On my Linux boxes running MS, I use Vispan. From the web interface:

Temporary Spam / Virus Source Blocks- (total 6305)

Level 1 - 5463 ; Level 2 - 425 ; Level 3 - 254 ; Level 4 - 163 ; 

Repeat offenders get bumped to the next level, and have the IPTables
block for a longer period of time. It's very effective.

Tim

http://www.while.homeunix.net/mailstats/

-- 
Tim Sailer <sailer@bnl.gov> 
Information and Special Technologies Program
Office of Counterintelligence 
Brookhaven National Laboratory  (631) 344-3001

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Thu Dec  1 20:10:58 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:20 2006
Subject: MailScanner ANNOUNCE: 4.48 released
Message-ID: <mailman.17414.1137101480.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sorry about that, fixed now.

Nigel kendrick wrote:

>Sorry guys - forgot to run upgrade_MailScanner_conf (yeah, pillock!)
>
>Mind you - now I have...
>
>Dec  1 14:36:31 chichester MailScanner[12720]: MailScanner E-Mail Virus
>Scanner version 4.48.4 starting... 
>Dec  1 14:36:32 chichester MailScanner[12720]: Could not read file
>/etc/MailScanner/reports/en/rejection.report.txt 
>Dec  1 14:36:32 chichester MailScanner[12720]: Error in line 865, file
>"/etc/MailScanner/reports/en/rejection.report.txt" for rejectionreport does
>not exist (or can not be read) 
>
>I have created the file and we seem to be starting up now. 
>
>(This is from the RedHat rpm install)
>
>Nigel
>
>-----Original Message-----
>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
>Of Martin Hepworth
>Sent: 01 December 2005 13:59
>To: MAILSCANNER@JISCMAIL.AC.UK
>Subject: Re: MailScanner ANNOUNCE: 4.48 released
>
>Looks like you've not upgrade properly.
>
>That setting was commented out when I ran the upgrade_MailScanner_conf
>script.
>
>How did you upgrade?
>
>--
>Martin Hepworth
>Snr Systems Administrator
>Solid State Logic
>Tel: +44 (0)1865 842300
>
>  
>
>>-----Original Message-----
>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On 
>>Behalf Of Nigel kendrick
>>Sent: 01 December 2005 13:47
>>To: MAILSCANNER@JISCMAIL.AC.UK
>>Subject: Re: [MAILSCANNER] MailScanner ANNOUNCE: 4.48 released
>>
>>Dec  1 13:44:29 chichester MailScanner[12403]: MailScanner E-Mail 
>>Virus Scanner version 4.48.4 starting...
>>Dec  1 13:44:29 chichester MailScanner[12403]: Syntax error(s) in 
>>configuration file:
>>Dec  1 13:44:29 chichester MailScanner[12403]: Unrecognised keyword 
>>"spamassassinprefsfile" at line 1399 Dec  1 13:44:29 chichester 
>>MailScanner[12403]: Aborting due to syntax errors in 
>>/etc/MailScanner/MailScanner.conf.
>>
>>??
>>
>>Nigel
>>
>>------------------------ MailScanner list ------------------------ To 
>>unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and the 
>>archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>Support MailScanner development - buy the book off the website!
>>    
>>
>
>
>**********************************************************************
>
>This email and any files transmitted with it are confidential and intended
>solely for the use of the individual or entity to whom they are addressed.
>If you have received this email in error please notify the system manager.
>
>This footnote confirms that this email message has been swept
>for the presence of computer viruses and is believed to be clean.	
>
>**********************************************************************
>
>------------------------ MailScanner list ------------------------ To
>unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and the
>archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>  
>

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQA/AwUBQ49Y0xH2WUcUFbZUEQKidACgguQkVjUY5zjtyBDRsrEMtP9QOuIAn1yZ
ZrAEvAZ1BdDYqNgTYkLbt6g+
=LH0+
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From itdept at FRACTALWEB.COM  Thu Dec  1 20:34:17 2005
From: itdept at FRACTALWEB.COM (IT Dept)
Date: Thu Jan 12 21:31:20 2006
Subject: worm emails marked as possible spam
Message-ID: <mailman.17415.1137101480.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

IT Dept wrote:

> Jeff,
>
> I agree. This seems like EXACTLY what's happening. I haven't been over 
> on the clamav list lately...what are people saying there about this 
> issue?
>
> Cheers,
> Chris

Hi Jeff and all,

I take back what I said. I have checked by logging in via ssh and 
visiting the message quarantine dir and typing "clamscan *" and it does 
indeed find Sober.U.

So, back to MailScanner then...Why, if a message is not being tagged as 
"high spam" would the message appear to not be scanned for viruses? What 
happens first, a blocked file or the virus scan? My guess is that 
because the file is blocked (we don't allow .exe files ever), 
MailScanner is not sending the file to be scanned for viruses; as a 
result my users are being deluged with bad content messages...sometimes 
over a hundred a day. Is there a way to change this, other than allowing 
.exe files?

Thanks,
Chris

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From itdept at FRACTALWEB.COM  Thu Dec  1 20:38:38 2005
From: itdept at FRACTALWEB.COM (IT Dept)
Date: Thu Jan 12 21:31:20 2006
Subject: bayes fails learning, but only sometimes
Message-ID: <mailman.17416.1137101480.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Glenn Steen wrote:

>Could you give the output from
>ls -la /etc/MailScanner/bayes
>.... just to rule out any permission issues ... Oh yeah, what is (if
>at all) bayes_file_mode set to?
>  
>
Hi Glenn,

Sure:

-rwxrwxrwt    1 root     apache       2064 Dec  4  2004 bayes_journal
-rwxrwxrwt    1 root     apache         52 Dec 20  2003 bayes_msgcount
-rwxrwxrwt    1 root     apache   42049536 Dec  4  2004 bayes_seen
-rwxrwxrwt    1 root     apache    5320704 Dec  4  2004 bayes_toks
-rwxrwxrwt    1 root     apache       1338 Dec  1 12:35 .mutex
-rwxrwxrwt    1 root     apache   82595840 Dec  1 12:35 _seen
-rw-rw----    1 root     apache    2781184 Dec  1 12:35 _toks

Does this help? Do I need to change anything?

Thanks,
Chris

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From scevans at CALPOLY.EDU  Thu Dec  1 20:29:18 2005
From: scevans at CALPOLY.EDU (Steve Evans)
Date: Thu Jan 12 21:31:20 2006
Subject: Exim Install
Message-ID: <mailman.17417.1137101480.24926.mailscanner@lists.mailscanner.info>

I'm trying to install MailScanner with exim for the first time.  Here is
a list of the steps I have taken.
 
Install MailScanner (no problems)
Copied /etc/exim.conf to /etc/exim_scanned.conf
Added these lines to /etc/exim.conf
    spool_directory = /var/spool/exim_incoming
    queue_only = true
 
Then down in the routers config section of /etc/exim.conf I added
    defer_router:
        driver = manualroute
        route_list = * 127.0.0.1 byname
        self = defer
        verify = false
 
In MailScanner.conf I modified these lines
    Incoming Queue Dir = /var/spool/exim_incoming/input/
    Outgoing Queue Dir = /var/spool/exim/input/
    MTA = exim
    Sendmail = /usr/sbin/exim
    Sendmail2 = /usr/sbin/exim -C /etc/exim_scanned.conf
 
Modified the file /etc/sysconfig/MailScanner
    EXIM=/usr/sbin/exim
    EXIMINCF=/etc/exim/exim.conf
    EXIMSENDCF=/etc/exim/exim_scanned.conf
 
My two queue directories have the permissions of
    drwxr-x---   5 mailnull mail 4096 Jul 22  2004 exim/
    drwxr-x---   5 mailnull mail 4096 Nov 30 15:45 exim_incoming/
 
    (note:  I didn't touch the exim folder, just the exim_incoming)
 
Then I do a service exim stop and a service MailScanner start.
 
The mail comes into /var/spool/exim_incoming but nothing happens after
that.  It just stacks up there.  If I stop MailScanner, change back the
exim.conf file, and start exim mail flows as normal.  If I change the
exim.conf file to only specify a new spool directory everything works
fine.  So I"m pretty sure I have my queues set up correctly.  Obviously
though MailScanner doesn't scan the mail if I do that.
 
Can someone tell me what I'm missing?
 
Steve Evans
805-756-7517
 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From ssilva at SGVWATER.COM  Thu Dec  1 20:26:19 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:20 2006
Subject: Why is MS doing spam checks first?
Message-ID: <mailman.17418.1137101480.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Ed Bruce spake the following on 12/1/2005 11:46 AM:
> Scott Silva wrote:
> 
>>Ed Bruce spake the following on 12/1/2005 6:13 AM:
>>  
>>
>>>Remco Barendse wrote:
>>>
>>>    
>>>
>>>>You are excused ;)
>>>>
>>>>But I think that the last few months SpamAss has turned out to be more
>>>>of a cpu+mem hog than any other check you would be doing on an e-mail.
>>>>
>>>>I think that any virusscanner will have scanned the average message in
>>>>less than half a second wheras SpamAss is taking several seconds at least
>>>>
>>>>Sorry if my message was unclear but maybe it's time to switch priorities?
>>>>      
>>>>
>>>But its still true that the majority of the email we receive is spam.
>>>I'm guessing this is still true for the majority of users of MS.
>>>
>>>But I would prefer, for personal reasons, to have virus scanning first.
>>>
>>>    
>>>
>>IF you must have virus scanning first, you could use mimedefang or
>>clamav milter and scan for viruses first. But you will probably have
>>more load, not less.
>>
>>  
>>
> 
> Load is not a problem, only processing about 2-3k msgs/day. More of the
> way I configured MS to Work with Mailwatch so I can release msg from
> quarantine. I now have infected emails in the spam directory. I've just
> made sure that email from 127.0.0.1 is virus scanned to stop them. But
> by scanning for viruses first then infected emails are not identified as
> SPAM only with no indication that they are infected.
Did you try the following in MailScanner.conf?

# Do you want to stop any virus-infected spam getting into the spam or MCP
# archives? If you have a system where users can release messages from the
# spam or MCP archives, then you probably want to stop them being able to
# release any infected messages, so set this to yes.
# It is set to no by default as it causes a small hit in performance, and
# many people don't allow users to access the spam quarantine, so don't
# need it.
# This can also be the filename of a ruleset.
Keep Spam And MCP Archive Clean = yes


-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From itdept at FRACTALWEB.COM  Thu Dec  1 20:43:21 2005
From: itdept at FRACTALWEB.COM (IT Dept)
Date: Thu Jan 12 21:31:20 2006
Subject: bayes fails learning, but only sometimes
Message-ID: <mailman.17419.1137101480.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Matt Kettler wrote:

>I assume you've got a bayes_path statement in one of your configs, since it's
>pointing everything to /etc/MailScanner/bayes/
>
>Obviously sa-learn is seeing this too.
>
>questions:
>
>1) do you have bayes_file_mode 0777? (global bayes DBs are unfortunately not
>practical unless it's world rw. Since the mode is really a mask and gets used
>for directories, it needs the 'x' bit as well)
>
>
>2) do you have lock_method flock in spam.assassin.prefs.conf? Is there a
>matching one in /etc/mail/spamassassin/*.cf? (sa-learn needs to use the same
>lock_method as the SA inside MailScanner)
>  
>
Hi Matt,

# grep bayes_file_mode *
spam.assassin.prefs.conf:bayes_file_mode            0666

# grep lock_method *
spam.assassin.prefs.conf:lock_method flock

And:

# pwd
/etc/mail/spamassassin
# grep lock_method *
local.cf:lock_method flock
mailscanner.cf:lock_method flock

Cheers,
Chris

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mkettler at EVI-INC.COM  Thu Dec  1 20:48:40 2005
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:31:20 2006
Subject: bayes fails learning, but only sometimes
Message-ID: <mailman.17420.1137101480.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

IT Dept wrote:

> Hi Matt,
> 
> # grep bayes_file_mode *
> spam.assassin.prefs.conf:bayes_file_mode            0666

That's bad.. you should fix it to 0777.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ebruce at HPMICH.COM  Thu Dec  1 21:14:10 2005
From: ebruce at HPMICH.COM (Ed Bruce)
Date: Thu Jan 12 21:31:20 2006
Subject: Why is MS doing spam checks first?
Message-ID: <mailman.17421.1137101480.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Scott Silva wrote:

 Ed Bruce spake the following on 12/1/2005 11:46 AM:
  

 Scott Silva wrote:

    

 Ed Bruce spake the following on 12/1/2005 6:13 AM:
 

      

 Remco Barendse wrote:

   

        

 You are excused ;)

But I think that the last few months SpamAss has turned out to be more
of a cpu+mem hog than any other check you would be doing on an e-mail.

I think that any virusscanner will have scanned the average message in
less than half a second wheras SpamAss is taking several seconds at least

Sorry if my message was unclear but maybe it's time to switch priorities?
     

          

 But its still true that the majority of the email we receive is spam.
I'm guessing this is still true for the majority of users of MS.

But I would prefer, for personal reasons, to have virus scanning first.

   

        

 IF you must have virus scanning first, you could use mimedefang or
clamav milter and scan for viruses first. But you will probably have
more load, not less.

 

      

 Load is not a problem, only processing about 2-3k msgs/day. More of the
way I configured MS to Work with Mailwatch so I can release msg from
quarantine. I now have infected emails in the spam directory. I've just
made sure that email from 127.0.0.1 is virus scanned to stop them. But
by scanning for viruses first then infected emails are not identified as
SPAM only with no indication that they are infected.
    

 Did you try the following in MailScanner.conf?

# Do you want to stop any virus-infected spam getting into the spam or MCP
# archives? If you have a system where users can release messages from the
# spam or MCP archives, then you probably want to stop them being able to
# release any infected messages, so set this to yes.
# It is set to no by default as it causes a small hit in performance, and
# many people don't allow users to access the spam quarantine, so don't
# need it.
# This can also be the filename of a ruleset.
Keep Spam And MCP Archive Clean = yes


  

Sure did and I was not able to release quarantined email using Mailwatch
unless I set it to no ??? I'm guessing I may have something else
configured wrong???

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From sean at NISD.NET  Thu Dec  1 21:22:28 2005
From: sean at NISD.NET (Sean Embry)
Date: Thu Jan 12 21:31:20 2006
Subject: Recurring abuser
Message-ID: <mailman.17422.1137101480.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

>>> dave.list@PIXELHAMMER.COM 12/1/2005 1:51:22 PM >>>
Casey King wrote:
> My MailScanner boxes are still getting drilled with the Sober.Virus and
> spam (none which have made it through) from a single IP address. I did
> a lookup on dnsstuff.com for the address {66.243.13.178} but made no
> headway on what to do about this. What steps do I need to do in order
> to get this to stop? I haven't seen a degridation in mail processing,
> but seeing over 150 Sober infected emails, and countless spam each day
> is a bit annoying.
iptables -I INPUT -s 66.243.13.178  -j DROP

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From maillists at CONACTIVE.COM  Thu Dec  1 21:31:17 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:20 2006
Subject: New feature: "Reject Message"
Message-ID: <mailman.17423.1137101480.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

The main problem I see with "Reject message" is that people will get a 
reject message that did not necessarily send the mail. F.i. the typical 
annoying virus rejection notice. Since the rejection is done after 
acceptance of the mail it will go back to the envelope sender and not 
rejected to the offending MTA.
Or do I misunderstand this setting?

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Thu Dec  1 21:13:45 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:20 2006
Subject: worm emails marked as possible spam
Message-ID: <mailman.17424.1137101480.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

IT Dept spake the following on 12/1/2005 12:34 PM:
> IT Dept wrote:
> 
>> Jeff,
>>
>> I agree. This seems like EXACTLY what's happening. I haven't been over
>> on the clamav list lately...what are people saying there about this
>> issue?
>>
>> Cheers,
>> Chris
> 
> 
> Hi Jeff and all,
> 
> I take back what I said. I have checked by logging in via ssh and
> visiting the message quarantine dir and typing "clamscan *" and it does
> indeed find Sober.U.
> 
> So, back to MailScanner then...Why, if a message is not being tagged as
> "high spam" would the message appear to not be scanned for viruses? What
> happens first, a blocked file or the virus scan? My guess is that
> because the file is blocked (we don't allow .exe files ever),
> MailScanner is not sending the file to be scanned for viruses; as a
> result my users are being deluged with bad content messages...sometimes
> over a hundred a day. Is there a way to change this, other than allowing
> .exe files?
> 
> Thanks,
> Chris
> 
AFAICR I think they are spam checked, virus scanned, and then run
through filename/type checks.
Maybe there is something in your silent viruses config missing like "all
viruses".


-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Thu Dec  1 21:31:18 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:20 2006
Subject: Why is MS doing spam checks first?
Message-ID: <mailman.17425.1137101480.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Remco Barendse wrote on         Thu, 1 Dec 2005 13:28:51 +0100:

> I would assume the zipfiles contain a virus / trojan, but why isn't MS 
> doing virus and filename checks first? It would save a lot of cpu cycles 
> on spamass which is putting more and more mail servers to a grinding halt

You can reject almost 100% of all viruses without even Mailscanner working. 
Just reject on MTA level based on zombie and DUHL RBL lists and/or use 
greylisting. The only viruses you will get are those bounced by real 
mailservers.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From KLekas at FOXRIVER.COM  Thu Dec  1 21:54:17 2005
From: KLekas at FOXRIVER.COM (Kosta Lekas)
Date: Thu Jan 12 21:31:20 2006
Subject: how to do a MaxMessageSize.rules?
Message-ID: <mailman.17426.1137101480.24926.mailscanner@lists.mailscanner.info>


I am looking to point my &#8220;Maximum Message Size&#8221; option to a
rule. I don&#8217;t see anything specific in Examples for constructing
this. Should I just follow the basic syntax like so:

 

# I want to allow 10MB for internal users and 5MB for everyone else

From:           10.0.                 10000000

FromOrTo:            default        5000000

 

 

Kosta

 


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From james at grayonline.id.au  Thu Dec  1 21:05:21 2005
From: james at grayonline.id.au (James Gray)
Date: Thu Jan 12 21:31:20 2006
Subject: Incoming attachments with multiple "." in the name
Message-ID: <mailman.17427.1137101480.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "windows-1252" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On Friday 02 December 2005 04:58, Scott Silva wrote:
> This isn't from clamav. This is from the filename checks in MailScanner.
> You could disable this, maybe dangerous maybe not, or get your users to
> use some other de-limiter like - or _ instead of a "dot". If you are
> using the filetype checks, you might get away with disabling this.

I've been thinking about what it would take to make a check using both the 
filename and filetype checks.  IOW, if the file is named "mydoc.txt.doc" and 
the filetype check yields it as something other than a word document, it gets 
quarantined etc.

The difficulty is that you'd need to construct a fairly extensive map of file 
extension<->file type.  That's a bit of a show-stopper, and difficult to 
maintain IMHO.  Not sure if it would be particularly useful, but figured I'd 
post my meandering thoughts here for comment.

Cheers,

James
-- 
It's not the fall that kills you, it's the landing.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Thu Dec  1 22:31:25 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:20 2006
Subject: GreyListing experiences
Message-ID: <mailman.17428.1137101480.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Dennis Willson wrote on         Thu, 1 Dec 2005 12:03:26 -0800:

> Yes, I have sendmail/MailScanner/ClamAV/mailwatch/milter-greylist on
> CentOS4.1 running on two mail hubs and 
> they have been working 
> well
> for some time now. The greylisting did wonders and wouldn't want to be
> without it.

I setup latest milter-greylist on one machine for testing only yesterday 
and I agree that it adds efficiency. I fear I will have to stop it from 
time to time, so that Bayes gets something to digest.
But I have a question. When I restart milter-greylist sendmail gets 
refused the socket connection. I found that I have to restart 
milter-greylist, sendmail and then milter-greylist again to stop this. How 
can this be avoided?

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Thu Dec  1 22:31:26 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:20 2006
Subject: bayes fails learning, but only sometimes
Message-ID: <mailman.17429.1137101480.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

IT Dept wrote on         Thu, 1 Dec 2005 12:38:38 -0800:

> -rwxrwxrwt    1 root     apache       2064 Dec  4  2004 bayes_journal 
> -rwxrwxrwt    1 root     apache         52 Dec 20  2003 bayes_msgcount 
> -rwxrwxrwt    1 root     apache   42049536 Dec  4  2004 bayes_seen 
> -rwxrwxrwt    1 root     apache    5320704 Dec  4  2004 bayes_toks 
> -rwxrwxrwt    1 root     apache       1338 Dec  1 12:35 .mutex 
> -rwxrwxrwt    1 root     apache   82595840 Dec  1 12:35 _seen 
> -rw-rw----    1 root     apache    2781184 Dec  1 12:35 _toks

There's something wrong in your config file. First, delete the first four 
files. Then rename the _* files to bayes_* and change the config 
accordingly, so that it uses them.
The rename fails because there's no "_journal" file. Not sure why, though.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Thu Dec  1 22:39:08 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:20 2006
Subject: bayes fails learning, but only sometimes
Message-ID: <mailman.17430.1137101480.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 01/12/05, Matt Kettler <mkettler@evi-inc.com> wrote:
> IT Dept wrote:
>
> > Hi Matt,
> >
> > # grep bayes_file_mode *
> > spam.assassin.prefs.conf:bayes_file_mode            0666
>
> That's bad.. you should fix it to 0777.
>

Yes, but is it that that is causing the file failure? I wonder...
Is the filesystem "starved" for space or inodes? Check with "df" (Not
@*nix  ATM, so you'll have to check the man-page if it doesn't report
inode consumption by default)...
Also, is the system otherwise healthy?
No errors in the system logs that look sinister?
If you're able to, running fsck on the filesystem in question wouldn't
be a bad idea either.

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Thu Dec  1 22:51:03 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:21 2006
Subject: bayes fails learning, but only sometimes
Message-ID: <mailman.17431.1137101480.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 01/12/05, Kai Schaetzl <maillists@conactive.com> wrote:
> IT Dept wrote on         Thu, 1 Dec 2005 12:38:38 -0800:
>
> > -rwxrwxrwt    1 root     apache       2064 Dec  4  2004 bayes_journal
> > -rwxrwxrwt    1 root     apache         52 Dec 20  2003 bayes_msgcount
> > -rwxrwxrwt    1 root     apache   42049536 Dec  4  2004 bayes_seen
> > -rwxrwxrwt    1 root     apache    5320704 Dec  4  2004 bayes_toks
> > -rwxrwxrwt    1 root     apache       1338 Dec  1 12:35 .mutex
> > -rwxrwxrwt    1 root     apache   82595840 Dec  1 12:35 _seen
> > -rw-rw----    1 root     apache    2781184 Dec  1 12:35 _toks
>
> There's something wrong in your config file. First, delete the first four
> files. Then rename the _* files to bayes_* and change the config
> accordingly, so that it uses them.
> The rename fails because there's no "_journal" file. Not sure why, though.
>
> Kai
>
> --
> Kai Schätzl, Berlin, Germany
> Get your web at Conactive Internet Services: http://www.conactive.com
> IE-Center: http://ie5.de & http://msie.winware.org
>
(Smacks fo4rhead) Of course! I should have seen that too.
Let me guess that the bayes_path is set to something like
"/etc/MailScanner/bayes/"? It should be "/etc/MailScanner/bayes/bayes"
(not a typo, the last "bayes" is part of the filename(s) created). Oh
well. Now that it's been eloquently pointed out by Kai, it's so very
obvious:-).

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Thu Dec  1 22:48:51 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:21 2006
Subject: bayes fails learning, but only sometimes
Message-ID: <mailman.17432.1137101481.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Glenn Steen spake the following on 12/1/2005 2:39 PM:
> On 01/12/05, Matt Kettler <mkettler@evi-inc.com> wrote:
> 
>>IT Dept wrote:
>>
>>
>>>Hi Matt,
>>>
>>># grep bayes_file_mode *
>>>spam.assassin.prefs.conf:bayes_file_mode            0666
>>
>>That's bad.. you should fix it to 0777.
>>
> 
> 
> Yes, but is it that that is causing the file failure? I wonder...
> Is the filesystem "starved" for space or inodes? Check with "df" (Not
> @*nix  ATM, so you'll have to check the man-page if it doesn't report
> inode consumption by default)...
> Also, is the system otherwise healthy?
> No errors in the system logs that look sinister?
> If you're able to, running fsck on the filesystem in question wouldn't
> be a bad idea either.
> 
> --
> -- Glenn
> email: glenn < dot > steen < at > gmail < dot > com
> work: glenn < dot > steen < at > ap1 < dot > se
> 
df -i for inodes.



-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From taz at TAZ-MANIA.COM  Thu Dec  1 23:10:31 2005
From: taz at TAZ-MANIA.COM (Dennis Willson)
Date: Thu Jan 12 21:31:21 2006
Subject: GreyListing experiences
Message-ID: <mailman.17433.1137101481.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I only have to restart milter-greylist, then sendmail. I don't have to do milter-greylist a second time.
I also find it's very rare that I have to restart milter-greylist. Since it checks its own config file every so often and 
automatically picks up any changes without having to restart it, I have had little reason to restart it.

Kai Schaetzl wrote:
> Dennis Willson wrote on         Thu, 1 Dec 2005 12:03:26 -0800:
> 
> 
>>Yes, I have sendmail/MailScanner/ClamAV/mailwatch/milter-greylist on
>>CentOS4.1 running on two mail hubs and 
>>they have been working 
>>well
>>for some time now. The greylisting did wonders and wouldn't want to be
>>without it.
> 
> 
> I setup latest milter-greylist on one machine for testing only yesterday 
> and I agree that it adds efficiency. I fear I will have to stop it from 
> time to time, so that Bayes gets something to digest.
> But I have a question. When I restart milter-greylist sendmail gets 
> refused the socket connection. I found that I have to restart 
> milter-greylist, sendmail and then milter-greylist again to stop this. How 
> can this be avoided?
> 
> Kai
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From itdept at FRACTALWEB.COM  Thu Dec  1 23:11:19 2005
From: itdept at FRACTALWEB.COM (IT Dept)
Date: Thu Jan 12 21:31:21 2006
Subject: bayes fails learning, but only sometimes
Message-ID: <mailman.17434.1137101481.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Scott Silva wrote:

>>Yes, but is it that that is causing the file failure? I wonder...
>>Is the filesystem "starved" for space or inodes? Check with "df" (Not
>>@*nix  ATM, so you'll have to check the man-page if it doesn't report
>>inode consumption by default)...
>>Also, is the system otherwise healthy?
>>No errors in the system logs that look sinister?
>>If you're able to, running fsck on the filesystem in question wouldn't
>>be a bad idea either.
>>    
>>
>df -i for inodes.
>  
>
Here's what I get:

# df -i
Filesystem            Inodes   IUsed   IFree IUse% Mounted on
/dev/hda2            4751360  756423 3994937   16% /
/dev/hda1              12048      49   11999    1% /boot
none                   60231       1   60230    1% /dev/shm

Chris

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Thu Dec  1 22:51:49 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:21 2006
Subject: bayes fails learning, but only sometimes
Message-ID: <mailman.17435.1137101481.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Kai Schaetzl spake the following on 12/1/2005 2:31 PM:
> IT Dept wrote on         Thu, 1 Dec 2005 12:38:38 -0800:
> 
> 
>>-rwxrwxrwt    1 root     apache       2064 Dec  4  2004 bayes_journal 
>>-rwxrwxrwt    1 root     apache         52 Dec 20  2003 bayes_msgcount 
>>-rwxrwxrwt    1 root     apache   42049536 Dec  4  2004 bayes_seen 
>>-rwxrwxrwt    1 root     apache    5320704 Dec  4  2004 bayes_toks 
>>-rwxrwxrwt    1 root     apache       1338 Dec  1 12:35 .mutex 
>>-rwxrwxrwt    1 root     apache   82595840 Dec  1 12:35 _seen 
>>-rw-rw----    1 root     apache    2781184 Dec  1 12:35 _toks
> 
> 
> There's something wrong in your config file. First, delete the first four 
> files. Then rename the _* files to bayes_* and change the config 
> accordingly, so that it uses them.
> The rename fails because there's no "_journal" file. Not sure why, though.
> 
> Kai
> 
The last two look like things were started today with the setting for
the bayes directory mising the second "bayes" entry.
IE... /etc/MailScanner/bayes/  instead of /etc/MailScanner/bayes/bayes

-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From itdept at FRACTALWEB.COM  Thu Dec  1 23:30:54 2005
From: itdept at FRACTALWEB.COM (IT Dept)
Date: Thu Jan 12 21:31:21 2006
Subject: bayes fails learning, but only sometimes
Message-ID: <mailman.17436.1137101481.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Glenn Steen wrote:

>(Smacks fo4rhead) Of course! I should have seen that too.
>Let me guess that the bayes_path is set to something like
>"/etc/MailScanner/bayes/"? It should be "/etc/MailScanner/bayes/bayes"
>(not a typo, the last "bayes" is part of the filename(s) created). Oh
>well. Now that it's been eloquently pointed out by Kai, it's so very
>obvious:-).
>  
>
Glenn,

You are exactly right. It was set to "/etc/MailScanner/bayes/" instead 
of "/etc/MailScanner/bayes/bayes". I've changed it now, and followed 
Kai's instructions also.

Now when I try to get the system to learn spam, I get the following 
error message:

SA Learn: error code 13 returned from sa-learn: bayes: lock: 14827 
cannot create lockfile /etc/MailScanner/bayes/bayes.mutex: Permission 
denied bayes: lock: 14827 cannot create lockfile 
/etc/MailScanner/bayes/bayes.mutex: Permission denied bayes 
expire_old_tokens: lock: 14827 cannot create lockfile 
/etc/MailScanner/bayes/bayes.mutex: Permission denied lock: 14827 cannot 
create lockfile /etc/MailScanner/bayes/bayes.mutex: Permission denied 
Learned from 0 message(s) (1 message(s) examined).

The dir looks like so:

# ls -la
total 59688
drwxrwxrwt    3 root     apache       8192 Dec  1 15:29 .
drwxr-xr-x    7 root     root         4096 Dec  1 15:13 ..
-rw-rw-rw-    1 root     root          864 Dec  1 15:29 bayes_journal
-rw-------    1 root     root           12 Dec  1 15:29 bayes.mutex
-rwxrwxrwt    1 root     apache   82612224 Dec  1 15:29 bayes_seen
-rw-rw----    1 root     apache    2781184 Dec  1 15:29 bayes_toks
-rwxrwxrwt    1 root     apache       1338 Dec  1 15:14 .mutex

Not sure what to do next.

Chris

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From peter.bonivart at LKPG.VISIT.SE  Thu Dec  1 23:29:28 2005
From: peter.bonivart at LKPG.VISIT.SE (Peter Bonivart)
Date: Thu Jan 12 21:31:21 2006
Subject: GreyListing experiences
Message-ID: <mailman.17437.1137101481.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Kai Schaetzl wrote:
> But I have a question. When I restart milter-greylist sendmail gets 
> refused the socket connection. I found that I have to restart 
> milter-greylist, sendmail and then milter-greylist again to stop this. How 
> can this be avoided?

That's probably because the greylist socket has to be available to 
sendmail at all times. Have you tried HUPing sendmail? Otherwise restart 
greylist first and then sendmail. If sendmail can't find greylist it 
will just complain and get on with it. No big problem.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From itdept at FRACTALWEB.COM  Thu Dec  1 23:45:35 2005
From: itdept at FRACTALWEB.COM (IT Dept)
Date: Thu Jan 12 21:31:21 2006
Subject: worm emails marked as possible spam
Message-ID: <mailman.17438.1137101481.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Scott Silva wrote:

>AFAICR I think they are spam checked, virus scanned, and then run
>through filename/type checks.
>Maybe there is something in your silent viruses config missing like "all
>viruses".
>  
>
This is from my mailscanner.conf file:

Silent Viruses = HTML-IFrame All-Viruses
Still Deliver Silent Viruses = no
Quarantine Silent Viruses = yes
Log Silent Viruses = no

Should I change something?

Chris

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Thu Dec  1 23:50:08 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:21 2006
Subject: bayes fails learning, but only sometimes
Message-ID: <mailman.17439.1137101481.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

IT Dept spake the following on 12/1/2005 3:30 PM:
> Glenn Steen wrote:
> 
>> (Smacks fo4rhead) Of course! I should have seen that too.
>> Let me guess that the bayes_path is set to something like
>> "/etc/MailScanner/bayes/"? It should be "/etc/MailScanner/bayes/bayes"
>> (not a typo, the last "bayes" is part of the filename(s) created). Oh
>> well. Now that it's been eloquently pointed out by Kai, it's so very
>> obvious:-).
>>  
>>
> Glenn,
> 
> You are exactly right. It was set to "/etc/MailScanner/bayes/" instead
> of "/etc/MailScanner/bayes/bayes". I've changed it now, and followed
> Kai's instructions also.
> 
> Now when I try to get the system to learn spam, I get the following
> error message:
> 
> SA Learn: error code 13 returned from sa-learn: bayes: lock: 14827
> cannot create lockfile /etc/MailScanner/bayes/bayes.mutex: Permission
> denied bayes: lock: 14827 cannot create lockfile
> /etc/MailScanner/bayes/bayes.mutex: Permission denied bayes
> expire_old_tokens: lock: 14827 cannot create lockfile
> /etc/MailScanner/bayes/bayes.mutex: Permission denied lock: 14827 cannot
> create lockfile /etc/MailScanner/bayes/bayes.mutex: Permission denied
> Learned from 0 message(s) (1 message(s) examined).
> 
> The dir looks like so:
> 
> # ls -la
> total 59688
> drwxrwxrwt    3 root     apache       8192 Dec  1 15:29 .
> drwxr-xr-x    7 root     root         4096 Dec  1 15:13 ..
> -rw-rw-rw-    1 root     root          864 Dec  1 15:29 bayes_journal
> -rw-------    1 root     root           12 Dec  1 15:29 bayes.mutex
> -rwxrwxrwt    1 root     apache   82612224 Dec  1 15:29 bayes_seen
> -rw-rw----    1 root     apache    2781184 Dec  1 15:29 bayes_toks
> -rwxrwxrwt    1 root     apache       1338 Dec  1 15:14 .mutex
> 
> Not sure what to do next.
> 
> Chris
> 
Your moving and renaming as root took possession of the files. Fix the
ownership of the files back to root:apache and chmod bayes.mutex to g+rw


-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From brent.addis at PRONET.CO.NZ  Thu Dec  1 23:52:38 2005
From: brent.addis at PRONET.CO.NZ (Brent Addis)
Date: Thu Jan 12 21:31:21 2006
Subject: Exim Install
Message-ID: <mailman.17440.1137101481.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

 From the looks of it, you are using exim3 (unless you are trying the 
exim3 config with exim4, which I don't believe works) , try starting off 
with exim4.

Steve Evans wrote:

> I'm trying to install MailScanner with exim for the first time.  Here 
> is a list of the steps I have taken.
>  
> Install MailScanner (no problems)
> Copied /etc/exim.conf to /etc/exim_scanned.conf
> Added these lines to /etc/exim.conf
>     spool_directory = /var/spool/exim_incoming
>     queue_only = true
>  
> Then down in the routers config section of /etc/exim.conf I added
>     defer_router:
>         driver = manualroute
>         route_list = * 127.0.0.1 byname
>         self = defer
>         verify = false
>  
> In MailScanner.conf I modified these lines
>     Incoming Queue Dir = /var/spool/exim_incoming/input/
>     Outgoing Queue Dir = /var/spool/exim/input/
>     MTA = exim
>     Sendmail = /usr/sbin/exim
>     Sendmail2 = /usr/sbin/exim -C /etc/exim_scanned.conf
>  
> Modified the file /etc/sysconfig/MailScanner
>     EXIM=/usr/sbin/exim
>     EXIMINCF=/etc/exim/exim.conf
>     EXIMSENDCF=/etc/exim/exim_scanned.conf
>  
> My two queue directories have the permissions of
>     drwxr-x---   5 mailnull mail 4096 Jul 22  2004 exim/
>     drwxr-x---   5 mailnull mail 4096 Nov 30 15:45 exim_incoming/
>  
>     (note:  I didn't touch the exim folder, just the exim_incoming)
>  
> Then I do a service exim stop and a service MailScanner start.
>  
> The mail comes into /var/spool/exim_incoming but nothing happens after 
> that.  It just stacks up there.  If I stop MailScanner, change back 
> the exim.conf file, and start exim mail flows as normal.  If I change 
> the exim.conf file to only specify a new spool directory everything 
> works fine.  So I"m pretty sure I have my queues set up correctly.  
> Obviously though MailScanner doesn't scan the mail if I do that.
>  
> Can someone tell me what I'm missing?
>  
> Steve Evans
> 805-756-7517
>  
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> *Support MailScanner development - buy the book off the website!*



-- 
Regards,

Brent Addis
Technical Account Manager
Pronet Internet NZ LTD

Mobile: 021 723 612


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, Text/X-VCARD (charset: UTF-8 "Internet-standard Unicode") ]
    [ (Name: "brent.addis.vcf")  13 lines. ]
    [ Unable to print this part. ]


From ssilva at SGVWATER.COM  Fri Dec  2 00:13:57 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:21 2006
Subject: worm emails marked as possible spam
Message-ID: <mailman.17441.1137101481.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

IT Dept spake the following on 12/1/2005 3:45 PM:
> Scott Silva wrote:
> 
>> AFAICR I think they are spam checked, virus scanned, and then run
>> through filename/type checks.
>> Maybe there is something in your silent viruses config missing like "all
>> viruses".
>>  
>>
> This is from my mailscanner.conf file:
> 
> Silent Viruses = HTML-IFrame All-Viruses
> Still Deliver Silent Viruses = no
> Quarantine Silent Viruses = yes
Change this to no unless you need to have virus samples to send to your
friends and family.


> Log Silent Viruses = no
Change this to yes to have the virus attempts logged.
> 
> Should I change something?
> 
> Chris
> 


-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Fri Dec  2 00:31:43 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:21 2006
Subject: bayes fails learning, but only sometimes
Message-ID: <mailman.17442.1137101481.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Scott Silva wrote on         Thu, 1 Dec 2005 14:51:49 -0800:

> The last two look like things were started today with the setting for 
> the bayes directory mising the second "bayes" entry.

Yes, but probably already for quite some time since the "correct" 
filenames date one year back. That's why I said to delete the other files.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From itdept at FRACTALWEB.COM  Fri Dec  2 00:48:54 2005
From: itdept at FRACTALWEB.COM (IT Dept)
Date: Thu Jan 12 21:31:21 2006
Subject: bayes fails learning, but only sometimes
Message-ID: <mailman.17443.1137101481.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Scott Silva wrote:

>Your moving and renaming as root took possession of the files. Fix the
>ownership of the files back to root:apache and chmod bayes.mutex to g+rw
>  
>
Scott,

Thanks. All done.

One curiosity left: why does bayes_journal keep appearing and 
disappearing? Is this normal behaviour?

Cheers,
Chris

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From KGoods at AIAINSURANCE.COM  Fri Dec  2 00:48:24 2005
From: KGoods at AIAINSURANCE.COM (Ken Goods)
Date: Thu Jan 12 21:31:21 2006
Subject: worm emails marked as possible spam
Message-ID: <mailman.17444.1137101481.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

IT Dept wrote:
> Scott Silva wrote:
> 
>> AFAICR I think they are spam checked, virus scanned, and then run
>> through filename/type checks. Maybe there is something in your
>> silent viruses config missing like "all viruses". 
>> 
>> 
> This is from my mailscanner.conf file:
> 
> Silent Viruses = HTML-IFrame All-Viruses
> Still Deliver Silent Viruses = no
> Quarantine Silent Viruses = yes
> Log Silent Viruses = no
> 
> Should I change something?
> 
> Chris
> 

Chris,
I was having the same exact problem until yesterday. I have the same
settings as you (above) and my users were never notified as long as the
filetype/name rules *and* the virus scanner caught them. Turns out in my
case *only* the filetype/name rules was hitting and I notify my users of
this in case they need to make other arrangements to get the file. Most
times it's because someone names a file thisdoc12.1.05.doc or something
idiotic like that.

I have my configuration set up to have MailScanner notify me of any blocked
mail regardless of why it   
was blocked (we don't have that many until this last worm). 

Here's an example of a bad filename notification:

The following e-mails were found to have: Bad Filename Detected

    Sender: hostmaster@amersel.com
IP Address: 216.38.219.115
 Recipient: user1@mydomain.com, user2@mydomain.com, user3@mydomain.com
   Subject: Registration Confirmation
 MessageID: jATLS02n030424
Quarantine: /var/spool/MailScanner/quarantine/20051129/jATLS02n030424
    Report: MailScanner: Executable DOS/Windows programs are dangerous in
email (File-packed_da.exe)
    Report: MailScanner: Executable DOS/Windows programs are dangerous in
email (File-packed_dataInfo.exe)
            MailScanner: Executable DOS/Windows programs are dangerous in
email (File-packed_da.exe)
            MailScanner: Executable DOS/Windows programs are dangerous in
email (File-packed_dataInfo.exe)

Full headers are: etc... etc...

These were not getting caught by ClamAV (my fault) and thus my users were
getting notified.

Now here's a sample after I fixed ClamAV (and added bitdefender just for
good measure):

The following e-mails were found to have: Bad Filename Detected : Virus
Detected

    Sender: postmaster@judicial.state.co.us
IP Address: 216.38.219.115
 Recipient: user1@mydomain.com, user2@mydomain.com, user3@mydomain.com
   Subject: Your_Password
 MessageID: jB19NTjG008286
Quarantine: /var/spool/MailScanner/quarantine/20051201/jB19NTjG008286
    Report: MailScanner: Executable DOS/Windows programs are dangerous in
email (File-packed_da.exe)
    Report: ClamAV: File-packed_dataInfo.exe contains Worm.Sober.U 
            Bitdefender: Found virus Win32.Sober.AD@mm in file
File-packed_dataInfo.exe
            MailScanner: Executable DOS/Windows programs are dangerous in
email (File-packed_dataInfo.exe)
            MailScanner: Executable DOS/Windows programs are dangerous in
email (File-packed_da.exe)
            ClamAV: File-packed_dataInfo.exe contains Worm.Sober.U 
            Bitdefender: Found virus Win32.Sober.AD@mm in file
File-packed_dataInfo.exe
            MailScanner: Executable DOS/Windows programs are dangerous in
email (File-packed_dataInfo.exe)
    Report: ClamAV: reg_pass.zip contains Worm.Sober.U 
            Bitdefender: Found virus Win32.Sober.AD@mm in file reg_pass.zip

Full headers are: etc... etc...

Since these are getting caught and I have those settings in MailScanner.conf
(as you do above) nobody but me is getting notified which is the way I like
it! :)

In my case I had two versions of ClamAV running on my machine and running
scanscan from the command line would use the newer version and catch the
viruses but MailScanner using the wrapper was using the older version and
wouldn't.

Thanks to the sharp eye (and much more experience) of Glenn Steen, the light
bulb finally went off. If you think there's any chance of this being your
problem take a look at the Antivirus woes... thread from yesterday.

Hope it helps,
Ken


Ken Goods
Network Administrator
AIA/CropUSA Insurance, Inc.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From itdept at FRACTALWEB.COM  Fri Dec  2 00:57:42 2005
From: itdept at FRACTALWEB.COM (IT Dept)
Date: Thu Jan 12 21:31:21 2006
Subject: worm emails marked as possible spam
Message-ID: <mailman.17445.1137101481.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Scott Silva wrote:

>I looked for one of these and got the following scores;
>
>3.50	BAYES_99	Bayesian spam probability is 99 to 100%
>2.17	DCC_CHECK	Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
>0.77	DIGEST_MULTIPLE	Message hits more than one network digest check
>0.20	DNS_FROM_RFC_ABUSE	Envelope sender in abuse.rfc-ignorant.org
>1.45	DNS_FROM_RFC_WHOIS	Envelope sender in whois.rfc-ignorant.org
>0.14	FORGED_RCVD_HELO	Received: contains a forged HELO
>1.61	MISSING_MIMEOLE	Message has X-MSMail-Priority, but no X-MimeOLE
>0.96	NO_REAL_NAME	From: does not include a real name
>2.70	PRIORITY_NO_NAME	Message has priority, but no user agent name
>1.50	RAZOR2_CF_RANGE_51_100	Razor2 gives confidence level above 50%
>1.50	RAZOR2_CF_RANGE_E4_51_100	Razor2 gives engine 4 confidence level
>above 50%
>0.50	RAZOR2_CHECK	Listed in Razor2 (http://razor.sf.net/)
>1.00	RCVD_IN_JAMM	Received via a relay in JAMMConsulting
>1.50	RCVD_IN_NJABL_DUL	NJABL: dialup sender did non-local SMTP
>2.05	RCVD_IN_SORBS_DUL	SORBS: sent directly from dynamic IP address
>1.38	SPF_SOFTFAIL	SPF: sender does not match SPF record (softfail)
>
>Spamassassin Score: 22.92
>
>
>Maybe you need some more tuning?
>  
>
Scott,

Not only do I likely need tuning, my spamassasin likely does as well. :-)

I'm running Bayes, DCC, Razor. My scores for this worm aren't nearly 
that high. Are you running custom rulesets as well? Other plugins?

Thanks,
Chris

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From itdept at FRACTALWEB.COM  Fri Dec  2 01:25:50 2005
From: itdept at FRACTALWEB.COM (IT Dept)
Date: Thu Jan 12 21:31:21 2006
Subject: worm emails marked as possible spam
Message-ID: <mailman.17446.1137101481.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Ken Goods wrote:

>In my case I had two versions of ClamAV running on my machine and running
>scanscan from the command line would use the newer version and catch the
>viruses but MailScanner using the wrapper was using the older version and
>wouldn't.
>
>Thanks to the sharp eye (and much more experience) of Glenn Steen, the light
>bulb finally went off. If you think there's any chance of this being your
>problem take a look at the Antivirus woes... thread from yesterday.
>  
>
Ken,

You may be on to something here. If I do:

# rpm -qa | grep -i clam
webppliance-clamav-frontend-3.7.1-10
clamav-0.65-4
webppliance-clamav-3.7.1-10

According to RPM, I have 0.65-4 of ClamAV installed, but from the shell, 
I get something different:

# clamscan --version
ClamAV 0.87.1/1200/Thu Dec  1 09:26:35 2005

Unfortunately, I don't have yesterday's threads (this mailbox got a bit 
overstuffed), so I missed a bunch. Any hints on how to resolve?

Thanks,
Chris

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From scevans at CALPOLY.EDU  Fri Dec  2 05:00:29 2005
From: scevans at CALPOLY.EDU (Steve Evans)
Date: Thu Jan 12 21:31:21 2006
Subject: Exim Install
Message-ID: <mailman.17447.1137101481.24926.mailscanner@lists.mailscanner.info>

I'm running exim 4.43 running on Fedora. 


Steve Evans
805-756-7517

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Brent Addis
Sent: Thursday, December 01, 2005 3:53 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Exim Install

 From the looks of it, you are using exim3 (unless you are trying the
exim3 config with exim4, which I don't believe works) , try starting off with exim4.

Steve Evans wrote:

> I'm trying to install MailScanner with exim for the first time.  Here 
> is a list of the steps I have taken.
>
> Install MailScanner (no problems)
> Copied /etc/exim.conf to /etc/exim_scanned.conf Added these lines to 
> /etc/exim.conf
>     spool_directory = /var/spool/exim_incoming
>     queue_only = true
>
> Then down in the routers config section of /etc/exim.conf I added
>     defer_router:
>         driver = manualroute
>         route_list = * 127.0.0.1 byname
>         self = defer
>         verify = false
>
> In MailScanner.conf I modified these lines
>     Incoming Queue Dir = /var/spool/exim_incoming/input/
>     Outgoing Queue Dir = /var/spool/exim/input/
>     MTA = exim
>     Sendmail = /usr/sbin/exim
>     Sendmail2 = /usr/sbin/exim -C /etc/exim_scanned.conf
>
> Modified the file /etc/sysconfig/MailScanner
>     EXIM=/usr/sbin/exim
>     EXIMINCF=/etc/exim/exim.conf
>     EXIMSENDCF=/etc/exim/exim_scanned.conf
>
> My two queue directories have the permissions of
>     drwxr-x---   5 mailnull mail 4096 Jul 22  2004 exim/
>     drwxr-x---   5 mailnull mail 4096 Nov 30 15:45 exim_incoming/
>
>     (note:  I didn't touch the exim folder, just the exim_incoming)
>
> Then I do a service exim stop and a service MailScanner start.
>
> The mail comes into /var/spool/exim_incoming but nothing happens after 
> that.  It just stacks up there.  If I stop MailScanner, change back 
> the exim.conf file, and start exim mail flows as normal.  If I change 
> the exim.conf file to only specify a new spool directory everything 
> works fine.  So I"m pretty sure I have my queues set up correctly.
> Obviously though MailScanner doesn't scan the mail if I do that.
>
> Can someone tell me what I'm missing?
>
> Steve Evans
> 805-756-7517
>
>
> ------------------------ MailScanner list ------------------------ To 
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and the 
> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> *Support MailScanner development - buy the book off the website!*



--
Regards,

Brent Addis
Technical Account Manager
Pronet Internet NZ LTD

Mobile: 021 723 612


------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From brent.addis at PRONET.CO.NZ  Fri Dec  2 06:15:23 2005
From: brent.addis at PRONET.CO.NZ (Brent Addis)
Date: Thu Jan 12 21:31:21 2006
Subject: Exim Install
Message-ID: <mailman.17448.1137101481.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

you'll need to use the exim4 setup then,

http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:exim:installation&s=exim+4 
has some about half way down I think

Steve Evans wrote:

>I'm running exim 4.43 running on Fedora. 
>
>
>Steve Evans
>805-756-7517
>
>-----Original Message-----
>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Brent Addis
>Sent: Thursday, December 01, 2005 3:53 PM
>To: MAILSCANNER@JISCMAIL.AC.UK
>Subject: Re: Exim Install
>
> From the looks of it, you are using exim3 (unless you are trying the
>exim3 config with exim4, which I don't believe works) , try starting off with exim4.
>
>Steve Evans wrote:
>
>  
>
>>I'm trying to install MailScanner with exim for the first time.  Here 
>>is a list of the steps I have taken.
>>
>>Install MailScanner (no problems)
>>Copied /etc/exim.conf to /etc/exim_scanned.conf Added these lines to 
>>/etc/exim.conf
>>    spool_directory = /var/spool/exim_incoming
>>    queue_only = true
>>
>>Then down in the routers config section of /etc/exim.conf I added
>>    defer_router:
>>        driver = manualroute
>>        route_list = * 127.0.0.1 byname
>>        self = defer
>>        verify = false
>>
>>In MailScanner.conf I modified these lines
>>    Incoming Queue Dir = /var/spool/exim_incoming/input/
>>    Outgoing Queue Dir = /var/spool/exim/input/
>>    MTA = exim
>>    Sendmail = /usr/sbin/exim
>>    Sendmail2 = /usr/sbin/exim -C /etc/exim_scanned.conf
>>
>>Modified the file /etc/sysconfig/MailScanner
>>    EXIM=/usr/sbin/exim
>>    EXIMINCF=/etc/exim/exim.conf
>>    EXIMSENDCF=/etc/exim/exim_scanned.conf
>>
>>My two queue directories have the permissions of
>>    drwxr-x---   5 mailnull mail 4096 Jul 22  2004 exim/
>>    drwxr-x---   5 mailnull mail 4096 Nov 30 15:45 exim_incoming/
>>
>>    (note:  I didn't touch the exim folder, just the exim_incoming)
>>
>>Then I do a service exim stop and a service MailScanner start.
>>
>>The mail comes into /var/spool/exim_incoming but nothing happens after 
>>that.  It just stacks up there.  If I stop MailScanner, change back 
>>the exim.conf file, and start exim mail flows as normal.  If I change 
>>the exim.conf file to only specify a new spool directory everything 
>>works fine.  So I"m pretty sure I have my queues set up correctly.
>>Obviously though MailScanner doesn't scan the mail if I do that.
>>
>>Can someone tell me what I'm missing?
>>
>>Steve Evans
>>805-756-7517
>>
>>
>>------------------------ MailScanner list ------------------------ To 
>>unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and the 
>>archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>*Support MailScanner development - buy the book off the website!*
>>    
>>
>
>
>
>--
>Regards,
>
>Brent Addis
>Technical Account Manager
>Pronet Internet NZ LTD
>
>Mobile: 021 723 612
>
>
>------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>  
>


-- 
Regards,

Brent Addis
Technical Account Manager
Pronet Internet NZ LTD

Mobile: 021 723 612


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, Text/X-VCARD (charset: UTF-8 "Internet-standard Unicode") ]
    [ (Name: "brent.addis.vcf")  13 lines. ]
    [ Unable to print this part. ]


From martinh at SOLID-STATE-LOGIC.COM  Fri Dec  2 08:57:36 2005
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:31:21 2006
Subject: Exim Install
Message-ID: <mailman.17449.1137101481.24926.mailscanner@lists.mailscanner.info>

Steve

Make sure there's something in the incoming spool

Put MailScanner into debug mode (edit MailScanner.conf and change both debug
values to yes).

Stop MailScanner

Run check_mailscanner

This will dump a load of debug to the screen and you should be able to see
whats happening (or not in your case)

--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Steve Evans
> Sent: 01 December 2005 20:29
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: [MAILSCANNER] Exim Install
> 
> I'm trying to install MailScanner with exim for the first time.  Here is a
> list of the steps I have taken.
> 
> Install MailScanner (no problems)
> Copied /etc/exim.conf to /etc/exim_scanned.conf
> Added these lines to /etc/exim.conf
>     spool_directory = /var/spool/exim_incoming
>     queue_only = true
> 
> Then down in the routers config section of /etc/exim.conf I added
>     defer_router:
>         driver = manualroute
>         route_list = * 127.0.0.1 byname
>         self = defer
>         verify = false
> 
> In MailScanner.conf I modified these lines
>     Incoming Queue Dir = /var/spool/exim_incoming/input/
>     Outgoing Queue Dir = /var/spool/exim/input/
>     MTA = exim
>     Sendmail = /usr/sbin/exim
>     Sendmail2 = /usr/sbin/exim -C /etc/exim_scanned.conf
> 
> Modified the file /etc/sysconfig/MailScanner
>     EXIM=/usr/sbin/exim
>     EXIMINCF=/etc/exim/exim.conf
>     EXIMSENDCF=/etc/exim/exim_scanned.conf
> 
> My two queue directories have the permissions of
>     drwxr-x---   5 mailnull mail 4096 Jul 22  2004 exim/
>     drwxr-x---   5 mailnull mail 4096 Nov 30 15:45 exim_incoming/
> 
>     (note:  I didn't touch the exim folder, just the exim_incoming)
> 
> Then I do a service exim stop and a service MailScanner start.
> 
> The mail comes into /var/spool/exim_incoming but nothing happens after
> that.  It just stacks up there.  If I stop MailScanner, change back the
> exim.conf file, and start exim mail flows as normal.  If I change the
> exim.conf file to only specify a new spool directory everything works
> fine.  So I"m pretty sure I have my queues set up correctly.  Obviously
> though MailScanner doesn't scan the mail if I do that.
> 
> Can someone tell me what I'm missing?
> 
> Steve Evans
> 805-756-7517
> 
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!



**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Fri Dec  2 09:24:20 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:21 2006
Subject: New feature: "Reject Message"
Message-ID: <mailman.17450.1137101481.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----

I agree that the feature could be mis-used, just like a lot of things  
in MailScanner. However, it was requested by a user who had a very  
specific set of circumstances for which he needed to be able to do this.

On 1 Dec 2005, at 21:31, Kai Schaetzl wrote:

> The main problem I see with "Reject message" is that people will get a
> reject message that did not necessarily send the mail. F.i. the  
> typical
> annoying virus rejection notice. Since the rejection is done after
> acceptance of the mail it will go back to the envelope sender and not
> rejected to the offending MTA.
> Or do I misunderstand this setting?
- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBQ5ASxvw32o+k+q+hAQGa0wf+LVLfDz4AGPFLzfMRTLxclLqyuHpcAhiD
Y91xJCj9tZnObtPESz9UlS0tM0tlPQ8tMa6wWFva5KYAATF+/xWqpjioIWu/mAZn
q33q/q80qvm/XXoj6eGfCtBx8/xIQj+D4HYgIbWE5bnaD0E3Montg+sy/77u0zwY
whquEudV8+mi8f48w+Ek+6TrpQ34OqKV0TFB+TtErKyeHmEEr16MSio1yQnHHuBI
l8iH5jZ+9rqDC7uZhnPWYcgGrugqfaQhD2k5/jzZ2xpZNJHt2AScQrB2nMeVGtce
0DqhSs7T1Wca4sDEiaapAHSslHqQXS4KPDduGU1Cxp4oQoKCe/ad+g==
=U5wf
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Fri Dec  2 09:55:01 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:21 2006
Subject: worm emails marked as possible spam
Message-ID: <mailman.17451.1137101481.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 02/12/05, IT Dept <itdept@fractalweb.com> wrote:
> Ken Goods wrote:
>
> >In my case I had two versions of ClamAV running on my machine and running
> >scanscan from the command line would use the newer version and catch the
> >viruses but MailScanner using the wrapper was using the older version and
> >wouldn't.
> >
> >Thanks to the sharp eye (and much more experience) of Glenn Steen, the light
> >bulb finally went off. If you think there's any chance of this being your
> >problem take a look at the Antivirus woes... thread from yesterday.
> >
> >
> Ken,
>
> You may be on to something here. If I do:
>
> # rpm -qa | grep -i clam
> webppliance-clamav-frontend-3.7.1-10
> clamav-0.65-4
> webppliance-clamav-3.7.1-10
>
> According to RPM, I have 0.65-4 of ClamAV installed, but from the shell,
> I get something different:
>
> # clamscan --version
> ClamAV 0.87.1/1200/Thu Dec  1 09:26:35 2005
>
> Unfortunately, I don't have yesterday's threads (this mailbox got a bit
> overstuffed), so I missed a bunch. Any hints on how to resolve?
>
> Thanks,
> Chris
>
Oooh, that's bad... Look at
http://comments.gmane.org/gmane.mail.virus.mailscanner/34158 (gmane is
your friend when in need of a good archive:-), where you'll see some
info on how to determine if MS is using the severely outdated clamav,
or not... Mainly look at the last column in virus.scanners.conf for
clamav, and compare that to the installed versions...

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From roger at RUDNICK.COM.BR  Fri Dec  2 10:15:38 2005
From: roger at RUDNICK.COM.BR (Roger Jochem)
Date: Thu Jan 12 21:31:21 2006
Subject: MailScanner ANNOUNCE: 4.48 released
Message-ID: <mailman.17452.1137101481.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I just upgraded and everything seems to be working fine...

Regards

Roger Jochem

----- Original Message ----- 
From: "Julian Field" <MailScanner@ECS.SOTON.AC.UK>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Thursday, December 01, 2005 8:16 AM
Subject: MailScanner ANNOUNCE: 4.48 released


> -----BEGIN PGP SIGNED MESSAGE-----
> 
> I have just released the December version of MailScanner, version 4.48.
> 
> Download it as usual from www.mailscanner.info
> 
> The major new features this month are:
> 
> - - The way spam.assassin.prefs.conf is used has changed.
>    **You don't have to worry about this, the install.sh scripts  
> handle it all for you.**
>    The file used to be effectively read by MailScanner specially as  
> SpamAssassin starts up, but there have been various problems with  
> this as it breaks the rules on what SpamAssassin settings can be in  
> what files. The file is now linked into the SpamAssassin directories  
> (/etc/mail/spamassassin on most Linux, for example). It is no longer  
> read specially by MailScanner, it is just read by SpamAssassin as  
> part of its normal startup.
> 
> - - There is a new "Reject Message" configuration option that can cause  
> some messages to be rejected and a rejection report sent back to the  
> original sender of the message. This is designed to be used with a  
> ruleset. Although you can easily configure your MTA (sendmail,  
> Postfix, etc) to do this for you, you only have 1 line to use as the  
> error message. Doing it in MailScanner allows you to send back a  
> polite well-formatted message that can explain to the sender what  
> happened and why. There is a matching "Rejection Report" setting that  
> will set the name and location of the report sent to the sender.
> 
> The full Change Log is this:
> 
> * New Features and Improvements *
> - - Added a new configuration option "Reject Message". This is designed  
> to be
>    used with a ruleset. Any message matching the ruleset will be  
> deleted and
>    the "rejection.report.txt" email message will be sent back to the  
> original
>    sender of the offending message. To save a copy of the message as  
> well as
>    reject it, use the "Archive Mail" setting.
> - - Rearranged SpamAssassin spam.assassin.prefs.conf file, it is now  
> read by
>    SpamAssassin via a link called "mailscanner.cf" in the site_rules  
> directory.
>    It is no longer read directly by MailScanner, it is just read by  
> Spam-
>    Assassin during its normal initialisation process.
> - - Enabled blocking of messages containing web bugs. Note this may  
> have some
>    false alarms, as a web bug is any image of 2x2 or smaller.
> - - Improved ClamAVmodule scanning by adding new suggestions from  
> ClamAV author.
> - - Changed ClamAV parser to not generate warning output when it sees  
> lines it
>    wasn't expected, as there are so many false positives that no-one  
> ever
>    looks at them anyway.
> - - Improved Sophos wrapper script to allow for EM library installations.
>    No support for Sophos V5.0 yet.
> - - Upgraded ClamAV to 0.87.1.
> - - Added HTML::Parser to the list of Perl modules installed by my  
> ClamAV+SA
>    package so it can be used separately from MailScanner, without  
> needing
>    MailScanner to be installed first.
> - - Improved Clam+SA package and other installation scripts to create  
> the soft-
>    link whenever possible.
> - - Rewritten comments at the top of spam.assassin.prefs.conf.
> - - Speed improvement changing &POSIX::WNOHANG to WNOHANG in sub Explode.
> 
> * Fixes *
> - - Added "report-type" MIME attribute to spam notification multipart/ 
> report
>    messages as the RFC says it should be there, and this lacking  
> caused a
>    problem in a few email apps. Thanks for Georg@hackt.net for this.
> - - Added missing ", 0777" from mkdir call in internal TNEF code.
> - - Fixed startup problems reading rulesets from LDAP on first message  
> batch.
> - - Subject lines are all MIME-decoded properly now.
> 
> - -- 
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.0.3 (Build 2932)
> 
> iQEVAwUBQ47Nlfw32o+k+q+hAQEnvwf9GR1dMgqFLSkMjpOJl1zAbLC9A7guGibk
> ZCWQ8bUjdDA3I5+QrtQWUOK6NaCqVqP+TFgOd4/ZNgr/qEeIaRU6q38wYja1ihrx
> yn0QTFLh99T1Bo307YHZQPOrdP3koPom6zKhqTGJT4EX+2ORU7WNN28r5OAR3MVl
> tb37/6QZcDc9+kw8d/rFU6RgYeyLeEmHTovuEjMnPGbZY9NKsWy5ydnJxznqoIpx
> 5JMtQhHUUENa+/tTjtjq38wDrXTHQ5LdtDJOSuvj10iWTbhjtA/aRSbOjwKhaUpN
> LxhWDFOv2dJx9uiWPj+2BQ8UEuwV43PVwcMoX0qLctrdI68zM3iKkA==
> =Rf9n
> -----END PGP SIGNATURE-----
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From res at AUSICS.NET  Fri Dec  2 10:23:14 2005
From: res at AUSICS.NET (Res)
Date: Thu Jan 12 21:31:21 2006
Subject: New feature: "Reject Message"
Message-ID: <mailman.17453.1137101481.24926.mailscanner@lists.mailscanner.info>

> On 1 Dec 2005, at 21:31, Kai Schaetzl wrote:
>
> The main problem I see with "Reject message" is that people will get a
> reject message that did not necessarily send the mail. F.i. the
> typical
> annoying virus rejection notice. Since the rejection is done after
> acceptance of the mail it will go back to the envelope sender and not
> rejected to the offending MTA.

well those using qmail 'n vpopmail wont have to worry about doubling the 
load, its nothing new as qmail annoyingly already does it this way by 
default :)

-- 
Cheers
Res

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Fri Dec  2 10:28:43 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:21 2006
Subject: New feature: "Reject Message"
Message-ID: <mailman.17454.1137101481.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 02/12/05, Julian Field <MailScanner@ecs.soton.ac.uk> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> I agree that the feature could be mis-used, just like a lot of things
> in MailScanner. However, it was requested by a user who had a very
> specific set of circumstances for which he needed to be able to do this.
>
I haven't looked at the latest (shame on me:), but if you have some
nice comments around it, mentioning the implications, it should be
fine... After all, it's not like you are _forcing_ us to use the
feature:-).

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Fri Dec  2 11:43:20 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:21 2006
Subject: MailScanner ANNOUNCE: 4.48 released
Message-ID: <mailman.17455.1137101481.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----

I hope you don't mind, I will publish this to the list for other  
people too.

What you need to do is this:

perl -MMail::SpamAssassin -e 'print Mail::SpamAssassin->new- 
 >first_existing_path(@Mail::SpamAssassin::site_rules_path)'
(all of that is on 1 line)

This will print out a directory name if you have SpamAssassin installed.
Say it prints out
	/etc/mail/spamassassin
and you have MailScanner installed in /usr/local/MailScanner, then  
you want to do
	ln -s -f /usr/local/MailScanner/etc/spam.assassin.prefs.conf /etc/ 
mail/spamassassin/mailscanner.cf
(again all on 1 line).

To put it a different way, say the perl command outputs directory SA,  
and your MailScanner etc directory is in directory MS, then you want to
	ln -s -f MS/spam.assassin.prefs.conf SA/mailscanner.cf


On 2 Dec 2005, at 11:36, Grigorios G. Papazoglou wrote:

> Hi Julian,
> since in my current installation is rather difficult (for me at the  
> moment) to use the install.sh script, could you please let me know  
> the necessary manual action (if I am to upgrade to 4.48) as far as  
> spam.assassin.prefs.conf is concerned?
> Thanks
>
> Julian Field wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> I have just released the December version of MailScanner, version  
>> 4.48.
>> Download it as usual from www.mailscanner.info
>> The major new features this month are:
>> - - The way spam.assassin.prefs.conf is used has changed.
>>    **You don't have to worry about this, the install.sh scripts   
>> handle it all for you.**
>>    The file used to be effectively read by MailScanner specially  
>> as  SpamAssassin starts up, but there have been various problems  
>> with  this as it breaks the rules on what SpamAssassin settings  
>> can be in  what files. The file is now linked into the  
>> SpamAssassin directories  (/etc/mail/spamassassin on most Linux,  
>> for example). It is no longer  read specially by MailScanner, it  
>> is just read by SpamAssassin as  part of its normal startup.
>> - - There is a new "Reject Message" configuration option that can  
>> cause  some messages to be rejected and a rejection report sent  
>> back to the  original sender of the message. This is designed to  
>> be used with a  ruleset. Although you can easily configure your  
>> MTA (sendmail,  Postfix, etc) to do this for you, you only have 1  
>> line to use as the  error message. Doing it in MailScanner allows  
>> you to send back a  polite well-formatted message that can explain  
>> to the sender what  happened and why. There is a matching  
>> "Rejection Report" setting that  will set the name and location of  
>> the report sent to the sender.
>> The full Change Log is this:
>> * New Features and Improvements *
>> - - Added a new configuration option "Reject Message". This is  
>> designed  to be
>>    used with a ruleset. Any message matching the ruleset will be   
>> deleted and
>>    the "rejection.report.txt" email message will be sent back to  
>> the  original
>>    sender of the offending message. To save a copy of the message  
>> as  well as
>>    reject it, use the "Archive Mail" setting.
>> - - Rearranged SpamAssassin spam.assassin.prefs.conf file, it is  
>> now  read by
>>    SpamAssassin via a link called "mailscanner.cf" in the  
>> site_rules  directory.
>>    It is no longer read directly by MailScanner, it is just read  
>> by  Spam-
>>    Assassin during its normal initialisation process.
>> - - Enabled blocking of messages containing web bugs. Note this  
>> may  have some
>>    false alarms, as a web bug is any image of 2x2 or smaller.
>> - - Improved ClamAVmodule scanning by adding new suggestions from   
>> ClamAV author.
>> - - Changed ClamAV parser to not generate warning output when it  
>> sees  lines it
>>    wasn't expected, as there are so many false positives that no- 
>> one  ever
>>    looks at them anyway.
>> - - Improved Sophos wrapper script to allow for EM library  
>> installations.
>>    No support for Sophos V5.0 yet.
>> - - Upgraded ClamAV to 0.87.1.
>> - - Added HTML::Parser to the list of Perl modules installed by  
>> my  ClamAV+SA
>>    package so it can be used separately from MailScanner, without   
>> needing
>>    MailScanner to be installed first.
>> - - Improved Clam+SA package and other installation scripts to  
>> create  the soft-
>>    link whenever possible.
>> - - Rewritten comments at the top of spam.assassin.prefs.conf.
>> - - Speed improvement changing &POSIX::WNOHANG to WNOHANG in sub  
>> Explode.
>> * Fixes *
>> - - Added "report-type" MIME attribute to spam notification  
>> multipart/ report
>>    messages as the RFC says it should be there, and this lacking   
>> caused a
>>    problem in a few email apps. Thanks for Georg@hackt.net for this.
>> - - Added missing ", 0777" from mkdir call in internal TNEF code.
>> - - Fixed startup problems reading rulesets from LDAP on first  
>> message  batch.
>> - - Subject lines are all MIME-decoded properly now.
>> - -- Julian Field
>> www.MailScanner.info
>> Buy the MailScanner book at www.MailScanner.info/store
>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>> -----BEGIN PGP SIGNATURE-----
>> Version: PGP Desktop 9.0.3 (Build 2932)
>> iQEVAwUBQ47Nlfw32o+k+q+hAQEnvwf9GR1dMgqFLSkMjpOJl1zAbLC9A7guGibk
>> ZCWQ8bUjdDA3I5+QrtQWUOK6NaCqVqP+TFgOd4/ZNgr/qEeIaRU6q38wYja1ihrx
>> yn0QTFLh99T1Bo307YHZQPOrdP3koPom6zKhqTGJT4EX+2ORU7WNN28r5OAR3MVl
>> tb37/6QZcDc9+kw8d/rFU6RgYeyLeEmHTovuEjMnPGbZY9NKsWy5ydnJxznqoIpx
>> 5JMtQhHUUENa+/tTjtjq38wDrXTHQ5LdtDJOSuvj10iWTbhjtA/aRSbOjwKhaUpN
>> LxhWDFOv2dJx9uiWPj+2BQ8UEuwV43PVwcMoX0qLctrdI68zM3iKkA==
>> =Rf9n
>> -----END PGP SIGNATURE-----
>
> -- 
> Grigorios G. Papazoglou
> System Administrator
> Faculty of Medicine
> University of Crete
> Heraklion 710 03
> GREECE
> Telephone: +30 (281) 0394748
> E-mail: grp@med.uoc.gr

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBQ5AzW/w32o+k+q+hAQF3Vwf9Gf0DVbIOuFh3NG1IEu3UZ3T+8P5ALhXk
ArPpLJUkTHtQd+GO5jaNNwokdobExIfnWzzMtJZP4dW582W9qRWMghIFg/bIti66
t733OhwylSoLJylAWtYEwTsKw7tzdxI5G6uSkMGXsHFUdO/78y89g35wt6+TpakF
pDt5TVzLzwKdp87sXdTwkEOQXUuqagJ1kYmfxK75rWRIcWMwpNCEq9CuBaNA9ySI
R2k+GW829czLEhXWX+vQPrRRtWmmeszlj1V+EDTxxK3Zfj+/AhGVpzC/Pzt62wP/
5c+FGl3p9z1MeYPeXdaDiawCHdSLAPAOsz7xm00H35wEt6SJukjpzg==
=ng5k
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mailscanner at BARENDSE.TO  Fri Dec  2 11:49:30 2005
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:31:21 2006
Subject: Need additional plug-in for ok_languages??
Message-ID: <mailman.17456.1137101481.24926.mailscanner@lists.mailscanner.info>

Hi list!

Are there any changes to the plug-ins list for SpamAss. 3.1 and 
ok_languages? I used to be running this without problems but now my lint 
fails on it:

***NOTICE***: spamassassin --lint failed.  This means that you have an 
error somwhere in your SpamAssassin configuration.  To determine what the 
problem is, please run 'spamassassin --lint' from a shell and notice the 
error messages it prints.  For more (debug) information, add the -D switch 
to the command.  Usually the problem will be found in local.cf, 
user_prefs, or some custom rulelset found in /etc/mail/spamassassin.  Here 
are the errors that 'spamassassin --lint' reported:

[23414] warn: config: failed to parse, now a plugin, skipping: 
ok_languages__af am ar be bg bs ca cs cy da de el en eo es et eu fa fi fr 
fy ga gd he hi hr hu hy id is it ja ka ko la lt lv mr ms ne nl no pl pt qu 
rm ro ru sa sco sk sl sq sr sv sw ta th tl tr uk vi yi


This is from a box I upgraded from SA 3.00??

Thanks!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Carl.Boberg at NRM.SE  Fri Dec  2 12:15:52 2005
From: Carl.Boberg at NRM.SE (Carl Boberg)
Date: Thu Jan 12 21:31:21 2006
Subject: Need additional plug-in for ok_languages??
Message-ID: <mailman.17457.1137101481.24926.mailscanner@lists.mailscanner.info>

Not shure if this might help but what about:
ok_languages All

/ Carl

> -----Original Message-----
> From: MailScanner mailing list 
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Remco Barendse
> Sent: den 2 december 2005 12:50
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Need additional plug-in for ok_languages??
> 
> Hi list!
> 
> Are there any changes to the plug-ins list for SpamAss. 3.1 
> and ok_languages? I used to be running this without problems 
> but now my lint fails on it:
> 
> ***NOTICE***: spamassassin --lint failed.  This means that 
> you have an error somwhere in your SpamAssassin 
> configuration.  To determine what the problem is, please run 
> 'spamassassin --lint' from a shell and notice the error 
> messages it prints.  For more (debug) information, add the -D 
> switch to the command.  Usually the problem will be found in 
> local.cf, user_prefs, or some custom rulelset found in 
> /etc/mail/spamassassin.  Here are the errors that 
> 'spamassassin --lint' reported:
> 
> [23414] warn: config: failed to parse, now a plugin, skipping: 
> ok_languages__af am ar be bg bs ca cs cy da de el en eo es et 
> eu fa fi fr fy ga gd he hi hr hu hy id is it ja ka ko la lt 
> lv mr ms ne nl no pl pt qu rm ro ru sa sco sk sl sq sr sv sw 
> ta th tl tr uk vi yi
> 
> 
> This is from a box I upgraded from SA 3.00??
> 
> Thanks!
> 
> ------------------------ MailScanner list 
> ------------------------ To unsubscribe, email 
> jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) 
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mailscanner at BARENDSE.TO  Fri Dec  2 12:43:08 2005
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:31:21 2006
Subject: Need additional plug-in for ok_languages??
Message-ID: <mailman.17458.1137101481.24926.mailscanner@lists.mailscanner.info>

but I don't want all languages, I want everything but the chinese spam :)


On Fri, 2 Dec 2005, Carl Boberg wrote:

> Not shure if this might help but what about:
> ok_languages All
>
> / Carl

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From martelm at QUARK.VSC.EDU  Fri Dec  2 12:58:51 2005
From: martelm at QUARK.VSC.EDU (Michael H. Martel)
Date: Thu Jan 12 21:31:21 2006
Subject: X-MailScanner-From field is blank
Message-ID: <mailman.17459.1137101481.24926.mailscanner@lists.mailscanner.info>

Greetings!

I've got an oddity here.  When I get bounces from one or more of our 
Exchange servers the X-MailScanner-From: field is blank.  This makes it 
hard to exclude them from spam scanning.

The content of these is an End User Quarantine message from our wonderfull 
(NOT!) Barracuda they made me buy.

Any ideas why the field is blank ?  I'd really like to be able to exempt 
them from scanning for spam ...

Return-Path: <MAILER-DAEMON@sage.vsc.edu>
Received: from hemlock.vsc.edu (hemlock.vsc.edu [155.42.1.71])
	by sage.vsc.edu (8.11.6/8.11.6) with ESMTP id jB2CVjn09976
	for <mhm06090@sage.vsc.edu>; Fri, 2 Dec 2005 07:31:45 -0500
Received: from lsc.vsc.edu (email.lsc.vsc.edu [155.42.122.21])
	by hemlock.vsc.edu (8.12.11/8.12.11) with ESMTP id jB2CVRLj026592
	for <barracuda@vsc.edu>; Fri, 2 Dec 2005 07:31:27 -0500
From: postmaster@exchange.vsc.edu
To: barracuda@vsc.edu
Date: Fri, 2 Dec 2005 07:31:27 -0500
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
	boundary="9B095B5ADSN=_01C5E5D66FD6B5120001CC51lsc.vsc.edu"
X-DSNContext: 7ce717b1 - 1158 - 00000002 - 00000000
Message-ID: <FRaqbC8wS000007dd@lsc.vsc.edu>
Subject: Delivery Status Notification (Failure)
X-VermontStateColleges-MailScanner-Information: Please contact the helpdesk 
for more information
X-VermontStateColleges-MailScanner: Found to be clean
X-VermontStateColleges-MailScanner-SpamScore: 4
X-MailScanner-From:


Thanks!


Michael

--

  --------------------------------o---------------------------------
   Michael H. Martel              | Systems Administrator
   michael.martel@vsc.edu         | Vermont State Colleges
   http://www.vsc.edu/~michael    | PH:802-241-2544 FX:802-241-3363

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From RogerPoore at MAIL.CLAYTON.EDU  Fri Dec  2 13:22:00 2005
From: RogerPoore at MAIL.CLAYTON.EDU (Roger Poore)
Date: Thu Jan 12 21:31:21 2006
Subject: Blocking sexually explicit material...(Thanks guys!)
Message-ID: <mailman.17460.1137101481.24926.mailscanner@lists.mailscanner.info>

I just wanted to say thanks for helping me with this.  Simply adding the
specific and adult rules from rulesemporium.com seems to have solved the
problem.  Our users have reported a huge increase in the amount of porn
being tagged as spam.  Excellent.

Thanks again!
 -Roger



> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Matt Kettler
> Sent: Wednesday, November 30, 2005 5:20 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Blocking sexually explicit material...
> 
> Roger Poore wrote:
> >>I'd also suggest adding on the "specific" and "adult"
> >>rulesets from rulesemporium.com.
> >
> >
> > Well, I had tried 70_sare_adult.cf a while back but I didn't know
> > exactly where to put it.  I tried appending the rules inside to
> > spam.assassin.prefs.conf but that didn't work---or at least I don't
> > think it did. :)
> 
> It probably would work, but it really shouldn't work according to the
SA
> documentation. It's a "loophole" caused by how MS passes
> spam.assassin.prefs.conf to SA.
> 
> 
> > I'll try saving the .cf to /etc/mail/mailscanner and reload
mailscanner
> > and see if that works.
> 
> That will not work. I did not say /etc/mail/mailscanner. I said
> /etc/mail/spamassassin/. This is a spamassassin rulefile, not a
> mailscanner file.
> 
> > At least now I know where to put these darn
> > rules! :)
> 
> Make sure you run spamassassin --lint on it. And if you still use
> spam.assassin.prefs.conf, use -p to make sure SA lints that too.
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Fri Dec  2 13:49:09 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:21 2006
Subject: X-MailScanner-From field is blank
Message-ID: <mailman.17461.1137101481.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----

Bounce messages often have a null sender field so that the bounces  
themselves cannot bounce.

On 2 Dec 2005, at 12:58, Michael H. Martel wrote:

> Greetings!
>
> I've got an oddity here.  When I get bounces from one or more of  
> our Exchange servers the X-MailScanner-From: field is blank.  This  
> makes it hard to exclude them from spam scanning.
>
> The content of these is an End User Quarantine message from our  
> wonderfull (NOT!) Barracuda they made me buy.
>
> Any ideas why the field is blank ?  I'd really like to be able to  
> exempt them from scanning for spam ...
>
> Return-Path: <MAILER-DAEMON@sage.vsc.edu>
> Received: from hemlock.vsc.edu (hemlock.vsc.edu [155.42.1.71])
> 	by sage.vsc.edu (8.11.6/8.11.6) with ESMTP id jB2CVjn09976
> 	for <mhm06090@sage.vsc.edu>; Fri, 2 Dec 2005 07:31:45 -0500
> Received: from lsc.vsc.edu (email.lsc.vsc.edu [155.42.122.21])
> 	by hemlock.vsc.edu (8.12.11/8.12.11) with ESMTP id jB2CVRLj026592
> 	for <barracuda@vsc.edu>; Fri, 2 Dec 2005 07:31:27 -0500
> From: postmaster@exchange.vsc.edu
> To: barracuda@vsc.edu
> Date: Fri, 2 Dec 2005 07:31:27 -0500
> MIME-Version: 1.0
> Content-Type: multipart/report; report-type=delivery-status;
> 	boundary="9B095B5ADSN=_01C5E5D66FD6B5120001CC51lsc.vsc.edu"
> X-DSNContext: 7ce717b1 - 1158 - 00000002 - 00000000
> Message-ID: <FRaqbC8wS000007dd@lsc.vsc.edu>
> Subject: Delivery Status Notification (Failure)
> X-VermontStateColleges-MailScanner-Information: Please contact the  
> helpdesk for more information
> X-VermontStateColleges-MailScanner: Found to be clean
> X-VermontStateColleges-MailScanner-SpamScore: 4
> X-MailScanner-From:
>
>
> Thanks!
>
>
> Michael
>
> --
>
>  --------------------------------o---------------------------------
>   Michael H. Martel              | Systems Administrator
>   michael.martel@vsc.edu         | Vermont State Colleges
>   http://www.vsc.edu/~michael    | PH:802-241-2544 FX:802-241-3363
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBQ5BQ1/w32o+k+q+hAQEidgf9FMDejB79OiJ2ZKOz1KW8ZJ8uAg6GSOuF
YRhi+5Uc7qqwEGY9RwGTjFdZZ41kmfTlDYguURHVR3mYkic4wtY5Q8NQ8mWRhiHz
TSTaKM7wNAOdQmGbgUEIOPAxPG56kEkLqv58uyY1gRsd9s85/r6a2szHY8dUSKB5
e2Th2DHgJkO1htrSBvw1GjDANJ1IbzU7LoKFlVOdE/9ErjaEDeYCC8MWnvZCmU3l
DConFexEeUEm8/qy7qzF9FdPxUVnImm2igzWipvLfUKHiQA8hkOAMoDzXwcYkjK8
4qbnGlUuwR9wYRR+uQGRHOTwGqoPrJLGR5PPjHG76iWPCSo+czp5RA==
=Jui3
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From paddy at PANICI.NET  Fri Dec  2 13:50:52 2005
From: paddy at PANICI.NET (paddy)
Date: Thu Jan 12 21:31:21 2006
Subject: Debian Sarge update_virus_scanners
Message-ID: <mailman.17462.1137101481.24926.mailscanner@lists.mailscanner.info>

On Tue, Nov 29, 2005 at 02:45:17PM -0500, Ugo Bellavance wrote:
> Dhawal Doshy wrote:
> >Ugo Bellavance wrote:
> >>Dhawal Doshy wrote:
> >>>Ugo Bellavance wrote:
> >>>
> >>>>Hi,
> >>>>
> >>>>    Using MailScanner on Sarge, I found out that my anti-virus 
> >>>>engines don't get updated, so I created a symlink in 
> >>>>/etc/cron.daily/ to /usr/sbin/update_virus_scanners, without 
> >>>>success.  Even running the script manually only logs this:
> >>>>
> >>>>but no actual update happens, I must update manually.
> >>>
> >>>What happen when you manually run the individual scripts?
> >>>/path/to/bitdefender-autoupdate /opt/bdc [replace with install path]
> >>>/path/to/clamav-autoupdate /usr [replace with install path]
> >>
> >>Hmmm... none of the scripts in /etc/MailScanner/autoupdate is 
> >>executable... is that normal?
> >
> >Doesn't look normal..
> >
> >[root@sauron ~]# cd /usr/lib/MailScanner
> >[root@sauron MailScanner]# ll clamav-autoupdate bitdefender-autoupdate
> >-rwxr-xr-x  1 root root 22523 Sep  1 14:16 bitdefender-autoupdate
> >-rwxr-xr-x  1 root root  2104 Sep  1 14:16 clamav-autoupdate
> >
> >- dhawal
> >
> 
> Is there a way, with debian, to know what was supposed to be the 
> permissions in the .deb package?

I'd imagine they're in the data archive file inside the .deb (which 
itself is just an certain type of ar file).  I don't know if there's any
policy or custom and practice around maniuplating those perms
from the various install scripts, but you should find those scripts under
/var/lib/dpkg/info/.  IIRC they're not terribly long or difficult to 
read.

Regards,
Paddy
-- 
Perl 6 will give you the big knob. -- Larry Wall

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From martelm at QUARK.VSC.EDU  Fri Dec  2 13:55:01 2005
From: martelm at QUARK.VSC.EDU (Michael H. Martel)
Date: Thu Jan 12 21:31:21 2006
Subject: X-MailScanner-From field is blank
Message-ID: <mailman.17463.1137101481.24926.mailscanner@lists.mailscanner.info>

--On December 2, 2005 1:49:09 PM +0000 Julian Field 
<MailScanner@ECS.SOTON.AC.UK> wrote:

> Bounce messages often have a null sender field so that the bounces
> themselves cannot bounce.

Hmm.  Makes sense.


Thanks!



Michael

--

  --------------------------------o---------------------------------
   Michael H. Martel              | Systems Administrator
   michael.martel@vsc.edu         | Vermont State Colleges
   http://www.vsc.edu/~michael    | PH:802-241-2544 FX:802-241-3363

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mailscanner at BARENDSE.TO  Fri Dec  2 14:10:01 2005
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:31:21 2006
Subject: New feature: "Reject Message"
Message-ID: <mailman.17464.1137101481.24926.mailscanner@lists.mailscanner.info>

Hi Julian!

Could it be that this feature is in the Dec 1st release but that the 
report that languages.conf is referencing too was not included in the RPM 
upgrade package? :)



On Wed, 30 Nov 2005, Julian Field wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
>
> When you want to reject messages to or from a particular address, the
> usual answer is "do it in the MTA". The hazard with this is that the
> rejection message sent back to the sender is very brief and very
> technical. Somewhere in it, the message will probably say "550 Access
> denied" or some equally unhelpful message.
>
> So now there is a "Reject Message" setting which you should use with
> a ruleset. When this evaluates to "yes", then the "Rejection Report"
> message is sent back to the sender, and the message is dropped. If
> you want to archive mail that gets this treatment, then use an equal
> ruleset on the "Archive Mail" setting. The "Rejection Report" can
> also be a ruleset, so you can different reports back to different
> places.
>
> This allows you to produce a readable report instead of the unhelpful
> technical garbage produced by most MTAs.
> - --
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.0.3 (Build 2932)
>
> iQEVAwUBQ429pPw32o+k+q+hAQEg+Af/a5ZQ3PwuK0Kh34TkB+lM8djwN6h2E0Wx
> seo/+w/XqFSpzFZj/vV3sKeQAaZ+UpYa8kVRFIaB75/SB2yCMs7M6gRCtObwt0pM
> QcfdA7YsY5k18E8KAAzrDXca0RM4QIJW2V00/jmLdOJkW7VT08lJr3Q7TMCHswBW
> 2EGL2b45zBqeXxr/NF9XKpCK8TAEVmLgEz1Uh4uMpiHQrzZvxXxm5dvdulvPaE/k
> zsfLuoj8XiNE4JosEnw4lf9sLVCh8hhy08xp5lJuYVy7N/WpD6A2d06dRxN96pL2
> Fv+/4kWz93Yf4qA2UIVPqw9PZtXxMq2csMgmkkPkDXQVrrZXtZ9RYA==
> =hl16
> -----END PGP SIGNATURE-----
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From naolson at GMAIL.COM  Fri Dec  2 14:51:49 2005
From: naolson at GMAIL.COM (Nathan Olson)
Date: Thu Jan 12 21:31:21 2006
Subject: Need additional plug-in for ok_languages??
Message-ID: <mailman.17465.1137101481.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I'm pretty sure you need the TextCat plugin for ok_languages to work.

Nate

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From brad at BECKENHAUER.COM  Fri Dec  2 15:52:26 2005
From: brad at BECKENHAUER.COM (Brad Beckenhauer)
Date: Thu Jan 12 21:31:21 2006
Subject: New feature: "Reject Message"
Message-ID: <mailman.17466.1137101481.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "windows-1252" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Interesting Feature, 
I thought I'd try to create an EXAMPLE ruleset just for fun.
 
I'm referencing three different files, Comments/suggestions?
<snip>
%rules-dir%/RejectMessage.rules:
# in MailScanner.conf change:
# "Reject Message = no"
# to
# "Reject Message = %rules-dir%/RejectMessage.rules"
#
# Set addresses/domains to be checked as follows:
#
# Directions  Pattern                  Action(s)
From: user@bad.domain.tld       %rules-dir%/RMsg.001 # Reject all w/msg
FROM this user
From: *@bad.domain.tld           %rules-dir%/RMsg.001 # Reject all w/msg
FROM this domain
From: 123.234.                         %rules-dir%/RMsg.002 # Reject all
w/msg FROM this IP
From: /^192\.168\.13[4567]\./   %rules-dir%/RMsg.002 # Reject all w/msg
FROM this IP range
#
# If you have a large number of similiar rules, you can list the address
# pattern in another file and refer to it by putting in the filename
instead
# of the pattern itself.  The file would list one address/domain per
line.
#
# Reject listed domains in file "RejectMessages"
To: %rules-dir%/RejectMessages   %rules-dir%/Rmsg.001
FromOrTo:       default         no  # Default, Do NOT send Reject Message
</snip>
 
<snip>
%rules-dir%/Rmsg.001:
Email from this user/domain has been rejected by MailScanner
</snip>
 
<snip>
%rules-dir%/Rmsg.002:
Email from this IP Address has been rejected by MailScanner
</snip>
 
 
>>> Julian Field<MailScanner@ECS.SOTON.AC.UK> 11/30/2005 8:56:34 AM >>>
-----BEGIN PGP SIGNED MESSAGE-----

When you want to reject messages to or from a particular address, the 
usual answer is "do it in the MTA". The hazard with this is that the 
rejection message sent back to the sender is very brief and very 
technical. Somewhere in it, the message will probably say "550 Access 
denied" or some equally unhelpful message.

So now there is a "Reject Message" setting which you should use with 
a ruleset. When this evaluates to "yes", then the "Rejection Report" 
message is sent back to the sender, and the message is dropped. If 
you want to archive mail that gets this treatment, then use an equal 
ruleset on the "Archive Mail" setting. The "Rejection Report" can 
also be a ruleset, so you can different reports back to different 
places.

This allows you to produce a readable report instead of the unhelpful 
technical garbage produced by most MTAs.
- --
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBQ429pPw32o+k+q+hAQEg+Af/a5ZQ3PwuK0Kh34TkB+lM8djwN6h2E0Wx
seo/+w/XqFSpzFZj/vV3sKeQAaZ+UpYa8kVRFIaB75/SB2yCMs7M6gRCtObwt0pM
QcfdA7YsY5k18E8KAAzrDXca0RM4QIJW2V00/jmLdOJkW7VT08lJr3Q7TMCHswBW
2EGL2b45zBqeXxr/NF9XKpCK8TAEVmLgEz1Uh4uMpiHQrzZvxXxm5dvdulvPaE/k
zsfLuoj8XiNE4JosEnw4lf9sLVCh8hhy08xp5lJuYVy7N/WpD6A2d06dRxN96pL2
Fv+/4kWz93Yf4qA2UIVPqw9PZtXxMq2csMgmkkPkDXQVrrZXtZ9RYA==
=hl16
-----END PGP SIGNATURE-----

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From mailscanner at BARENDSE.TO  Fri Dec  2 16:13:40 2005
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:31:21 2006
Subject: Need additional plug-in for ok_languages??
Message-ID: <mailman.17467.1137101481.24926.mailscanner@lists.mailscanner.info>

Thanks!

That pointed me in the right direction!

It seems that in /etc/mail/spamassassin/init.pre

This needs to be uncommented:

# TextCat - language guesser
#
loadplugin Mail::SpamAssassin::Plugin::TextCat


Maybe Julian can add this to the install-clamsa comments where already DCC 
and Pyzor are listed for this file??


It seems to be working ok now



On Fri, 2 Dec 2005, Nathan Olson wrote:

> I'm pretty sure you need the TextCat plugin for ok_languages to work.
>
> Nate
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From KGoods at AIAINSURANCE.COM  Fri Dec  2 16:13:13 2005
From: KGoods at AIAINSURANCE.COM (Ken Goods)
Date: Thu Jan 12 21:31:21 2006
Subject: worm emails marked as possible spam
Message-ID: <mailman.17468.1137101481.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

IT Dept wrote:
> Ken Goods wrote:
> 
>> In my case I had two versions of ClamAV running on my machine and
>> running scanscan from the command line would use the newer version
>> and catch the viruses but MailScanner using the wrapper was using
>> the older version and wouldn't. 
>> 
>> Thanks to the sharp eye (and much more experience) of Glenn Steen,
>> the light bulb finally went off. If you think there's any chance of
>> this being your problem take a look at the Antivirus woes... thread
>> from yesterday. 
>> 
>> 
> Ken,
> 
> You may be on to something here. If I do:
> 
> # rpm -qa | grep -i clam
> webppliance-clamav-frontend-3.7.1-10
> clamav-0.65-4
> webppliance-clamav-3.7.1-10
> 
> According to RPM, I have 0.65-4 of ClamAV installed, but from the
> shell, I get something different:
> 
> # clamscan --version
> ClamAV 0.87.1/1200/Thu Dec  1 09:26:35 2005
> 
> Unfortunately, I don't have yesterday's threads (this mailbox got a
> bit overstuffed), so I missed a bunch. Any hints on how to resolve?
> 
> Thanks,
> Chris

Good morning Chris,

I simply did a rpm -e to remove the old one (actually I did a rpm -evv -test
first just to see what was going to happen). then I changed the
virus.scanner.conf to point to the correct path of Clam 87.1 and then for
good measure I ran Julian's install ClamAV-SA script again. All is well now.
I'll copy in the message from Glenn that did the trick for me.

Message from Glenn:

On 30/11/05, Ken Goods <KGoods@aiainsurance.com> wrote:
> Glenn Steen wrote:
> > On 29/11/05, Ken Goods <KGoods@aiainsurance.com> wrote:
> >> Greetings list...
(snip)
>
> First.. thanks to all who responded and for the excellent suggestions for
> debugging.
>
> Update.. bitdefender is working and caught it's first virus through
> MailScanner at 10:18pm PST last night. I thought I had restarted MS after
> making a change to virus.scanners.conf but maybe not.
> I had mistakenly entered the path all the way to the bdc program instead
of
> just the path.. i.e.
>
> bitdefender     /usr/lib/MailScanner/bitdefender-wrapper /opt/bdc/bdc <-
> *here*
>
> Must have got going after MailScanner's normal restart.

Ah, good.

>
> But for ClamAV still no joy.
>
> I'll answer everyone's questions here.
>
> Ugo,
> virus.scanners.conf looks good and ClamAV seems to be updating fine
> according to the output of update_virus_scanners in the log.
> Nov 30 08:09:06 gw-mail update.virus.scanners: Found bitdefender installed
> Nov 30 08:09:06 gw-mail update.virus.scanners: Running autoupdate for
> bitdefender
> Nov 30 08:09:33 gw-mail BitDefender-autoupdate[14702]: BitDefender
starting
> update
> Nov 30 08:09:37 gw-mail BitDefender-autoupdate[14702]: BitDefender updated
> Nov 30 08:10:24 gw-mail update.virus.scanners: Found clamav installed
> Nov 30 08:10:24 gw-mail update.virus.scanners: Running autoupdate for
clamav
> Nov 30 08:10:25 gw-mail ClamAV-autoupdate[14719]: ClamAV did not need
> updating
>

Yes, but which one is it updating?

> Glenn,
> [root@gw-mail root]# which clamscan
> /usr/local/bin/clamscan
> Could this be a problem? I installed ClamAV & SA using Julian's script
> thinking that this would take care of the path problems that I have ran
into
> before. I'm running RH9.0 if it matters...

Just to be "specific", this is what you've reported having in the
virus.scanners.conf:
clamav          /usr/lib/MailScanner/clamav-wrapper     /usr

And as you've shown above, the wrapper can use this to find a
(probably RPM-installed) clamav (actually clamscan) in /usr/bin ...
However, the above shows that /usr/local/bin comes before /usr/bin in
your PATH, and there you have another install of clamav... Which is
used when invoking clamscan from the command line.

If you are to use the same clamscan as from the command line, you need
change that to
clamav          /usr/lib/MailScanner/clamav-wrapper     /usr/local

.... I would recommend that you also remove every last trace of any
clamav RPM install and, after doing that, reinstall Jules package (in
case the rpm -e has ... made something crucial ... go away:).

Which signature files are used is the next thing to look at... I don't
remember if the RPM versions of clamav floating around are split into
one program package and one "database" package, or if it's a
monolithic thing (I've been building this from source a long time
now... Can't really wait for someone to package it for me... Well,
perhaps excepting Jules;). If it is a separate package, remove that
one too.... Probably should do that at the same time the program goes.

>
> [root@gw-mail root]# /opt/bdc/bdc --log=/tmp/testbdc --all
>
/var/spool/MailScanner/quarantine/20051129/jATKRZ2n029044/File-packed_dataIn
> fo.exe
> BDC/Linux-Console v7.1 (build 2559) (i386) (Jul  6 2005 16:28:53)
> Copyright (C) 1996-2004 SOFTWIN SRL. All rights reserved.
> Warning: unknown parameter: --all
(snip)
> Works fine but seems like it doesn't like the --all parameter for some
> reason... I had tried that yesterday.

Quirky... Oh well, probably nothing to worry about (I've checked, and
mine accept both "--all" and "-all", without the citation marks (of
course)).

(snip)
> But like I said, bitdefender seems to be working through MailScanner this
> morning. So all is hopefully well with bdc...
>
> Kevin,
> [root@gw-mail root]# clamscan --debug 2>&1 | head -n 1
> LibClamAV debug: Loading databases from /var/clamav
>
> and an ls -l gives:
> [root@gw-mail log]# cd /var/clamav
> [root@gw-mail clamav]# ls -l
> total 8200
> -rw-r--r--    1 clamav   clamav     175561 Nov 29 02:15 daily.cvd
> -rw-r--r--    1 clamav   clamav     177776 Nov  9  2004 daily.cvd.old
> -rw-r--r--    1 clamav   clamav     154914 May 16  2005 daily.cvd.rpmnew
> -rw-r--r--    1 clamav   clamav     198913 Apr 10  2005 daily.cvd.rpmsave
> -rw-r--r--    1 clamav   clamav    2560365 Sep 10 07:08 main.cvd
> -rw-r--r--    1 clamav   clamav    1284637 Sep 16  2004 main.cvd.old
> -rw-r--r--    1 clamav   clamav    2014018 May 16  2005 main.cvd.rpmnew
> -rw-r--r--    1 clamav   clamav    1784802 Mar  7  2005 main.cvd.rpmsave
> [root@gw-mail clamav]#
>
> I assume this is ok. Where are the paths to the databases and clamscan
> configured for MailScanner? I should probably double check that they are
> correct.
>
> Thanks all,
> Ken
(snip)
I wouldn't be so sure that it's OK. What does
/usr/bin/clamscan --version
and
/usr/local/bin/clamscan --version
give? I'm pretty sure it'll show a less than optimal combination in
the first instance... Which is why you probably should take my advice
above and go for "only one clamav on this system";-).

Cheers
--
-- Glenn

Hope this gets you all fixed up!
Kind regards,
Ken



Ken Goods
Network Administrator
AIA/CropUSA Insurance, Inc.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From scevans at CALPOLY.EDU  Fri Dec  2 16:22:37 2005
From: scevans at CALPOLY.EDU (Steve Evans)
Date: Thu Jan 12 21:31:21 2006
Subject: Exim Install
Message-ID: <mailman.17469.1137101481.24926.mailscanner@lists.mailscanner.info>

First it was telling me:

In Debugging mode, not forking...
Cannot create temporary Work Dir /22113. Are the permissions and ownership of  correct? at /usr/lib/MailScanner/MailScanner/WorkArea.pm line 152

Then I changed the ownership of /var/spool/MailScanner to mailnull.mailnull (which is the user and group that exim runs as) and now when I run check_MailScanner it just sits there forever with:

Starting MailScanner...
In Debugging mode, not forking...

If I run top it lists MailScanner at the top of the list but it's consuming no to little CPU. 


Steve Evans
805-756-7517

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth
Sent: Friday, December 02, 2005 12:58 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Exim Install

Steve

Make sure there's something in the incoming spool

Put MailScanner into debug mode (edit MailScanner.conf and change both debug values to yes).

Stop MailScanner

Run check_mailscanner

This will dump a load of debug to the screen and you should be able to see whats happening (or not in your case)

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On 
> Behalf Of Steve Evans
> Sent: 01 December 2005 20:29
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: [MAILSCANNER] Exim Install
>
> I'm trying to install MailScanner with exim for the first time.  Here 
> is a list of the steps I have taken.
>
> Install MailScanner (no problems)
> Copied /etc/exim.conf to /etc/exim_scanned.conf Added these lines to 
> /etc/exim.conf
>     spool_directory = /var/spool/exim_incoming
>     queue_only = true
>
> Then down in the routers config section of /etc/exim.conf I added
>     defer_router:
>         driver = manualroute
>         route_list = * 127.0.0.1 byname
>         self = defer
>         verify = false
>
> In MailScanner.conf I modified these lines
>     Incoming Queue Dir = /var/spool/exim_incoming/input/
>     Outgoing Queue Dir = /var/spool/exim/input/
>     MTA = exim
>     Sendmail = /usr/sbin/exim
>     Sendmail2 = /usr/sbin/exim -C /etc/exim_scanned.conf
>
> Modified the file /etc/sysconfig/MailScanner
>     EXIM=/usr/sbin/exim
>     EXIMINCF=/etc/exim/exim.conf
>     EXIMSENDCF=/etc/exim/exim_scanned.conf
>
> My two queue directories have the permissions of
>     drwxr-x---   5 mailnull mail 4096 Jul 22  2004 exim/
>     drwxr-x---   5 mailnull mail 4096 Nov 30 15:45 exim_incoming/
>
>     (note:  I didn't touch the exim folder, just the exim_incoming)
>
> Then I do a service exim stop and a service MailScanner start.
>
> The mail comes into /var/spool/exim_incoming but nothing happens after 
> that.  It just stacks up there.  If I stop MailScanner, change back 
> the exim.conf file, and start exim mail flows as normal.  If I change 
> the exim.conf file to only specify a new spool directory everything 
> works fine.  So I"m pretty sure I have my queues set up correctly.  
> Obviously though MailScanner doesn't scan the mail if I do that.
>
> Can someone tell me what I'm missing?
>
> Steve Evans
> 805-756-7517
>
>
> ------------------------ MailScanner list ------------------------ To 
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and the 
> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!



**********************************************************************

This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager.

This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From martinh at SOLID-STATE-LOGIC.COM  Fri Dec  2 16:28:29 2005
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:31:21 2006
Subject: Exim Install
Message-ID: <mailman.17470.1137101481.24926.mailscanner@lists.mailscanner.info>

Steve

Try

Modified the file /etc/sysconfig/MailScanner
EXIM=/usr/sbin/exim
EXIMINCF=/etc/exim.conf
EXIMSENDCF=/etc/exim_scanned.conf

--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Steve Evans
> Sent: 02 December 2005 16:23
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: [MAILSCANNER] Exim Install
> 
> First it was telling me:
> 
> In Debugging mode, not forking...
> Cannot create temporary Work Dir /22113. Are the permissions and ownership
> of  correct? at /usr/lib/MailScanner/MailScanner/WorkArea.pm line 152
> 
> Then I changed the ownership of /var/spool/MailScanner to
> mailnull.mailnull (which is the user and group that exim runs as) and now
> when I run check_MailScanner it just sits there forever with:
> 
> Starting MailScanner...
> In Debugging mode, not forking...
> 
> If I run top it lists MailScanner at the top of the list but it's
> consuming no to little CPU.
> 
> 
> Steve Evans
> 805-756-7517
> 
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Martin Hepworth
> Sent: Friday, December 02, 2005 12:58 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Exim Install
> 
> Steve
> 
> Make sure there's something in the incoming spool
> 
> Put MailScanner into debug mode (edit MailScanner.conf and change both
> debug values to yes).
> 
> Stop MailScanner
> 
> Run check_mailscanner
> 
> This will dump a load of debug to the screen and you should be able to see
> whats happening (or not in your case)
> 
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
> > -----Original Message-----
> > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> > Behalf Of Steve Evans
> > Sent: 01 December 2005 20:29
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: [MAILSCANNER] Exim Install
> >
> > I'm trying to install MailScanner with exim for the first time.  Here
> > is a list of the steps I have taken.
> >
> > Install MailScanner (no problems)
> > Copied /etc/exim.conf to /etc/exim_scanned.conf Added these lines to
> > /etc/exim.conf
> >     spool_directory = /var/spool/exim_incoming
> >     queue_only = true
> >
> > Then down in the routers config section of /etc/exim.conf I added
> >     defer_router:
> >         driver = manualroute
> >         route_list = * 127.0.0.1 byname
> >         self = defer
> >         verify = false
> >
> > In MailScanner.conf I modified these lines
> >     Incoming Queue Dir = /var/spool/exim_incoming/input/
> >     Outgoing Queue Dir = /var/spool/exim/input/
> >     MTA = exim
> >     Sendmail = /usr/sbin/exim
> >     Sendmail2 = /usr/sbin/exim -C /etc/exim_scanned.conf
> >
> > Modified the file /etc/sysconfig/MailScanner
> >     EXIM=/usr/sbin/exim
> >     EXIMINCF=/etc/exim/exim.conf
> >     EXIMSENDCF=/etc/exim/exim_scanned.conf
> >
> > My two queue directories have the permissions of
> >     drwxr-x---   5 mailnull mail 4096 Jul 22  2004 exim/
> >     drwxr-x---   5 mailnull mail 4096 Nov 30 15:45 exim_incoming/
> >
> >     (note:  I didn't touch the exim folder, just the exim_incoming)
> >
> > Then I do a service exim stop and a service MailScanner start.
> >
> > The mail comes into /var/spool/exim_incoming but nothing happens after
> > that.  It just stacks up there.  If I stop MailScanner, change back
> > the exim.conf file, and start exim mail flows as normal.  If I change
> > the exim.conf file to only specify a new spool directory everything
> > works fine.  So I"m pretty sure I have my queues set up correctly.
> > Obviously though MailScanner doesn't scan the mail if I do that.
> >
> > Can someone tell me what I'm missing?
> >
> > Steve Evans
> > 805-756-7517
> >
> >
> > ------------------------ MailScanner list ------------------------ To
> > unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the
> > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> > Support MailScanner development - buy the book off the website!
> 
> 
> 
> **********************************************************************
> 
> This email and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity to whom they are addressed.
> If you have received this email in error please notify the system manager.
> 
> This footnote confirms that this email message has been swept for the
> presence of computer viruses and is believed to be clean.
> 
> **********************************************************************
> 
> ------------------------ MailScanner list ------------------------ To
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and the
> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mkettler at EVI-INC.COM  Fri Dec  2 16:30:08 2005
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:31:21 2006
Subject: GreyListing experiences
Message-ID: <mailman.17471.1137101481.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Kai Schaetzl wrote:
> When I restart milter-greylist sendmail gets 
> refused the socket connection. I found that I have to restart 
> milter-greylist, sendmail and then milter-greylist again to stop this. How 
> can this be avoided?
> 
>

Important question: Why are you restarting milter-greylist?

In general you don't need to ever restart milter-greylist, as it periodically
checks to see if greylist.conf has been modified and will reload it if it has.

Don't believe me? Try it and check your logs for messages like this:

Nov 28 16:13:06 xanadu milter-greylist: reloading "/etc/mail/greylist.conf


The only time you should need to restart milter-greylist is when it has gotten
wedged or is otherwise borked.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From scevans at CALPOLY.EDU  Fri Dec  2 16:32:44 2005
From: scevans at CALPOLY.EDU (Steve Evans)
Date: Thu Jan 12 21:31:21 2006
Subject: Exim Install
Message-ID: <mailman.17472.1137101481.24926.mailscanner@lists.mailscanner.info>

I'm sorry, what do you want me to try exactly? 


Steve Evans
805-756-7517

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth
Sent: Friday, December 02, 2005 8:28 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Exim Install

Steve

Try

Modified the file /etc/sysconfig/MailScanner EXIM=/usr/sbin/exim EXIMINCF=/etc/exim.conf EXIMSENDCF=/etc/exim_scanned.conf

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On 
> Behalf Of Steve Evans
> Sent: 02 December 2005 16:23
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: [MAILSCANNER] Exim Install
>
> First it was telling me:
>
> In Debugging mode, not forking...
> Cannot create temporary Work Dir /22113. Are the permissions and 
> ownership of  correct? at /usr/lib/MailScanner/MailScanner/WorkArea.pm 
> line 152
>
> Then I changed the ownership of /var/spool/MailScanner to 
> mailnull.mailnull (which is the user and group that exim runs as) and 
> now when I run check_MailScanner it just sits there forever with:
>
> Starting MailScanner...
> In Debugging mode, not forking...
>
> If I run top it lists MailScanner at the top of the list but it's 
> consuming no to little CPU.
>
>
> Steve Evans
> 805-756-7517
>
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On 
> Behalf Of Martin Hepworth
> Sent: Friday, December 02, 2005 12:58 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Exim Install
>
> Steve
>
> Make sure there's something in the incoming spool
>
> Put MailScanner into debug mode (edit MailScanner.conf and change both 
> debug values to yes).
>
> Stop MailScanner
>
> Run check_mailscanner
>
> This will dump a load of debug to the screen and you should be able to 
> see whats happening (or not in your case)
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
> > -----Original Message-----
> > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] 
> > On Behalf Of Steve Evans
> > Sent: 01 December 2005 20:29
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: [MAILSCANNER] Exim Install
> >
> > I'm trying to install MailScanner with exim for the first time.  
> > Here is a list of the steps I have taken.
> >
> > Install MailScanner (no problems)
> > Copied /etc/exim.conf to /etc/exim_scanned.conf Added these lines to 
> > /etc/exim.conf
> >     spool_directory = /var/spool/exim_incoming
> >     queue_only = true
> >
> > Then down in the routers config section of /etc/exim.conf I added
> >     defer_router:
> >         driver = manualroute
> >         route_list = * 127.0.0.1 byname
> >         self = defer
> >         verify = false
> >
> > In MailScanner.conf I modified these lines
> >     Incoming Queue Dir = /var/spool/exim_incoming/input/
> >     Outgoing Queue Dir = /var/spool/exim/input/
> >     MTA = exim
> >     Sendmail = /usr/sbin/exim
> >     Sendmail2 = /usr/sbin/exim -C /etc/exim_scanned.conf
> >
> > Modified the file /etc/sysconfig/MailScanner
> >     EXIM=/usr/sbin/exim
> >     EXIMINCF=/etc/exim/exim.conf
> >     EXIMSENDCF=/etc/exim/exim_scanned.conf
> >
> > My two queue directories have the permissions of
> >     drwxr-x---   5 mailnull mail 4096 Jul 22  2004 exim/
> >     drwxr-x---   5 mailnull mail 4096 Nov 30 15:45 exim_incoming/
> >
> >     (note:  I didn't touch the exim folder, just the exim_incoming)
> >
> > Then I do a service exim stop and a service MailScanner start.
> >
> > The mail comes into /var/spool/exim_incoming but nothing happens 
> > after that.  It just stacks up there.  If I stop MailScanner, change 
> > back the exim.conf file, and start exim mail flows as normal.  If I 
> > change the exim.conf file to only specify a new spool directory 
> > everything works fine.  So I"m pretty sure I have my queues set up correctly.
> > Obviously though MailScanner doesn't scan the mail if I do that.
> >
> > Can someone tell me what I'm missing?
> >
> > Steve Evans
> > 805-756-7517
> >
> >
> > ------------------------ MailScanner list ------------------------ 
> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the Wiki (http://wiki.mailscanner.info/) and 
> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> > Support MailScanner development - buy the book off the website!
>
>
>
> **********************************************************************
>
> This email and any files transmitted with it are confidential and 
> intended solely for the use of the individual or entity to whom they are addressed.
> If you have received this email in error please notify the system manager.
>
> This footnote confirms that this email message has been swept for the 
> presence of computer viruses and is believed to be clean.
>
> **********************************************************************
>
> ------------------------ MailScanner list ------------------------ To 
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and the 
> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
> ------------------------ MailScanner list ------------------------ To 
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and the 
> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!


**********************************************************************

This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager.

This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From martinh at SOLID-STATE-LOGIC.COM  Fri Dec  2 16:43:29 2005
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:31:21 2006
Subject: Exim Install
Message-ID: <mailman.17473.1137101481.24926.mailscanner@lists.mailscanner.info>

Steve

Hmm silly line wrapping....

Edit the /etc/sysconfig/MailScanner

Make sure the EXIMINCF and EXIMSENDCF vars are set properly to point at the
correct files...

EXIMINCF=/etc/exim.conf 

EXIMSENDCF=/etc/exim_scanned.conf

--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Steve Evans
> Sent: 02 December 2005 16:33
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: [MAILSCANNER] Exim Install
> 
> I'm sorry, what do you want me to try exactly?
> 
> 
> Steve Evans
> 805-756-7517
> 
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Martin Hepworth
> Sent: Friday, December 02, 2005 8:28 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Exim Install
> 
> Steve
> 
> Try
> 
> Modified the file /etc/sysconfig/MailScanner EXIM=/usr/sbin/exim
> EXIMINCF=/etc/exim.conf EXIMSENDCF=/etc/exim_scanned.conf
> 
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
> 
> > -----Original Message-----
> > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> > Behalf Of Steve Evans
> > Sent: 02 December 2005 16:23
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: Re: [MAILSCANNER] Exim Install
> >
> > First it was telling me:
> >
> > In Debugging mode, not forking...
> > Cannot create temporary Work Dir /22113. Are the permissions and
> > ownership of  correct? at /usr/lib/MailScanner/MailScanner/WorkArea.pm
> > line 152
> >
> > Then I changed the ownership of /var/spool/MailScanner to
> > mailnull.mailnull (which is the user and group that exim runs as) and
> > now when I run check_MailScanner it just sits there forever with:
> >
> > Starting MailScanner...
> > In Debugging mode, not forking...
> >
> > If I run top it lists MailScanner at the top of the list but it's
> > consuming no to little CPU.
> >
> >
> > Steve Evans
> > 805-756-7517
> >
> > -----Original Message-----
> > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> > Behalf Of Martin Hepworth
> > Sent: Friday, December 02, 2005 12:58 AM
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: Re: Exim Install
> >
> > Steve
> >
> > Make sure there's something in the incoming spool
> >
> > Put MailScanner into debug mode (edit MailScanner.conf and change both
> > debug values to yes).
> >
> > Stop MailScanner
> >
> > Run check_mailscanner
> >
> > This will dump a load of debug to the screen and you should be able to
> > see whats happening (or not in your case)
> >
> > --
> > Martin Hepworth
> > Snr Systems Administrator
> > Solid State Logic
> > Tel: +44 (0)1865 842300
> > > -----Original Message-----
> > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]
> > > On Behalf Of Steve Evans
> > > Sent: 01 December 2005 20:29
> > > To: MAILSCANNER@JISCMAIL.AC.UK
> > > Subject: [MAILSCANNER] Exim Install
> > >
> > > I'm trying to install MailScanner with exim for the first time.
> > > Here is a list of the steps I have taken.
> > >
> > > Install MailScanner (no problems)
> > > Copied /etc/exim.conf to /etc/exim_scanned.conf Added these lines to
> > > /etc/exim.conf
> > >     spool_directory = /var/spool/exim_incoming
> > >     queue_only = true
> > >
> > > Then down in the routers config section of /etc/exim.conf I added
> > >     defer_router:
> > >         driver = manualroute
> > >         route_list = * 127.0.0.1 byname
> > >         self = defer
> > >         verify = false
> > >
> > > In MailScanner.conf I modified these lines
> > >     Incoming Queue Dir = /var/spool/exim_incoming/input/
> > >     Outgoing Queue Dir = /var/spool/exim/input/
> > >     MTA = exim
> > >     Sendmail = /usr/sbin/exim
> > >     Sendmail2 = /usr/sbin/exim -C /etc/exim_scanned.conf
> > >
> > > Modified the file /etc/sysconfig/MailScanner
> > >     EXIM=/usr/sbin/exim
> > >     EXIMINCF=/etc/exim/exim.conf
> > >     EXIMSENDCF=/etc/exim/exim_scanned.conf
> > >
> > > My two queue directories have the permissions of
> > >     drwxr-x---   5 mailnull mail 4096 Jul 22  2004 exim/
> > >     drwxr-x---   5 mailnull mail 4096 Nov 30 15:45 exim_incoming/
> > >
> > >     (note:  I didn't touch the exim folder, just the exim_incoming)
> > >
> > > Then I do a service exim stop and a service MailScanner start.
> > >
> > > The mail comes into /var/spool/exim_incoming but nothing happens
> > > after that.  It just stacks up there.  If I stop MailScanner, change
> > > back the exim.conf file, and start exim mail flows as normal.  If I
> > > change the exim.conf file to only specify a new spool directory
> > > everything works fine.  So I"m pretty sure I have my queues set up
> correctly.
> > > Obviously though MailScanner doesn't scan the mail if I do that.
> > >
> > > Can someone tell me what I'm missing?
> > >
> > > Steve Evans
> > > 805-756-7517
> > >
> > >
> > > ------------------------ MailScanner list ------------------------
> > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> > > 'leave mailscanner' in the body of the email.
> > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> > >
> > > Support MailScanner development - buy the book off the website!
> >
> >
> >
> > **********************************************************************
> >
> > This email and any files transmitted with it are confidential and
> > intended solely for the use of the individual or entity to whom they are
> addressed.
> > If you have received this email in error please notify the system
> manager.
> >
> > This footnote confirms that this email message has been swept for the
> > presence of computer viruses and is believed to be clean.
> >
> > **********************************************************************
> >
> > ------------------------ MailScanner list ------------------------ To
> > unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the
> > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> > Support MailScanner development - buy the book off the website!
> >
> > ------------------------ MailScanner list ------------------------ To
> > unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the
> > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> > Support MailScanner development - buy the book off the website!
> 
> 
> **********************************************************************
> 
> This email and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity to whom they are addressed.
> If you have received this email in error please notify the system manager.
> 
> This footnote confirms that this email message has been swept for the
> presence of computer viruses and is believed to be clean.
> 
> **********************************************************************
> 
> ------------------------ MailScanner list ------------------------ To
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and the
> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Fri Dec  2 16:49:19 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:21 2006
Subject: New feature: "Reject Message"
Message-ID: <mailman.17474.1137101481.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----

It wasn't in the 4.48.4-1 but it was in 4.48.4-2, sorry about that.

On 2 Dec 2005, at 14:10, Remco Barendse wrote:

> Hi Julian!
>
> Could it be that this feature is in the Dec 1st release but that  
> the report that languages.conf is referencing too was not included  
> in the RPM upgrade package? :)
>
>
>
> On Wed, 30 Nov 2005, Julian Field wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>>
>> When you want to reject messages to or from a particular address, the
>> usual answer is "do it in the MTA". The hazard with this is that the
>> rejection message sent back to the sender is very brief and very
>> technical. Somewhere in it, the message will probably say "550 Access
>> denied" or some equally unhelpful message.
>>
>> So now there is a "Reject Message" setting which you should use with
>> a ruleset. When this evaluates to "yes", then the "Rejection Report"
>> message is sent back to the sender, and the message is dropped. If
>> you want to archive mail that gets this treatment, then use an equal
>> ruleset on the "Archive Mail" setting. The "Rejection Report" can
>> also be a ruleset, so you can different reports back to different
>> places.
>>
>> This allows you to produce a readable report instead of the unhelpful
>> technical garbage produced by most MTAs.
>> - --
>> Julian Field
>> www.MailScanner.info
>> Buy the MailScanner book at www.MailScanner.info/store
>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: PGP Desktop 9.0.3 (Build 2932)
>>
>> iQEVAwUBQ429pPw32o+k+q+hAQEg+Af/a5ZQ3PwuK0Kh34TkB+lM8djwN6h2E0Wx
>> seo/+w/XqFSpzFZj/vV3sKeQAaZ+UpYa8kVRFIaB75/SB2yCMs7M6gRCtObwt0pM
>> QcfdA7YsY5k18E8KAAzrDXca0RM4QIJW2V00/jmLdOJkW7VT08lJr3Q7TMCHswBW
>> 2EGL2b45zBqeXxr/NF9XKpCK8TAEVmLgEz1Uh4uMpiHQrzZvxXxm5dvdulvPaE/k
>> zsfLuoj8XiNE4JosEnw4lf9sLVCh8hhy08xp5lJuYVy7N/WpD6A2d06dRxN96pL2
>> Fv+/4kWz93Yf4qA2UIVPqw9PZtXxMq2csMgmkkPkDXQVrrZXtZ9RYA==
>> =hl16
>> -----END PGP SIGNATURE-----
>>
>>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBQ5B7Efw32o+k+q+hAQEYpAf+KT7ABXpz6YsSbS4m/5JQqDQ+98ZIz7IU
xq006uVvtzGFNn5JYfodOxei3ywjzLV1faBWjnYPROzMrWgr5un2m3+WLM5mMHJE
ONRNRpgzzzmkBKrwaNZItdcWrxiaA3hyQWiOZbfQadFy+PtKHZ1NlCRNQ9LsyMlX
zTQ0GTPiTYvlJ9pd3X6PikjtocKsXeApLYjTmtEJ7GuNk3NpGRQR6DeQXkwNiNBu
KwK+FHJ7r9okKzu3oDyb0JxzamW1q5W1wkWf3w1TlQc5VIt/yZmp/xEnMQ0St1sH
ChsoKY/wYdzup4bI4htQNjb/vsuIP1gGcR3bEvSN2uZapqiy/5sOAw==
=j2xJ
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From scevans at CALPOLY.EDU  Fri Dec  2 17:08:31 2005
From: scevans at CALPOLY.EDU (Steve Evans)
Date: Thu Jan 12 21:31:21 2006
Subject: Exim Install
Message-ID: <mailman.17475.1137101481.24926.mailscanner@lists.mailscanner.info>

It is correct. 


Steve Evans
805-756-7517

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth
Sent: Friday, December 02, 2005 8:43 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Exim Install

Steve

Hmm silly line wrapping....

Edit the /etc/sysconfig/MailScanner

Make sure the EXIMINCF and EXIMSENDCF vars are set properly to point at the correct files...

EXIMINCF=/etc/exim.conf

EXIMSENDCF=/etc/exim_scanned.conf

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On 
> Behalf Of Steve Evans
> Sent: 02 December 2005 16:33
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: [MAILSCANNER] Exim Install
>
> I'm sorry, what do you want me to try exactly?
>
>
> Steve Evans
> 805-756-7517
>
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On 
> Behalf Of Martin Hepworth
> Sent: Friday, December 02, 2005 8:28 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Exim Install
>
> Steve
>
> Try
>
> Modified the file /etc/sysconfig/MailScanner EXIM=/usr/sbin/exim 
> EXIMINCF=/etc/exim.conf EXIMSENDCF=/etc/exim_scanned.conf
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
> > -----Original Message-----
> > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] 
> > On Behalf Of Steve Evans
> > Sent: 02 December 2005 16:23
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: Re: [MAILSCANNER] Exim Install
> >
> > First it was telling me:
> >
> > In Debugging mode, not forking...
> > Cannot create temporary Work Dir /22113. Are the permissions and 
> > ownership of  correct? at 
> > /usr/lib/MailScanner/MailScanner/WorkArea.pm
> > line 152
> >
> > Then I changed the ownership of /var/spool/MailScanner to 
> > mailnull.mailnull (which is the user and group that exim runs as) 
> > and now when I run check_MailScanner it just sits there forever with:
> >
> > Starting MailScanner...
> > In Debugging mode, not forking...
> >
> > If I run top it lists MailScanner at the top of the list but it's 
> > consuming no to little CPU.
> >
> >
> > Steve Evans
> > 805-756-7517
> >
> > -----Original Message-----
> > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] 
> > On Behalf Of Martin Hepworth
> > Sent: Friday, December 02, 2005 12:58 AM
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: Re: Exim Install
> >
> > Steve
> >
> > Make sure there's something in the incoming spool
> >
> > Put MailScanner into debug mode (edit MailScanner.conf and change 
> > both debug values to yes).
> >
> > Stop MailScanner
> >
> > Run check_mailscanner
> >
> > This will dump a load of debug to the screen and you should be able 
> > to see whats happening (or not in your case)
> >
> > --
> > Martin Hepworth
> > Snr Systems Administrator
> > Solid State Logic
> > Tel: +44 (0)1865 842300
> > > -----Original Message-----
> > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]
> > > On Behalf Of Steve Evans
> > > Sent: 01 December 2005 20:29
> > > To: MAILSCANNER@JISCMAIL.AC.UK
> > > Subject: [MAILSCANNER] Exim Install
> > >
> > > I'm trying to install MailScanner with exim for the first time.
> > > Here is a list of the steps I have taken.
> > >
> > > Install MailScanner (no problems)
> > > Copied /etc/exim.conf to /etc/exim_scanned.conf Added these lines 
> > > to /etc/exim.conf
> > >     spool_directory = /var/spool/exim_incoming
> > >     queue_only = true
> > >
> > > Then down in the routers config section of /etc/exim.conf I added
> > >     defer_router:
> > >         driver = manualroute
> > >         route_list = * 127.0.0.1 byname
> > >         self = defer
> > >         verify = false
> > >
> > > In MailScanner.conf I modified these lines
> > >     Incoming Queue Dir = /var/spool/exim_incoming/input/
> > >     Outgoing Queue Dir = /var/spool/exim/input/
> > >     MTA = exim
> > >     Sendmail = /usr/sbin/exim
> > >     Sendmail2 = /usr/sbin/exim -C /etc/exim_scanned.conf
> > >
> > > Modified the file /etc/sysconfig/MailScanner
> > >     EXIM=/usr/sbin/exim
> > >     EXIMINCF=/etc/exim/exim.conf
> > >     EXIMSENDCF=/etc/exim/exim_scanned.conf
> > >
> > > My two queue directories have the permissions of
> > >     drwxr-x---   5 mailnull mail 4096 Jul 22  2004 exim/
> > >     drwxr-x---   5 mailnull mail 4096 Nov 30 15:45 exim_incoming/
> > >
> > >     (note:  I didn't touch the exim folder, just the 
> > > exim_incoming)
> > >
> > > Then I do a service exim stop and a service MailScanner start.
> > >
> > > The mail comes into /var/spool/exim_incoming but nothing happens 
> > > after that.  It just stacks up there.  If I stop MailScanner, 
> > > change back the exim.conf file, and start exim mail flows as 
> > > normal.  If I change the exim.conf file to only specify a new 
> > > spool directory everything works fine.  So I"m pretty sure I have 
> > > my queues set up
> correctly.
> > > Obviously though MailScanner doesn't scan the mail if I do that.
> > >
> > > Can someone tell me what I'm missing?
> > >
> > > Steve Evans
> > > 805-756-7517
> > >
> > >
> > > ------------------------ MailScanner list ------------------------ 
> > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> > > 'leave mailscanner' in the body of the email.
> > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and 
> > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> > >
> > > Support MailScanner development - buy the book off the website!
> >
> >
> >
> > ********************************************************************
> > **
> >
> > This email and any files transmitted with it are confidential and 
> > intended solely for the use of the individual or entity to whom they 
> > are
> addressed.
> > If you have received this email in error please notify the system
> manager.
> >
> > This footnote confirms that this email message has been swept for 
> > the presence of computer viruses and is believed to be clean.
> >
> > ********************************************************************
> > **
> >
> > ------------------------ MailScanner list ------------------------ 
> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the Wiki (http://wiki.mailscanner.info/) and 
> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> > Support MailScanner development - buy the book off the website!
> >
> > ------------------------ MailScanner list ------------------------ 
> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the Wiki (http://wiki.mailscanner.info/) and 
> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> > Support MailScanner development - buy the book off the website!
>
>
> **********************************************************************
>
> This email and any files transmitted with it are confidential and 
> intended solely for the use of the individual or entity to whom they are addressed.
> If you have received this email in error please notify the system manager.
>
> This footnote confirms that this email message has been swept for the 
> presence of computer viruses and is believed to be clean.
>
> **********************************************************************
>
> ------------------------ MailScanner list ------------------------ To 
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and the 
> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
> ------------------------ MailScanner list ------------------------ To 
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and the 
> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!


**********************************************************************

This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager.

This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From kwang at UCALGARY.CA  Fri Dec  2 17:12:13 2005
From: kwang at UCALGARY.CA (Kai Wang)
Date: Thu Jan 12 21:31:21 2006
Subject: MailScanner quarantines Outlook "Broken apart large messages"
Message-ID: <mailman.17476.1137101481.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi,

Outlook/OutlookExpress has the "Break apart messages larger than x KB" 
option. I found MailScanner takes the broken messages as "Fragmented 
messages cannot be scanned and are removed". Some of our users are 
complaining about this.

-- 
Kai Wang
System Services
Information Technologies, University of Calgary,
2500 University Drive, N.W.,
Calgary, Alberta, Canada T2N 1N4
Phone (403) 220-2423, Fax (403) 282-9361

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From martinh at SOLID-STATE-LOGIC.COM  Fri Dec  2 17:18:40 2005
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:31:21 2006
Subject: Exim Install
Message-ID: <mailman.17477.1137101481.24926.mailscanner@lists.mailscanner.info>

Steve

Well in your original email you had the config file as /etc/exim.conf and
/etc/exim_scanned.conf.

What version of Exim are you using?

--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Steve Evans
> Sent: 02 December 2005 17:09
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: [MAILSCANNER] Exim Install
> 
> It is correct.
> 
> 
> Steve Evans
> 805-756-7517
> 
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Martin Hepworth
> Sent: Friday, December 02, 2005 8:43 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Exim Install
> 
> Steve
> 
> Hmm silly line wrapping....
> 
> Edit the /etc/sysconfig/MailScanner
> 
> Make sure the EXIMINCF and EXIMSENDCF vars are set properly to point at
> the correct files...
> 
> EXIMINCF=/etc/exim.conf
> 
> EXIMSENDCF=/etc/exim_scanned.conf
> 
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
> 
> > -----Original Message-----
> > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> > Behalf Of Steve Evans
> > Sent: 02 December 2005 16:33
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: Re: [MAILSCANNER] Exim Install
> >
> > I'm sorry, what do you want me to try exactly?
> >
> >
> > Steve Evans
> > 805-756-7517
> >
> > -----Original Message-----
> > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> > Behalf Of Martin Hepworth
> > Sent: Friday, December 02, 2005 8:28 AM
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: Re: Exim Install
> >
> > Steve
> >
> > Try
> >
> > Modified the file /etc/sysconfig/MailScanner EXIM=/usr/sbin/exim
> > EXIMINCF=/etc/exim.conf EXIMSENDCF=/etc/exim_scanned.conf
> >
> > --
> > Martin Hepworth
> > Snr Systems Administrator
> > Solid State Logic
> > Tel: +44 (0)1865 842300
> >
> > > -----Original Message-----
> > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]
> > > On Behalf Of Steve Evans
> > > Sent: 02 December 2005 16:23
> > > To: MAILSCANNER@JISCMAIL.AC.UK
> > > Subject: Re: [MAILSCANNER] Exim Install
> > >
> > > First it was telling me:
> > >
> > > In Debugging mode, not forking...
> > > Cannot create temporary Work Dir /22113. Are the permissions and
> > > ownership of  correct? at
> > > /usr/lib/MailScanner/MailScanner/WorkArea.pm
> > > line 152
> > >
> > > Then I changed the ownership of /var/spool/MailScanner to
> > > mailnull.mailnull (which is the user and group that exim runs as)
> > > and now when I run check_MailScanner it just sits there forever with:
> > >
> > > Starting MailScanner...
> > > In Debugging mode, not forking...
> > >
> > > If I run top it lists MailScanner at the top of the list but it's
> > > consuming no to little CPU.
> > >
> > >
> > > Steve Evans
> > > 805-756-7517
> > >
> > > -----Original Message-----
> > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]
> > > On Behalf Of Martin Hepworth
> > > Sent: Friday, December 02, 2005 12:58 AM
> > > To: MAILSCANNER@JISCMAIL.AC.UK
> > > Subject: Re: Exim Install
> > >
> > > Steve
> > >
> > > Make sure there's something in the incoming spool
> > >
> > > Put MailScanner into debug mode (edit MailScanner.conf and change
> > > both debug values to yes).
> > >
> > > Stop MailScanner
> > >
> > > Run check_mailscanner
> > >
> > > This will dump a load of debug to the screen and you should be able
> > > to see whats happening (or not in your case)
> > >
> > > --
> > > Martin Hepworth
> > > Snr Systems Administrator
> > > Solid State Logic
> > > Tel: +44 (0)1865 842300
> > > > -----Original Message-----
> > > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]
> > > > On Behalf Of Steve Evans
> > > > Sent: 01 December 2005 20:29
> > > > To: MAILSCANNER@JISCMAIL.AC.UK
> > > > Subject: [MAILSCANNER] Exim Install
> > > >
> > > > I'm trying to install MailScanner with exim for the first time.
> > > > Here is a list of the steps I have taken.
> > > >
> > > > Install MailScanner (no problems)
> > > > Copied /etc/exim.conf to /etc/exim_scanned.conf Added these lines
> > > > to /etc/exim.conf
> > > >     spool_directory = /var/spool/exim_incoming
> > > >     queue_only = true
> > > >
> > > > Then down in the routers config section of /etc/exim.conf I added
> > > >     defer_router:
> > > >         driver = manualroute
> > > >         route_list = * 127.0.0.1 byname
> > > >         self = defer
> > > >         verify = false
> > > >
> > > > In MailScanner.conf I modified these lines
> > > >     Incoming Queue Dir = /var/spool/exim_incoming/input/
> > > >     Outgoing Queue Dir = /var/spool/exim/input/
> > > >     MTA = exim
> > > >     Sendmail = /usr/sbin/exim
> > > >     Sendmail2 = /usr/sbin/exim -C /etc/exim_scanned.conf
> > > >
> > > > Modified the file /etc/sysconfig/MailScanner
> > > >     EXIM=/usr/sbin/exim
> > > >     EXIMINCF=/etc/exim/exim.conf
> > > >     EXIMSENDCF=/etc/exim/exim_scanned.conf
> > > >
> > > > My two queue directories have the permissions of
> > > >     drwxr-x---   5 mailnull mail 4096 Jul 22  2004 exim/
> > > >     drwxr-x---   5 mailnull mail 4096 Nov 30 15:45 exim_incoming/
> > > >
> > > >     (note:  I didn't touch the exim folder, just the
> > > > exim_incoming)
> > > >
> > > > Then I do a service exim stop and a service MailScanner start.
> > > >
> > > > The mail comes into /var/spool/exim_incoming but nothing happens
> > > > after that.  It just stacks up there.  If I stop MailScanner,
> > > > change back the exim.conf file, and start exim mail flows as
> > > > normal.  If I change the exim.conf file to only specify a new
> > > > spool directory everything works fine.  So I"m pretty sure I have
> > > > my queues set up
> > correctly.
> > > > Obviously though MailScanner doesn't scan the mail if I do that.
> > > >
> > > > Can someone tell me what I'm missing?
> > > >
> > > > Steve Evans
> > > > 805-756-7517
> > > >



**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From prandal at HEREFORDSHIRE.GOV.UK  Fri Dec  2 17:20:12 2005
From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil)
Date: Thu Jan 12 21:31:21 2006
Subject: MailScanner quarantines Outlook "Broken apart large messages"
Message-ID: <mailman.17478.1137101481.24926.mailscanner@lists.mailscanner.info>

Well, you can create a rule, but bear in mind that fragmented messages
could well contain nasties which cannot be detected until the message /
attachment is reassembled in the user's mail reader.  As it's doubtful
your users will be running ClamAV / Bitdefender (for example) on their
desktops, you're courting with disaster...

in MailScanner.conf:

# Do you want to allow partial messages, which only contain a fraction
of
# the attachments, not the whole thing? There is absolutely no way to
# scan these "partial messages" properly for viruses, as MailScanner
never
# sees all of the attachment at the same time. Enabling this option can
# allow viruses through. You have been warned.
# This can also be the filename of a ruleset so you can, for example,
allow
# them in outgoing mail but not in incoming mail.
Allow Partial Messages = %rules-dir%/partial.messages.rules

I've currently got two email addresses in my partial.messages.rules
file, and that's all.

Cheers,

Phil

----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK  

> -----Original Message-----
> From: MailScanner mailing list 
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Kai Wang
> Sent: 02 December 2005 17:12
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: MailScanner quarantines Outlook "Broken apart large messages"
> 
> Hi,
> 
> Outlook/OutlookExpress has the "Break apart messages larger 
> than x KB" 
> option. I found MailScanner takes the broken messages as 
> "Fragmented messages cannot be scanned and are removed". Some 
> of our users are complaining about this.
> 
> --
> Kai Wang
> System Services
> Information Technologies, University of Calgary, 2500 
> University Drive, N.W., Calgary, Alberta, Canada T2N 1N4 
> Phone (403) 220-2423, Fax (403) 282-9361
> 
> ------------------------ MailScanner list 
> ------------------------ To unsubscribe, email 
> jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) 
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From scevans at CALPOLY.EDU  Fri Dec  2 17:33:03 2005
From: scevans at CALPOLY.EDU (Steve Evans)
Date: Thu Jan 12 21:31:21 2006
Subject: Exim Install
Message-ID: <mailman.17479.1137101481.24926.mailscanner@lists.mailscanner.info>

4.43

If I take out the line queue_only = true from /etc/exim.conf I can start MailScanner and it runs fine.  It just doesn't scan mail.  Mail just gets delieverd like normal.  So I'm pretty sure I have everything pointed to the right conf files.

Also if I do a check_MailScanner I noticed that no exim process's ever fire.  It gets stuck before that point.

One of the steps from the wiki (http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:exim:installation&s=exim+4) was to change the file /etc/init.d/exim

I had trouble finding the line /usr/exim/bin/exim -bd -q15m, so I moved the exim file, created a new one, and put in the two lines

/usr/sbin/exim -bd
/usr/sbin/exim -q15m -C /etc/exim_scanned.conf

Obviously there's no error checking or such, but it gets the job done for now.  If I start my new exim service it runs fine.  I just have to kill the process's manually.  I have attached the original /etc/init.d/exim file.

Steve Evans
805-756-7517

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth
Sent: Friday, December 02, 2005 9:19 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Exim Install

Steve

Well in your original email you had the config file as /etc/exim.conf and /etc/exim_scanned.conf.

What version of Exim are you using?

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On 
> Behalf Of Steve Evans
> Sent: 02 December 2005 17:09
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: [MAILSCANNER] Exim Install
>
> It is correct.
>
>
> Steve Evans
> 805-756-7517
>
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On 
> Behalf Of Martin Hepworth
> Sent: Friday, December 02, 2005 8:43 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Exim Install
>
> Steve
>
> Hmm silly line wrapping....
>
> Edit the /etc/sysconfig/MailScanner
>
> Make sure the EXIMINCF and EXIMSENDCF vars are set properly to point 
> at the correct files...
>
> EXIMINCF=/etc/exim.conf
>
> EXIMSENDCF=/etc/exim_scanned.conf
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
> > -----Original Message-----
> > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] 
> > On Behalf Of Steve Evans
> > Sent: 02 December 2005 16:33
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: Re: [MAILSCANNER] Exim Install
> >
> > I'm sorry, what do you want me to try exactly?
> >
> >
> > Steve Evans
> > 805-756-7517
> >
> > -----Original Message-----
> > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] 
> > On Behalf Of Martin Hepworth
> > Sent: Friday, December 02, 2005 8:28 AM
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: Re: Exim Install
> >
> > Steve
> >
> > Try
> >
> > Modified the file /etc/sysconfig/MailScanner EXIM=/usr/sbin/exim 
> > EXIMINCF=/etc/exim.conf EXIMSENDCF=/etc/exim_scanned.conf
> >
> > --
> > Martin Hepworth
> > Snr Systems Administrator
> > Solid State Logic
> > Tel: +44 (0)1865 842300
> >
> > > -----Original Message-----
> > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]
> > > On Behalf Of Steve Evans
> > > Sent: 02 December 2005 16:23
> > > To: MAILSCANNER@JISCMAIL.AC.UK
> > > Subject: Re: [MAILSCANNER] Exim Install
> > >
> > > First it was telling me:
> > >
> > > In Debugging mode, not forking...
> > > Cannot create temporary Work Dir /22113. Are the permissions and 
> > > ownership of  correct? at 
> > > /usr/lib/MailScanner/MailScanner/WorkArea.pm
> > > line 152
> > >
> > > Then I changed the ownership of /var/spool/MailScanner to 
> > > mailnull.mailnull (which is the user and group that exim runs as) 
> > > and now when I run check_MailScanner it just sits there forever with:
> > >
> > > Starting MailScanner...
> > > In Debugging mode, not forking...
> > >
> > > If I run top it lists MailScanner at the top of the list but it's 
> > > consuming no to little CPU.
> > >
> > >
> > > Steve Evans
> > > 805-756-7517
> > >
> > > -----Original Message-----
> > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]
> > > On Behalf Of Martin Hepworth
> > > Sent: Friday, December 02, 2005 12:58 AM
> > > To: MAILSCANNER@JISCMAIL.AC.UK
> > > Subject: Re: Exim Install
> > >
> > > Steve
> > >
> > > Make sure there's something in the incoming spool
> > >
> > > Put MailScanner into debug mode (edit MailScanner.conf and change 
> > > both debug values to yes).
> > >
> > > Stop MailScanner
> > >
> > > Run check_mailscanner
> > >
> > > This will dump a load of debug to the screen and you should be 
> > > able to see whats happening (or not in your case)
> > >
> > > --
> > > Martin Hepworth
> > > Snr Systems Administrator
> > > Solid State Logic
> > > Tel: +44 (0)1865 842300
> > > > -----Original Message-----
> > > > From: MailScanner mailing list 
> > > > [mailto:MAILSCANNER@JISCMAIL.AC.UK]
> > > > On Behalf Of Steve Evans
> > > > Sent: 01 December 2005 20:29
> > > > To: MAILSCANNER@JISCMAIL.AC.UK
> > > > Subject: [MAILSCANNER] Exim Install
> > > >
> > > > I'm trying to install MailScanner with exim for the first time.
> > > > Here is a list of the steps I have taken.
> > > >
> > > > Install MailScanner (no problems) Copied /etc/exim.conf to 
> > > > /etc/exim_scanned.conf Added these lines to /etc/exim.conf
> > > >     spool_directory = /var/spool/exim_incoming
> > > >     queue_only = true
> > > >
> > > > Then down in the routers config section of /etc/exim.conf I added
> > > >     defer_router:
> > > >         driver = manualroute
> > > >         route_list = * 127.0.0.1 byname
> > > >         self = defer
> > > >         verify = false
> > > >
> > > > In MailScanner.conf I modified these lines
> > > >     Incoming Queue Dir = /var/spool/exim_incoming/input/
> > > >     Outgoing Queue Dir = /var/spool/exim/input/
> > > >     MTA = exim
> > > >     Sendmail = /usr/sbin/exim
> > > >     Sendmail2 = /usr/sbin/exim -C /etc/exim_scanned.conf
> > > >
> > > > Modified the file /etc/sysconfig/MailScanner
> > > >     EXIM=/usr/sbin/exim
> > > >     EXIMINCF=/etc/exim/exim.conf
> > > >     EXIMSENDCF=/etc/exim/exim_scanned.conf
> > > >
> > > > My two queue directories have the permissions of
> > > >     drwxr-x---   5 mailnull mail 4096 Jul 22  2004 exim/
> > > >     drwxr-x---   5 mailnull mail 4096 Nov 30 15:45 exim_incoming/
> > > >
> > > >     (note:  I didn't touch the exim folder, just the
> > > > exim_incoming)
> > > >
> > > > Then I do a service exim stop and a service MailScanner start.
> > > >
> > > > The mail comes into /var/spool/exim_incoming but nothing happens 
> > > > after that.  It just stacks up there.  If I stop MailScanner, 
> > > > change back the exim.conf file, and start exim mail flows as 
> > > > normal.  If I change the exim.conf file to only specify a new 
> > > > spool directory everything works fine.  So I"m pretty sure I 
> > > > have my queues set up
> > correctly.
> > > > Obviously though MailScanner doesn't scan the mail if I do that.
> > > >
> > > > Can someone tell me what I'm missing?
> > > >
> > > > Steve Evans
> > > > 805-756-7517
> > > >



**********************************************************************

This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager.

This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, Application/OCTET-STREAM (Name: "exim.org")  5.3KB. ]
    [ Unable to print this part. ]


From martinh at SOLID-STATE-LOGIC.COM  Fri Dec  2 17:44:19 2005
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:31:21 2006
Subject: Exim Install
Message-ID: <mailman.17480.1137101481.24926.mailscanner@lists.mailscanner.info>

Should only need

queue_only = true

and 

queue_only_override = false

in the exim.conf Main config settings at the top...

--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Steve Evans
> Sent: 02 December 2005 17:33
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: [MAILSCANNER] Exim Install
> 
> 4.43
> 
> If I take out the line queue_only = true from /etc/exim.conf I can start
> MailScanner and it runs fine.  It just doesn't scan mail.  Mail just gets
> delieverd like normal.  So I'm pretty sure I have everything pointed to
> the right conf files.
> 
> Also if I do a check_MailScanner I noticed that no exim process's ever
> fire.  It gets stuck before that point.
> 
> One of the steps from the wiki
> (http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:
> exim:installation&s=exim+4) was to change the file /etc/init.d/exim
> 
> I had trouble finding the line /usr/exim/bin/exim -bd -q15m, so I moved
> the exim file, created a new one, and put in the two lines
> 
> /usr/sbin/exim -bd
> /usr/sbin/exim -q15m -C /etc/exim_scanned.conf
> 
> Obviously there's no error checking or such, but it gets the job done for
> now.  If I start my new exim service it runs fine.  I just have to kill
> the process's manually.  I have attached the original /etc/init.d/exim
> file.
> 
> Steve Evans
> 805-756-7517
> 
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Martin Hepworth
> Sent: Friday, December 02, 2005 9:19 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Exim Install
> 
> Steve
> 
> Well in your original email you had the config file as /etc/exim.conf and
> /etc/exim_scanned.conf.
> 
> What version of Exim are you using?
> 
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
> 
> > -----Original Message-----
> > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> > Behalf Of Steve Evans
> > Sent: 02 December 2005 17:09
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: Re: [MAILSCANNER] Exim Install
> >
> > It is correct.
> >
> >
> > Steve Evans
> > 805-756-7517
> >
> > -----Original Message-----
> > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> > Behalf Of Martin Hepworth
> > Sent: Friday, December 02, 2005 8:43 AM
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: Re: Exim Install
> >
> > Steve
> >
> > Hmm silly line wrapping....
> >
> > Edit the /etc/sysconfig/MailScanner
> >
> > Make sure the EXIMINCF and EXIMSENDCF vars are set properly to point
> > at the correct files...
> >
> > EXIMINCF=/etc/exim.conf
> >
> > EXIMSENDCF=/etc/exim_scanned.conf
> >
> > --
> > Martin Hepworth
> > Snr Systems Administrator
> > Solid State Logic
> > Tel: +44 (0)1865 842300
> >
> > > -----Original Message-----
> > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]
> > > On Behalf Of Steve Evans
> > > Sent: 02 December 2005 16:33
> > > To: MAILSCANNER@JISCMAIL.AC.UK
> > > Subject: Re: [MAILSCANNER] Exim Install
> > >
> > > I'm sorry, what do you want me to try exactly?
> > >
> > >
> > > Steve Evans
> > > 805-756-7517
> > >
> > > -----Original Message-----
> > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]
> > > On Behalf Of Martin Hepworth
> > > Sent: Friday, December 02, 2005 8:28 AM
> > > To: MAILSCANNER@JISCMAIL.AC.UK
> > > Subject: Re: Exim Install
> > >
> > > Steve
> > >
> > > Try
> > >
> > > Modified the file /etc/sysconfig/MailScanner EXIM=/usr/sbin/exim
> > > EXIMINCF=/etc/exim.conf EXIMSENDCF=/etc/exim_scanned.conf
> > >
> > > --
> > > Martin Hepworth
> > > Snr Systems Administrator
> > > Solid State Logic
> > > Tel: +44 (0)1865 842300
> > >
> > > > -----Original Message-----
> > > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]
> > > > On Behalf Of Steve Evans
> > > > Sent: 02 December 2005 16:23
> > > > To: MAILSCANNER@JISCMAIL.AC.UK
> > > > Subject: Re: [MAILSCANNER] Exim Install
> > > >
> > > > First it was telling me:
> > > >
> > > > In Debugging mode, not forking...
> > > > Cannot create temporary Work Dir /22113. Are the permissions and
> > > > ownership of  correct? at
> > > > /usr/lib/MailScanner/MailScanner/WorkArea.pm
> > > > line 152
> > > >
> > > > Then I changed the ownership of /var/spool/MailScanner to
> > > > mailnull.mailnull (which is the user and group that exim runs as)
> > > > and now when I run check_MailScanner it just sits there forever
> with:
> > > >
> > > > Starting MailScanner...
> > > > In Debugging mode, not forking...
> > > >
> > > > If I run top it lists MailScanner at the top of the list but it's
> > > > consuming no to little CPU.
> > > >
> > > >
> > > > Steve Evans
> > > > 805-756-7517
> > > >
> > > > -----Original Message-----
> > > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]
> > > > On Behalf Of Martin Hepworth
> > > > Sent: Friday, December 02, 2005 12:58 AM
> > > > To: MAILSCANNER@JISCMAIL.AC.UK
> > > > Subject: Re: Exim Install
> > > >
> > > > Steve
> > > >
> > > > Make sure there's something in the incoming spool
> > > >
> > > > Put MailScanner into debug mode (edit MailScanner.conf and change
> > > > both debug values to yes).
> > > >
> > > > Stop MailScanner
> > > >
> > > > Run check_mailscanner
> > > >
> > > > This will dump a load of debug to the screen and you should be
> > > > able to see whats happening (or not in your case)
> > > >
> > > > --
> > > > Martin Hepworth
> > > > Snr Systems Administrator
> > > > Solid State Logic
> > > > Tel: +44 (0)1865 842300
> > > > > -----Original Message-----
> > > > > From: MailScanner mailing list
> > > > > [mailto:MAILSCANNER@JISCMAIL.AC.UK]
> > > > > On Behalf Of Steve Evans
> > > > > Sent: 01 December 2005 20:29
> > > > > To: MAILSCANNER@JISCMAIL.AC.UK
> > > > > Subject: [MAILSCANNER] Exim Install
> > > > >
> > > > > I'm trying to install MailScanner with exim for the first time.
> > > > > Here is a list of the steps I have taken.
> > > > >
> > > > > Install MailScanner (no problems) Copied /etc/exim.conf to
> > > > > /etc/exim_scanned.conf Added these lines to /etc/exim.conf
> > > > >     spool_directory = /var/spool/exim_incoming
> > > > >     queue_only = true
> > > > >
> > > > > Then down in the routers config section of /etc/exim.conf I added
> > > > >     defer_router:
> > > > >         driver = manualroute
> > > > >         route_list = * 127.0.0.1 byname
> > > > >         self = defer
> > > > >         verify = false
> > > > >
> > > > > In MailScanner.conf I modified these lines
> > > > >     Incoming Queue Dir = /var/spool/exim_incoming/input/
> > > > >     Outgoing Queue Dir = /var/spool/exim/input/
> > > > >     MTA = exim
> > > > >     Sendmail = /usr/sbin/exim
> > > > >     Sendmail2 = /usr/sbin/exim -C /etc/exim_scanned.conf
> > > > >
> > > > > Modified the file /etc/sysconfig/MailScanner
> > > > >     EXIM=/usr/sbin/exim
> > > > >     EXIMINCF=/etc/exim/exim.conf
> > > > >     EXIMSENDCF=/etc/exim/exim_scanned.conf
> > > > >
> > > > > My two queue directories have the permissions of
> > > > >     drwxr-x---   5 mailnull mail 4096 Jul 22  2004 exim/
> > > > >     drwxr-x---   5 mailnull mail 4096 Nov 30 15:45 exim_incoming/
> > > > >
> > > > >     (note:  I didn't touch the exim folder, just the
> > > > > exim_incoming)
> > > > >
> > > > > Then I do a service exim stop and a service MailScanner start.
> > > > >
> > > > > The mail comes into /var/spool/exim_incoming but nothing happens
> > > > > after that.  It just stacks up there.  If I stop MailScanner,
> > > > > change back the exim.conf file, and start exim mail flows as
> > > > > normal.  If I change the exim.conf file to only specify a new
> > > > > spool directory everything works fine.  So I"m pretty sure I
> > > > > have my queues set up
> > > correctly.
> > > > > Obviously though MailScanner doesn't scan the mail if I do that.
> > > > >
> > > > > Can someone tell me what I'm missing?
> > > > >
> > > > > Steve Evans
> > > > > 805-756-7517
> > > > >
> 
> 
> 
> **********************************************************************
> 
> This email and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity to whom they are addressed.
> If you have received this email in error please notify the system manager.
> 
> This footnote confirms that this email message has been swept for the
> presence of computer viruses and is believed to be clean.
> 
> **********************************************************************
> 
> ------------------------ MailScanner list ------------------------ To
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and the
> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From martinh at SOLID-STATE-LOGIC.COM  Fri Dec  2 17:46:37 2005
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:31:21 2006
Subject: Exim Install
Message-ID: <mailman.17481.1137101481.24926.mailscanner@lists.mailscanner.info>

Hmmm

When its in debug mode it should only go through one sequence and stop....
most odd..



--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Steve Evans
> Sent: 02 December 2005 17:33
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: [MAILSCANNER] Exim Install
> 
> 4.43
> 
> If I take out the line queue_only = true from /etc/exim.conf I can start
> MailScanner and it runs fine.  It just doesn't scan mail.  Mail just gets
> delieverd like normal.  So I'm pretty sure I have everything pointed to
> the right conf files.
> 
> Also if I do a check_MailScanner I noticed that no exim process's ever
> fire.  It gets stuck before that point.
> 
> One of the steps from the wiki
> (http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:
> exim:installation&s=exim+4) was to change the file /etc/init.d/exim
> 
> I had trouble finding the line /usr/exim/bin/exim -bd -q15m, so I moved
> the exim file, created a new one, and put in the two lines
> 
> /usr/sbin/exim -bd
> /usr/sbin/exim -q15m -C /etc/exim_scanned.conf
> 
> Obviously there's no error checking or such, but it gets the job done for
> now.  If I start my new exim service it runs fine.  I just have to kill
> the process's manually.  I have attached the original /etc/init.d/exim
> file.
> 
> Steve Evans
> 805-756-7517
> 
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Martin Hepworth
> Sent: Friday, December 02, 2005 9:19 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Exim Install
> 
> Steve
> 
> Well in your original email you had the config file as /etc/exim.conf and
> /etc/exim_scanned.conf.
> 
> What version of Exim are you using?
> 
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
> 
> > -----Original Message-----
> > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> > Behalf Of Steve Evans
> > Sent: 02 December 2005 17:09
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: Re: [MAILSCANNER] Exim Install
> >
> > It is correct.
> >
> >
> > Steve Evans
> > 805-756-7517
> >
> > -----Original Message-----
> > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> > Behalf Of Martin Hepworth
> > Sent: Friday, December 02, 2005 8:43 AM
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: Re: Exim Install
> >
> > Steve
> >
> > Hmm silly line wrapping....
> >
> > Edit the /etc/sysconfig/MailScanner
> >
> > Make sure the EXIMINCF and EXIMSENDCF vars are set properly to point
> > at the correct files...
> >
> > EXIMINCF=/etc/exim.conf
> >
> > EXIMSENDCF=/etc/exim_scanned.conf
> >
> > --
> > Martin Hepworth
> > Snr Systems Administrator
> > Solid State Logic
> > Tel: +44 (0)1865 842300
> >
> > > -----Original Message-----
> > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]
> > > On Behalf Of Steve Evans
> > > Sent: 02 December 2005 16:33
> > > To: MAILSCANNER@JISCMAIL.AC.UK
> > > Subject: Re: [MAILSCANNER] Exim Install
> > >
> > > I'm sorry, what do you want me to try exactly?
> > >
> > >
> > > Steve Evans
> > > 805-756-7517
> > >
> > > -----Original Message-----
> > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]
> > > On Behalf Of Martin Hepworth
> > > Sent: Friday, December 02, 2005 8:28 AM
> > > To: MAILSCANNER@JISCMAIL.AC.UK
> > > Subject: Re: Exim Install
> > >
> > > Steve
> > >
> > > Try
> > >
> > > Modified the file /etc/sysconfig/MailScanner EXIM=/usr/sbin/exim
> > > EXIMINCF=/etc/exim.conf EXIMSENDCF=/etc/exim_scanned.conf
> > >
> > > --
> > > Martin Hepworth
> > > Snr Systems Administrator
> > > Solid State Logic
> > > Tel: +44 (0)1865 842300
> > >
> > > > -----Original Message-----
> > > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]
> > > > On Behalf Of Steve Evans
> > > > Sent: 02 December 2005 16:23
> > > > To: MAILSCANNER@JISCMAIL.AC.UK
> > > > Subject: Re: [MAILSCANNER] Exim Install
> > > >
> > > > First it was telling me:
> > > >
> > > > In Debugging mode, not forking...
> > > > Cannot create temporary Work Dir /22113. Are the permissions and
> > > > ownership of  correct? at
> > > > /usr/lib/MailScanner/MailScanner/WorkArea.pm
> > > > line 152
> > > >
> > > > Then I changed the ownership of /var/spool/MailScanner to
> > > > mailnull.mailnull (which is the user and group that exim runs as)
> > > > and now when I run check_MailScanner it just sits there forever
> with:
> > > >
> > > > Starting MailScanner...
> > > > In Debugging mode, not forking...
> > > >
> > > > If I run top it lists MailScanner at the top of the list but it's
> > > > consuming no to little CPU.
> > > >
> > > >
> > > > Steve Evans
> > > > 805-756-7517
> > > >
> > > > -----Original Message-----
> > > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]
> > > > On Behalf Of Martin Hepworth
> > > > Sent: Friday, December 02, 2005 12:58 AM
> > > > To: MAILSCANNER@JISCMAIL.AC.UK
> > > > Subject: Re: Exim Install
> > > >
> > > > Steve
> > > >
> > > > Make sure there's something in the incoming spool
> > > >
> > > > Put MailScanner into debug mode (edit MailScanner.conf and change
> > > > both debug values to yes).
> > > >
> > > > Stop MailScanner
> > > >
> > > > Run check_mailscanner
> > > >
> > > > This will dump a load of debug to the screen and you should be
> > > > able to see whats happening (or not in your case)
> > > >
> > > > --
> > > > Martin Hepworth
> > > > Snr Systems Administrator
> > > > Solid State Logic
> > > > Tel: +44 (0)1865 842300
> > > > > -----Original Message-----
> > > > > From: MailScanner mailing list
> > > > > [mailto:MAILSCANNER@JISCMAIL.AC.UK]
> > > > > On Behalf Of Steve Evans
> > > > > Sent: 01 December 2005 20:29
> > > > > To: MAILSCANNER@JISCMAIL.AC.UK
> > > > > Subject: [MAILSCANNER] Exim Install
> > > > >
> > > > > I'm trying to install MailScanner with exim for the first time.
> > > > > Here is a list of the steps I have taken.
> > > > >
> > > > > Install MailScanner (no problems) Copied /etc/exim.conf to
> > > > > /etc/exim_scanned.conf Added these lines to /etc/exim.conf
> > > > >     spool_directory = /var/spool/exim_incoming
> > > > >     queue_only = true
> > > > >
> > > > > Then down in the routers config section of /etc/exim.conf I added
> > > > >     defer_router:
> > > > >         driver = manualroute
> > > > >         route_list = * 127.0.0.1 byname
> > > > >         self = defer
> > > > >         verify = false
> > > > >
> > > > > In MailScanner.conf I modified these lines
> > > > >     Incoming Queue Dir = /var/spool/exim_incoming/input/
> > > > >     Outgoing Queue Dir = /var/spool/exim/input/
> > > > >     MTA = exim
> > > > >     Sendmail = /usr/sbin/exim
> > > > >     Sendmail2 = /usr/sbin/exim -C /etc/exim_scanned.conf
> > > > >
> > > > > Modified the file /etc/sysconfig/MailScanner
> > > > >     EXIM=/usr/sbin/exim
> > > > >     EXIMINCF=/etc/exim/exim.conf
> > > > >     EXIMSENDCF=/etc/exim/exim_scanned.conf
> > > > >
> > > > > My two queue directories have the permissions of
> > > > >     drwxr-x---   5 mailnull mail 4096 Jul 22  2004 exim/
> > > > >     drwxr-x---   5 mailnull mail 4096 Nov 30 15:45 exim_incoming/
> > > > >
> > > > >     (note:  I didn't touch the exim folder, just the
> > > > > exim_incoming)
> > > > >
> > > > > Then I do a service exim stop and a service MailScanner start.
> > > > >
> > > > > The mail comes into /var/spool/exim_incoming but nothing happens
> > > > > after that.  It just stacks up there.  If I stop MailScanner,
> > > > > change back the exim.conf file, and start exim mail flows as
> > > > > normal.  If I change the exim.conf file to only specify a new
> > > > > spool directory everything works fine.  So I"m pretty sure I
> > > > > have my queues set up
> > > correctly.
> > > > > Obviously though MailScanner doesn't scan the mail if I do that.
> > > > >
> > > > > Can someone tell me what I'm missing?
> > > > >
> > > > > Steve Evans
> > > > > 805-756-7517
> > > > >
> 
> 
> 
> **********************************************************************
> 
> This email and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity to whom they are addressed.
> If you have received this email in error please notify the system manager.
> 
> This footnote confirms that this email message has been swept for the
> presence of computer viruses and is believed to be clean.
> 
> **********************************************************************
> 
> ------------------------ MailScanner list ------------------------ To
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and the
> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mailscanner at BARENDSE.TO  Fri Dec  2 17:56:41 2005
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:31:21 2006
Subject: Why is MS doing spam checks first?
Message-ID: <mailman.17482.1137101481.24926.mailscanner@lists.mailscanner.info>

On Thu, 1 Dec 2005, Kai Schaetzl wrote:

> Remco Barendse wrote on         Thu, 1 Dec 2005 13:28:51 +0100:
>
>> I would assume the zipfiles contain a virus / trojan, but why isn't MS
>> doing virus and filename checks first? It would save a lot of cpu cycles
>> on spamass which is putting more and more mail servers to a grinding halt
>
> You can reject almost 100% of all viruses without even Mailscanner working.
> Just reject on MTA level based on zombie and DUHL RBL lists and/or use
> greylisting. The only viruses you will get are those bounced by real
> mailservers.

Unfortunately, in my case I also have batched SMTP from my provider. This 
means that any mail that is not deliverable directly to one of the mail 
servers, it is queued by my provider.

I'm just running a small site, about 2000 mails a day (incl. spam/virii 
etc. which accounts for half of that).

Right now one box (an Athlon XP2600 with 1 Gb of ram and max 2 MailScanner 
threads) is getting hammered with virii. It's taking up to 10K virus mails 
per day now (normal volume is 100-200 mails per day on that 2nd in 
line box).

Continually there are 1300 messages in the mqueue.in directory and load is 
around 3.

In this case the box is hurt really bad by this Worm.Sober and scanning 
for viruses first will drop the load / queue within seconds.

Now it is pulling all the virus mails through SpamAssassin which seems to 
take forever especially because most worms are 75 Kb in size and SA seems 
to look through it all bit by bit.

I guess for high volume sites it levels out because on average, most mails 
will be spam.


(but I wonder what kind of horsepower you would need to process 10-50K of 
mails through MS+SA)

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From scevans at CALPOLY.EDU  Fri Dec  2 18:26:27 2005
From: scevans at CALPOLY.EDU (Steve Evans)
Date: Thu Jan 12 21:31:22 2006
Subject: Exim Install
Message-ID: <mailman.17483.1137101481.24926.mailscanner@lists.mailscanner.info>

I went through the instructions again, starting from scratch.  I've made some serious progress.  MailScanner is definantly processing some mail.  I show that I process some mail in the maillog.

However I keep getting these lines in the maillog

Dec  2 13:25:58 1n6-5 MailScanner[19651]: Could not open file >/var/spool/exim.out/input/i/1EiFai-0004f7-Sr-D: No such file or directory 
Dec  2 13:25:58 1n6-5 MailScanner[19651]: Cannot create + lock clean body /var/spool/exim.out/input/i/1EiFai-0004f7-Sr-D,  

And it will be for the same file over and over again.

Here are the results of check_MailScanner though.

Starting MailScanner...
In Debugging mode, not forking...
Done the parse. Counter = 0 and max = 200
format error: bad signature: 0x00905a4d at offset 0 in file /var/spool/MailScanner/incoming/32097/1Ehj5W-0001dj-A9/File-packed_dataInfo.exe 
 at /usr/lib/MailScanner/MailScanner/MessageBatch.pm line 443
IO error: seeking to local header : Invalid argument 
 at /usr/lib/MailScanner/MailScanner/MessageBatch.pm line 443
Done the parse. Counter = 0 and max = 200
format error: can't find EOCD signature 
 at /usr/sbin/MailScanner line 599
Done the parse. Counter = 0 and max = 200
format error: can't find EOCD signature 
 at /usr/sbin/MailScanner line 599
Done the parse. Counter = 0 and max = 200
Done the parse. Counter = 0 and max = 200
format error: bad signature: 0x00905a4d at offset 0 in file /var/spool/MailScanner/incoming/32097/1EhWT6-0002aZ-H3/File-packed_dataInfo.exe 
 at /usr/lib/MailScanner/MailScanner/MessageBatch.pm line 443
IO error: seeking to local header : Invalid argument 
 at /usr/lib/MailScanner/MailScanner/MessageBatch.pm line 443
Done the parse. Counter = 0 and max = 200
Done the parse. Counter = 0 and max = 200
Done the parse. Counter = 0 and max = 200
format error: bad signature: 0x00905a4d at offset 0 in file /var/spool/MailScanner/incoming/32097/1EhGoQ-0005Hr-QC/File-packed_dataInfo.exe 
 at /usr/lib/MailScanner/MailScanner/MessageBatch.pm line 443
IO error: seeking to local header : Invalid argument 
 at /usr/lib/MailScanner/MailScanner/MessageBatch.pm line 443
Done the parse. Counter = 0 and max = 200
format error: bad signature: 0x00905a4d at offset 0 in file /var/spool/MailScanner/incoming/32097/1EhbVW-0005E9-33/File-packed_dataInfo.exe 
 at /usr/lib/MailScanner/MailScanner/MessageBatch.pm line 443
IO error: seeking to local header : Invalid argument 
 at /usr/lib/MailScanner/MailScanner/MessageBatch.pm line 443
Done the parse. Counter = 0 and max = 200
Done the parse. Counter = 0 and max = 200
Done the parse. Counter = 0 and max = 200
Done the parse. Counter = 0 and max = 200
Done the parse. Counter = 0 and max = 200
Done the parse. Counter = 0 and max = 200
format error: bad signature: 0x00905a4d at offset 0 in file /var/spool/MailScanner/incoming/32097/1Ehqwg-0000F1-N0/File-packed_dataInfo.exe 
 at /usr/lib/MailScanner/MailScanner/MessageBatch.pm line 443
IO error: seeking to local header : Invalid argument 
 at /usr/lib/MailScanner/MailScanner/MessageBatch.pm line 443
Done the parse. Counter = 0 and max = 200
Done the parse. Counter = 0 and max = 200
format error: bad signature: 0x00905a4d at offset 0 in file /var/spool/MailScanner/incoming/32097/1EhrjH-0003vf-J8/File-packed_dataInfo.exe 
 at /usr/lib/MailScanner/MailScanner/MessageBatch.pm line 443
IO error: seeking to local header : Invalid argument 
 at /usr/lib/MailScanner/MailScanner/MessageBatch.pm line 443
Done the parse. Counter = 0 and max = 200
format error: bad signature: 0x00905a4d at offset 0 in file /var/spool/MailScanner/incoming/32097/1EhJXv-0003mO-Np/File-packed_dataInfo.exe 
 at /usr/lib/MailScanner/MailScanner/MessageBatch.pm line 443
IO error: seeking to local header : Invalid argument 
 at /usr/lib/MailScanner/MailScanner/MessageBatch.pm line 443
Done the parse. Counter = 0 and max = 200
Done the parse. Counter = 0 and max = 200
Done the parse. Counter = 0 and max = 200
Done the parse. Counter = 0 and max = 200
format error: bad signature: 0x00905a4d at offset 0 in file /var/spool/MailScanner/incoming/32097/1EhYXr-0000G5-58/File-packed_dataInfo.exe 
 at /usr/lib/MailScanner/MailScanner/MessageBatch.pm line 443
IO error: seeking to local header : Invalid argument 
 at /usr/lib/MailScanner/MailScanner/MessageBatch.pm line 443
Done the parse. Counter = 0 and max = 200
Done the parse. Counter = 0 and max = 200
format error: bad signature: 0x00905a4d at offset 0 in file /var/spool/MailScanner/incoming/32097/1EhduZ-0003xD-UA/File-packed_dataInfo.exe 
 at /usr/lib/MailScanner/MailScanner/MessageBatch.pm line 443
IO error: seeking to local header : Invalid argument 
 at /usr/lib/MailScanner/MailScanner/MessageBatch.pm line 443
Done the parse. Counter = 0 and max = 200
Done the parse. Counter = 0 and max = 200
Done the parse. Counter = 0 and max = 200
Done the parse. Counter = 0 and max = 200
Done the parse. Counter = 0 and max = 200
Done the parse. Counter = 0 and max = 200
Cannot create + lock clean body /var/spool/exim.out/input/O/1Ehj7O-0007z2-HW-D,  at /usr/lib/MailScanner/MailScanner/EximDiskStore.pm line 370

 


Steve Evans
805-756-7517

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth
Sent: Friday, December 02, 2005 9:47 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Exim Install

Hmmm

When its in debug mode it should only go through one sequence and stop....
most odd..



--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On 
> Behalf Of Steve Evans
> Sent: 02 December 2005 17:33
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: [MAILSCANNER] Exim Install
>
> 4.43
>
> If I take out the line queue_only = true from /etc/exim.conf I can 
> start MailScanner and it runs fine.  It just doesn't scan mail.  Mail 
> just gets delieverd like normal.  So I'm pretty sure I have everything 
> pointed to the right conf files.
>
> Also if I do a check_MailScanner I noticed that no exim process's ever 
> fire.  It gets stuck before that point.
>
> One of the steps from the wiki
> (http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:
> exim:installation&s=exim+4) was to change the file /etc/init.d/exim
>
> I had trouble finding the line /usr/exim/bin/exim -bd -q15m, so I 
> moved the exim file, created a new one, and put in the two lines
>
> /usr/sbin/exim -bd
> /usr/sbin/exim -q15m -C /etc/exim_scanned.conf
>
> Obviously there's no error checking or such, but it gets the job done 
> for now.  If I start my new exim service it runs fine.  I just have to 
> kill the process's manually.  I have attached the original 
> /etc/init.d/exim file.
>
> Steve Evans
> 805-756-7517
>
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On 
> Behalf Of Martin Hepworth
> Sent: Friday, December 02, 2005 9:19 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Exim Install
>
> Steve
>
> Well in your original email you had the config file as /etc/exim.conf 
> and /etc/exim_scanned.conf.
>
> What version of Exim are you using?
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
> > -----Original Message-----
> > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] 
> > On Behalf Of Steve Evans
> > Sent: 02 December 2005 17:09
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: Re: [MAILSCANNER] Exim Install
> >
> > It is correct.
> >
> >
> > Steve Evans
> > 805-756-7517
> >
> > -----Original Message-----
> > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] 
> > On Behalf Of Martin Hepworth
> > Sent: Friday, December 02, 2005 8:43 AM
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: Re: Exim Install
> >
> > Steve
> >
> > Hmm silly line wrapping....
> >
> > Edit the /etc/sysconfig/MailScanner
> >
> > Make sure the EXIMINCF and EXIMSENDCF vars are set properly to point 
> > at the correct files...
> >
> > EXIMINCF=/etc/exim.conf
> >
> > EXIMSENDCF=/etc/exim_scanned.conf
> >
> > --
> > Martin Hepworth
> > Snr Systems Administrator
> > Solid State Logic
> > Tel: +44 (0)1865 842300
> >
> > > -----Original Message-----
> > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]
> > > On Behalf Of Steve Evans
> > > Sent: 02 December 2005 16:33
> > > To: MAILSCANNER@JISCMAIL.AC.UK
> > > Subject: Re: [MAILSCANNER] Exim Install
> > >
> > > I'm sorry, what do you want me to try exactly?
> > >
> > >
> > > Steve Evans
> > > 805-756-7517
> > >
> > > -----Original Message-----
> > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]
> > > On Behalf Of Martin Hepworth
> > > Sent: Friday, December 02, 2005 8:28 AM
> > > To: MAILSCANNER@JISCMAIL.AC.UK
> > > Subject: Re: Exim Install
> > >
> > > Steve
> > >
> > > Try
> > >
> > > Modified the file /etc/sysconfig/MailScanner EXIM=/usr/sbin/exim 
> > > EXIMINCF=/etc/exim.conf EXIMSENDCF=/etc/exim_scanned.conf
> > >
> > > --
> > > Martin Hepworth
> > > Snr Systems Administrator
> > > Solid State Logic
> > > Tel: +44 (0)1865 842300
> > >
> > > > -----Original Message-----
> > > > From: MailScanner mailing list 
> > > > [mailto:MAILSCANNER@JISCMAIL.AC.UK]
> > > > On Behalf Of Steve Evans
> > > > Sent: 02 December 2005 16:23
> > > > To: MAILSCANNER@JISCMAIL.AC.UK
> > > > Subject: Re: [MAILSCANNER] Exim Install
> > > >
> > > > First it was telling me:
> > > >
> > > > In Debugging mode, not forking...
> > > > Cannot create temporary Work Dir /22113. Are the permissions and 
> > > > ownership of  correct? at 
> > > > /usr/lib/MailScanner/MailScanner/WorkArea.pm
> > > > line 152
> > > >
> > > > Then I changed the ownership of /var/spool/MailScanner to 
> > > > mailnull.mailnull (which is the user and group that exim runs 
> > > > as) and now when I run check_MailScanner it just sits there 
> > > > forever
> with:
> > > >
> > > > Starting MailScanner...
> > > > In Debugging mode, not forking...
> > > >
> > > > If I run top it lists MailScanner at the top of the list but 
> > > > it's consuming no to little CPU.
> > > >
> > > >
> > > > Steve Evans
> > > > 805-756-7517
> > > >
> > > > -----Original Message-----
> > > > From: MailScanner mailing list 
> > > > [mailto:MAILSCANNER@JISCMAIL.AC.UK]
> > > > On Behalf Of Martin Hepworth
> > > > Sent: Friday, December 02, 2005 12:58 AM
> > > > To: MAILSCANNER@JISCMAIL.AC.UK
> > > > Subject: Re: Exim Install
> > > >
> > > > Steve
> > > >
> > > > Make sure there's something in the incoming spool
> > > >
> > > > Put MailScanner into debug mode (edit MailScanner.conf and 
> > > > change both debug values to yes).
> > > >
> > > > Stop MailScanner
> > > >
> > > > Run check_mailscanner
> > > >
> > > > This will dump a load of debug to the screen and you should be 
> > > > able to see whats happening (or not in your case)
> > > >
> > > > --
> > > > Martin Hepworth
> > > > Snr Systems Administrator
> > > > Solid State Logic
> > > > Tel: +44 (0)1865 842300
> > > > > -----Original Message-----
> > > > > From: MailScanner mailing list 
> > > > > [mailto:MAILSCANNER@JISCMAIL.AC.UK]
> > > > > On Behalf Of Steve Evans
> > > > > Sent: 01 December 2005 20:29
> > > > > To: MAILSCANNER@JISCMAIL.AC.UK
> > > > > Subject: [MAILSCANNER] Exim Install
> > > > >
> > > > > I'm trying to install MailScanner with exim for the first time.
> > > > > Here is a list of the steps I have taken.
> > > > >
> > > > > Install MailScanner (no problems) Copied /etc/exim.conf to 
> > > > > /etc/exim_scanned.conf Added these lines to /etc/exim.conf
> > > > >     spool_directory = /var/spool/exim_incoming
> > > > >     queue_only = true
> > > > >
> > > > > Then down in the routers config section of /etc/exim.conf I added
> > > > >     defer_router:
> > > > >         driver = manualroute
> > > > >         route_list = * 127.0.0.1 byname
> > > > >         self = defer
> > > > >         verify = false
> > > > >
> > > > > In MailScanner.conf I modified these lines
> > > > >     Incoming Queue Dir = /var/spool/exim_incoming/input/
> > > > >     Outgoing Queue Dir = /var/spool/exim/input/
> > > > >     MTA = exim
> > > > >     Sendmail = /usr/sbin/exim
> > > > >     Sendmail2 = /usr/sbin/exim -C /etc/exim_scanned.conf
> > > > >
> > > > > Modified the file /etc/sysconfig/MailScanner
> > > > >     EXIM=/usr/sbin/exim
> > > > >     EXIMINCF=/etc/exim/exim.conf
> > > > >     EXIMSENDCF=/etc/exim/exim_scanned.conf
> > > > >
> > > > > My two queue directories have the permissions of
> > > > >     drwxr-x---   5 mailnull mail 4096 Jul 22  2004 exim/
> > > > >     drwxr-x---   5 mailnull mail 4096 Nov 30 15:45 exim_incoming/
> > > > >
> > > > >     (note:  I didn't touch the exim folder, just the
> > > > > exim_incoming)
> > > > >
> > > > > Then I do a service exim stop and a service MailScanner start.
> > > > >
> > > > > The mail comes into /var/spool/exim_incoming but nothing 
> > > > > happens after that.  It just stacks up there.  If I stop 
> > > > > MailScanner, change back the exim.conf file, and start exim 
> > > > > mail flows as normal.  If I change the exim.conf file to only 
> > > > > specify a new spool directory everything works fine.  So I"m 
> > > > > pretty sure I have my queues set up
> > > correctly.
> > > > > Obviously though MailScanner doesn't scan the mail if I do that.
> > > > >
> > > > > Can someone tell me what I'm missing?
> > > > >
> > > > > Steve Evans
> > > > > 805-756-7517
> > > > >
>
>
>
> **********************************************************************
>
> This email and any files transmitted with it are confidential and 
> intended solely for the use of the individual or entity to whom they are addressed.
> If you have received this email in error please notify the system manager.
>
> This footnote confirms that this email message has been swept for the 
> presence of computer viruses and is believed to be clean.
>
> **********************************************************************
>
> ------------------------ MailScanner list ------------------------ To 
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and the 
> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
> ------------------------ MailScanner list ------------------------ To 
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and the 
> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!


**********************************************************************

This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager.

This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From hermit921 at YAHOO.COM  Fri Dec  2 18:36:28 2005
From: hermit921 at YAHOO.COM (hermit921)
Date: Thu Jan 12 21:31:22 2006
Subject: Outdated sophos destroys plain text
Message-ID: <mailman.17484.1137101482.24926.mailscanner@lists.mailscanner.info>

I found an odd problem this morning with one MailScanner system that had 
failed to update Sophos - it has MailScanner 4.46, Sophos 3.96.  Apparently 
about 10% of messages (plain text or html) were marked as a virus by Sophos 
and the body destroyed.  I haven't found a case where there was an 
attachment, but I haven't looked very hard.  When we had a similar problem 
a year or two ago, MailScanner did not delete the message body.  Example 
below.  Any ideas about why this happens?



New message:

>= = = = = = = = = = = = = = = = = = = =
>Warning: VIRUS SCANNER ALERT:
>This message had the following potentially dangerous attachment(s) (the 
>entire message) removed due to virus detection.  Contact your helpdesk for 
>more information.
>= = = = = = = = = = = = = = = = = = = =
>
>
>= = = = = = = = = = = = = = = = = = = = = = = = =
>At Fri Dec  2 08:00:02 2005 the scanner said:
>    SophosSAVI: msg-19508-137.txt caused an error: The main body of virus 
> data is out of date (542)
>
>= = = = = = = = = = = = = = = = = = = = = = = = =


Original message:

The server backup completed successfully at 3:06 am

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mkettler at EVI-INC.COM  Fri Dec  2 18:45:31 2005
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:31:22 2006
Subject: SA 3.1.0 scoring a lot of messages on this list rather high..
Message-ID: <mailman.17485.1137101482.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

It would appear that references to the wiki cause a strong-scoring SA 3.1.0 rule
to fire off. "URI_NO_WWW_INFO_CGI", which matches URIs to CGI scripts in the
info tld that don't start with www.  wiki.mailscanner.info matches the hostname
requirements, and direct links to various PHP sub-pages containing a ? cause a
match for the cgi part.


This rule scores rather high, particularly for set3 users:
score URI_NO_WWW_INFO_CGI 3.280 3.241 3.792 4.100

And it double-fires with INFO_TLD:

score INFO_TLD 1.373 0.813 1.457 1.273

Giving messages with links to the wiki a >5.3 point penalty just for linking
articles in the wiki (rather harsh).  This is contributing to some FPs on this
list.

Users might want to check and either whitelist this list, or adjust the scores
of those rules.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From itdept at FRACTALWEB.COM  Fri Dec  2 19:15:09 2005
From: itdept at FRACTALWEB.COM (IT Dept)
Date: Thu Jan 12 21:31:22 2006
Subject: worm emails marked as possible spam
Message-ID: <mailman.17486.1137101482.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Glenn Steen wrote:

>Oooh, that's bad... Look at
>http://comments.gmane.org/gmane.mail.virus.mailscanner/34158 (gmane is
>your friend when in need of a good archive:-), where you'll see some
>info on how to determine if MS is using the severely outdated clamav,
>or not... Mainly look at the last column in virus.scanners.conf for
>clamav, and compare that to the installed versions...
>  
>
Hi Glenn,

Thank you very much. Now only one version of antivirus scanner.

Everything is running much better now.

Cheers,
Chris

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From itdept at FRACTALWEB.COM  Fri Dec  2 19:15:48 2005
From: itdept at FRACTALWEB.COM (IT Dept)
Date: Thu Jan 12 21:31:22 2006
Subject: worm emails marked as possible spam
Message-ID: <mailman.17487.1137101482.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Ken Goods wrote:

> (snip)
>
>I wouldn't be so sure that it's OK. What does
>/usr/bin/clamscan --version
>and
>/usr/local/bin/clamscan --version
>give? I'm pretty sure it'll show a less than optimal combination in
>the first instance... Which is why you probably should take my advice
>above and go for "only one clamav on this system";-).
>  
>
Hi Ken,

Thank you very much. Now only one version of antivirus scanner.

Everything is running much better now.

Cheers,
Chris

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From rgreen at TRAYERPRODUCTS.COM  Fri Dec  2 20:08:15 2005
From: rgreen at TRAYERPRODUCTS.COM (Rodney Green)
Date: Thu Jan 12 21:31:22 2006
Subject: Cannot create directory /var/spool/MailScanner/archive/20051130
Message-ID: <mailman.17488.1137101482.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I see one of the directories in the path is named "archive." If you are
archiving, did you create the file(s) that the messages are archived too?
This is a necessary step for archiving.

Rod

Chris Mason (Lists) wrote:
      I have a new MailScanner installation, a Redhat ES3 server
      with Sendmail. Everything else seems fine but I see this in
      the logs a lot.
      Cannot create directory
      /var/spool/MailScanner/archive/20051130

      Any ideas? The permissions seem fine.

      Chris

      ------------------------ MailScanner list
      ------------------------
      To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
      'leave mailscanner' in the body of the email.
      Before posting, read the Wiki (http://wiki.mailscanner.info/)
      and
      the archives
      (http://www.jiscmail.ac.uk/lists/mailscanner.html).

      Support MailScanner development - buy the book off the
      website!




Honor the Fallen

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From mailscanner at MANGO.ZW  Fri Dec  2 20:28:51 2005
From: mailscanner at MANGO.ZW (Jim Holland)
Date: Thu Jan 12 21:31:22 2006
Subject: Batch processing failure
Message-ID: <mailman.17489.1137101482.24926.mailscanner@lists.mailscanner.info>

Hi

I am running:

Linux mail.mango.zw 2.4.20-28.7 #1 Thu Dec 18 11:15:04 EST 2003 i586 unknown
This is Red Hat Linux release 7.1 (Seawolf)
This is Perl version 5.006001 (5.6.1)
This is MailScanner version 4.45.4
sendmail 8.13.1

I currently have a problem that I have come across on a number of
occasions before: Mail in two batches of 30 messages is not being
correctly processed by MailScanner, but other mail is being handled
normally.  The messages are being scanned, with normal reports of viruses
being found or spam being identified according to the sendmail maillog
file.  However the messages simply don't get delivered or quarantined as
the case may be, and are just left for hours in mqueue.in, where they
get repeatedly reprocessed, but never to finalisation.

In the past I have just moved the first couple of messages out of
mqueue.in and restarted MailScanner and it has sorted itself out, as it 
seems to be doing on this occasion.  However, the question remains: why 
does this problem arise?

Regards

Jim Holland
System Administrator
MANGO - Zimbabwe's non-profit e-mail service

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Fri Dec  2 22:08:52 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:22 2006
Subject: New feature: "Reject Message"
Message-ID: <mailman.17490.1137101482.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field spake the following on 12/2/2005 1:24 AM:
> I agree that the feature could be mis-used, just like a lot of things  
> in MailScanner. However, it was requested by a user who had a very  
> specific set of circumstances for which he needed to be able to do this.
> 
> On 1 Dec 2005, at 21:31, Kai Schaetzl wrote:
> 
> 
>>>The main problem I see with "Reject message" is that people will get a
>>>reject message that did not necessarily send the mail. F.i. the  
>>>typical
>>>annoying virus rejection notice. Since the rejection is done after
>>>acceptance of the mail it will go back to the envelope sender and not
>>>rejected to the offending MTA.
>>>Or do I misunderstand this setting?
> 
Julian,
We should all be grateful for the work you and the other contributors do
with MailScanner. How many other pieces of software get new features
pretty much on request, and all of them passed on to the community at
large! I have no complaints, especially since you usually add these
features and ship them disabled by default so as not to cause confusion
and problems.

Hats off to you! And a great big thank you!

If the PTB's don't spring for the book by the first of the year, I am
just going to break down and buy it myself!



-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Fri Dec  2 22:28:19 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:22 2006
Subject: worm emails marked as possible spam
Message-ID: <mailman.17491.1137101482.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

IT Dept spake the following on 12/1/2005 4:57 PM:
> Scott Silva wrote:
> 
>> I looked for one of these and got the following scores;
>>
>> 3.50    BAYES_99    Bayesian spam probability is 99 to 100%
>> 2.17    DCC_CHECK    Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
>> 0.77    DIGEST_MULTIPLE    Message hits more than one network digest
>> check
>> 0.20    DNS_FROM_RFC_ABUSE    Envelope sender in abuse.rfc-ignorant.org
>> 1.45    DNS_FROM_RFC_WHOIS    Envelope sender in whois.rfc-ignorant.org
>> 0.14    FORGED_RCVD_HELO    Received: contains a forged HELO
>> 1.61    MISSING_MIMEOLE    Message has X-MSMail-Priority, but no
>> X-MimeOLE
>> 0.96    NO_REAL_NAME    From: does not include a real name
>> 2.70    PRIORITY_NO_NAME    Message has priority, but no user agent name
>> 1.50    RAZOR2_CF_RANGE_51_100    Razor2 gives confidence level above 50%
>> 1.50    RAZOR2_CF_RANGE_E4_51_100    Razor2 gives engine 4 confidence
>> level
>> above 50%
>> 0.50    RAZOR2_CHECK    Listed in Razor2 (http://razor.sf.net/)
>> 1.00    RCVD_IN_JAMM    Received via a relay in JAMMConsulting
>> 1.50    RCVD_IN_NJABL_DUL    NJABL: dialup sender did non-local SMTP
>> 2.05    RCVD_IN_SORBS_DUL    SORBS: sent directly from dynamic IP address
>> 1.38    SPF_SOFTFAIL    SPF: sender does not match SPF record (softfail)
>>
>> Spamassassin Score: 22.92
>>
>>
>> Maybe you need some more tuning?
>>  
>>
> Scott,
> 
> Not only do I likely need tuning, my spamassasin likely does as well. :-)
> 
> I'm running Bayes, DCC, Razor. My scores for this worm aren't nearly
> that high. Are you running custom rulesets as well? Other plugins?
> 
> Thanks,
> Chris
> 
I am running the RulesDuJour set from Fortress Systems (www.fsl.com)
I might have bumped some scores up to suit my situation, and the only
custom (written by me) hit I see is the Jamm blocklist, but it is
depreciating, and will someday be useless.
 The biggest score seems to be from the bayes hit, as this box has been
training for over a year. I'm not sure where the 2 razor_2_cf scores
come from. Maybe because this box has been upgraded through the
spamassassin versions since 2.63.



-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Fri Dec  2 22:51:42 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:22 2006
Subject: bayes fails learning, but only sometimes
Message-ID: <mailman.17492.1137101482.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

IT Dept spake the following on 12/1/2005 4:48 PM:
> Scott Silva wrote:
> 
>> Your moving and renaming as root took possession of the files. Fix the
>> ownership of the files back to root:apache and chmod bayes.mutex to g+rw
>>  
>>
> Scott,
> 
> Thanks. All done.
> 
> One curiosity left: why does bayes_journal keep appearing and
> disappearing? Is this normal behaviour?
> 
> Cheers,
> Chris
> 
It is like any other journal, writes are buffered there and committed
when resources allow.

-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Fri Dec  2 23:04:31 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:22 2006
Subject: Batch processing failure
Message-ID: <mailman.17493.1137101482.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Jim Holland spake the following on 12/2/2005 12:28 PM:
> Hi
> 
> I am running:
> 
> Linux mail.mango.zw 2.4.20-28.7 #1 Thu Dec 18 11:15:04 EST 2003 i586 unknown
> This is Red Hat Linux release 7.1 (Seawolf)
> This is Perl version 5.006001 (5.6.1)
> This is MailScanner version 4.45.4
> sendmail 8.13.1
> 
> I currently have a problem that I have come across on a number of
> occasions before: Mail in two batches of 30 messages is not being
> correctly processed by MailScanner, but other mail is being handled
> normally.  The messages are being scanned, with normal reports of viruses
> being found or spam being identified according to the sendmail maillog
> file.  However the messages simply don't get delivered or quarantined as
> the case may be, and are just left for hours in mqueue.in, where they
> get repeatedly reprocessed, but never to finalisation.
> 
> In the past I have just moved the first couple of messages out of
> mqueue.in and restarted MailScanner and it has sorted itself out, as it 
> seems to be doing on this occasion.  However, the question remains: why 
> does this problem arise?
> 
> Regards
> 
> Jim Holland
> System Administrator
> MANGO - Zimbabwe's non-profit e-mail service
> 
Is there a particular reason you need to run such an OLD distro?
Patches for 7.1 are probably non-existent by now.
And the perl version might start limiting you to newer versions of
MailScanner and spamassassin.

-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From bpumphrey at WOODMACLAW.COM  Fri Dec  2 23:27:20 2005
From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey)
Date: Thu Jan 12 21:31:22 2006
Subject: Blocking sexually explicit material...
Message-ID: <mailman.17494.1137101482.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Matt Kettler
> Sent: Thursday, December 01, 2005 1:45 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Blocking sexually explicit material...
> 
> Billy A. Pumphrey wrote:
> 
> > Here are what rules that I have:
> > In /usr/share/spamassassin (I think I am correct in saying that
these
> > are the default rules)
> > [root@WoodenMS spamassassin]# ls
> >
> > 20_drugs.cf
> 
> <snip>
> 
> >
> > In /etc/mail/spamassassin
> > [root@WoodenMS spamassassin]# ls
>            antidrug.cf
> 
> >
> > Notice the RulesDuJour directory above, in that directory there is:
> >
> 
> Billy, you should remove antidrug.cf. Antidrug.cf is *ONLY* for users
of
> SA 2.6x
> and older. SA 3.0.0 and higher has these rules built-in as a part of
> 20_drugs.cf.
> 
> I'll forward my deprecation announcement to this list (I posted it on
> spamassassin users recently)
> 

Ok, did that.  Thank you

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Sat Dec  3 01:31:23 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:22 2006
Subject: Need additional plug-in for ok_languages??
Message-ID: <mailman.17495.1137101482.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Remco Barendse wrote on         Fri, 2 Dec 2005 13:43:08 +0100:

> but I don't want all languages, I want everything but the chinese spam

And I was already wondering whether there are more than you already listed 
;-)

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Sat Dec  3 01:31:23 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:22 2006
Subject: Why is MS doing spam checks first?
Message-ID: <mailman.17496.1137101482.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Remco Barendse wrote on         Fri, 2 Dec 2005 18:56:41 +0100:

> Unfortunately, in my case I also have batched SMTP from my provider. This 
> means that any mail that is not deliverable directly to one of the mail 
> servers, it is queued by my provider. 

You mean, the mail is delivered from your ISP to you instead of directly? If 
you have a static IP and connected 24/7 to the net I'd change this. Obviously 
you are better off if you can just reject all those viruses instead of taking 
them from your ISP.

> Right now one box (an Athlon XP2600 with 1 Gb of ram and max 2 MailScanner 
> threads) is getting hammered with virii. It's taking up to 10K virus mails 
> per day now (normal volume is 100-200 mails per day on that 2nd in 
> line box).

You need more than 2 MailScanner processes for this, go to 5 or more. Your 
RAM is enough for that unless something else is hogging memory.
If you can't get mail to you directly the only choice you have is to avoid 
processing as much as possible. F.i. if many viruses go to non-existent 
addresses because of catch-alls remove the catch-alls. Drop sa scanning for 
the time being. And complain to your upstream ISP.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From gib at TMISNET.COM  Sat Dec  3 03:21:13 2005
From: gib at TMISNET.COM (Gib Gilbertson Jr.)
Date: Thu Jan 12 21:31:22 2006
Subject: Viruses apparently getting through
Message-ID: <mailman.17497.1137101482.24926.mailscanner@lists.mailscanner.info>

Hi.

I seeing a lot of e-mails getting through that are caught by 
ZoneAlarm Security Suite and reported to be infected by the 
Win32.Sober.W!.ZIP virus. These are coming in as attachments with the 
extension .zm9 as reported by ZoneAlarm.


I am running the following on FreeBSD 4.10

MailScanner 4.32.4
ClamAV 0.87.1/1200

I've added a file types rule to deny \.zm9$ files

I'm still getting them in e-mail though.

Any thoughts?

Thanks

gib



      Gib Gilbertson Jr.
      Tierramiga Info Systems
      619-287-8647 Support
      http://www.tmisnet.com
      San Diego's Friendly ISP

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mailscanner at BARENDSE.TO  Sat Dec  3 04:41:34 2005
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:31:22 2006
Subject: Why is MS doing spam checks first?
Message-ID: <mailman.17498.1137101482.24926.mailscanner@lists.mailscanner.info>

On Sat, 3 Dec 2005, Kai Schaetzl wrote:

> Remco Barendse wrote on         Fri, 2 Dec 2005 18:56:41 +0100:
>
>> Unfortunately, in my case I also have batched SMTP from my provider. This
>> means that any mail that is not deliverable directly to one of the mail
>> servers, it is queued by my provider.
>
> You mean, the mail is delivered from your ISP to you instead of directly? If
> you have a static IP and connected 24/7 to the net I'd change this. Obviously
> you are better off if you can just reject all those viruses instead of taking
> them from your ISP.

Yes, they are backing up / queuing mail when our mail servers would be 
offline. It's a thing from the past actually, something that was in use 
when there was still dial-up internet and dsl connections were flakey.

>> Right now one box (an Athlon XP2600 with 1 Gb of ram and max 2 MailScanner
>> threads) is getting hammered with virii. It's taking up to 10K virus mails
>> per day now (normal volume is 100-200 mails per day on that 2nd in
>> line box).
>
> You need more than 2 MailScanner processes for this, go to 5 or more. Your
> RAM is enough for that unless something else is hogging memory.
> If you can't get mail to you directly the only choice you have is to avoid
> processing as much as possible. F.i. if many viruses go to non-existent
> addresses because of catch-alls remove the catch-alls. Drop sa scanning for
> the time being. And complain to your upstream ISP.

I tried, but as soon as I increase the number of MailScanner processes I 
start getting these annoying SpamAss timeouts resulting in spam slipping 
through (which is really infuriating me because it would have been killed 
otherwise). Without SA in between the box handles 5 processes easily, it's 
SA that starts to be difficult. (The box is only handling mail, 
nothing else).

If all mails get filtered through SA+MS I have only 2-3 spam mails per 
WEEK slipping through (for the whole company!).

That's why I thought it would be nifty if the scanning order would be user 
settable. I know that I will never get more mail than this but 
virusscanning first could take out the really nasty peaks in traffic we 
are seeing now.

Remco

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From drew at THEMARSHALLS.CO.UK  Sat Dec  3 09:18:48 2005
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:31:22 2006
Subject: Why is MS doing spam checks first?
Message-ID: <mailman.17499.1137101482.24926.mailscanner@lists.mailscanner.info>

On 3 Dec 2005, at 04:41, Remco Barendse wrote:

> I tried, but as soon as I increase the number of MailScanner  
> processes I start getting these annoying SpamAss timeouts resulting  
> in spam slipping through (which is really infuriating me because it  
> would have been killed otherwise). Without SA in between the box  
> handles 5 processes easily, it's SA that starts to be difficult.  
> (The box is only handling mail, nothing else).

Do you have a local caching name server running on that box? If not  
you ought to run one. Bind is really quite easy to set up to cache  
only (The instructions are in /etc/named/named.conf or similar). Try  
increasing the child processes one at a time until you reach the best  
you can. My old (Well OK ancient!) 450Mz P3 with 128Mb of ram will  
run 2 processes without swapping (With a maximum batch size of 25)  
and Bind so you box should manage more than it is. Have a look in the  
wiki as there are some good optimisation tips in there that will help.

Drew

-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mailscanner at BARENDSE.TO  Sat Dec  3 09:29:48 2005
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:31:22 2006
Subject: Why is MS doing spam checks first?
Message-ID: <mailman.17500.1137101482.24926.mailscanner@lists.mailscanner.info>

> Do you have a local caching name server running on that box? If not you ought 
> to run one. Bind is really quite easy to set up to cache only (The 
> instructions are in /etc/named/named.conf or similar). Try increasing the 
> child processes one at a time until you reach the best you can. My old (Well 
> OK ancient!) 450Mz P3 with 128Mb of ram will run 2 processes without swapping 
> (With a maximum batch size of 25) and Bind so you box should manage more than 
> it is. Have a look in the wiki as there are some good optimisation tips in 
> there that will help.

Thanks for the tip!

Yes I do have my own caching nameserver running but as soon as I set the 
number of processes higher than 2 I start getting SA timeouts. With only 2 
I don't get any timeouts and everything is filtered as it should.

I don't know why SA is so slow. Whenever there has been an outage and 
there are several thousands of messages waiting SA seems to take hours to 
process one batch of let's say 30 messages or so.

I have the same behaviour on an almost identical box, frustrating.....

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mailscanner at MANGO.ZW  Sat Dec  3 11:00:13 2005
From: mailscanner at MANGO.ZW (Jim Holland)
Date: Thu Jan 12 21:31:22 2006
Subject: Batch processing failure
Message-ID: <mailman.17501.1137101482.24926.mailscanner@lists.mailscanner.info>

Hi

On Fri, 2 Dec 2005, Scott Silva wrote:

> Date: Fri, 2 Dec 2005 15:04:31 -0800
> From: Scott Silva <ssilva@SGVWATER.COM>
> Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Batch processing failure
> 
> Jim Holland spake the following on 12/2/2005 12:28 PM:

> > I am running:
> > 
> > Linux mail.mango.zw 2.4.20-28.7 #1 Thu Dec 18 11:15:04 EST 2003 i586 unknown
> > This is Red Hat Linux release 7.1 (Seawolf)
> > This is Perl version 5.006001 (5.6.1)
> > This is MailScanner version 4.45.4
> > sendmail 8.13.1

> Is there a particular reason you need to run such an OLD distro?
> Patches for 7.1 are probably non-existent by now.
> And the perl version might start limiting you to newer versions of
> MailScanner and spamassassin.
 
Just a little slow to upgrade.  I have been trying out RHEL clones as well 
as Fedora Core 4, but they all had display problems affecting text mode 
operation - apparently a known issue that Red Hat does not intend to fix.  
See https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=71958.

That was a great discouragement, as I have no intention of running a
server in GUI mode - I like the control I get using Midnight Commander as
my interface in text mode.  Recently I have tried out Debian, and not only
does it solve the display problems I had but also has other features that
I like much more than Red Hat - especially its intelligent package
management.  So once I get the hang of that I will be upgrading to Debian 
Sarge.

Regards

Jim Holland
System Administrator
MANGO - Zimbabwe's non-profit e-mail service

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dhawal at NETMAGICSOLUTIONS.COM  Sat Dec  3 11:30:32 2005
From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy)
Date: Thu Jan 12 21:31:22 2006
Subject: SA 3.1.0 scoring a lot of messages on this list rather high..
Message-ID: <mailman.17502.1137101482.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Matt Kettler wrote:
> It would appear that references to the wiki cause a strong-scoring SA 3.1.0 rule
> to fire off. "URI_NO_WWW_INFO_CGI", which matches URIs to CGI scripts in the
> info tld that don't start with www.  wiki.mailscanner.info matches the hostname
> requirements, and direct links to various PHP sub-pages containing a ? cause a
> match for the cgi part.
> 
> 
> This rule scores rather high, particularly for set3 users:
> score URI_NO_WWW_INFO_CGI 3.280 3.241 3.792 4.100
> 
> And it double-fires with INFO_TLD:
> 
> score INFO_TLD 1.373 0.813 1.457 1.273
> 
> Giving messages with links to the wiki a >5.3 point penalty just for linking
> articles in the wiki (rather harsh).  This is contributing to some FPs on this
> list.
> 
> Users might want to check and either whitelist this list, or adjust the scores
> of those rules.

If it helps anyone, i am using these 2 lines in my sa prefs to whitelist 
the list.

whitelist_from_rcvd owner-mailscanner@jiscmail.ac.uk ictmailer1.itd.rl.ac.uk
bayes_ignore_from owner-mailscanner@jiscmail.ac.uk

- dhawal

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Sat Dec  3 11:57:28 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:22 2006
Subject: Batch processing failure
Message-ID: <mailman.17503.1137101482.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 03/12/05, Jim Holland <mailscanner@mango.zw> wrote:
> Hi
>
> On Fri, 2 Dec 2005, Scott Silva wrote:
>
(snip)
> > Is there a particular reason you need to run such an OLD distro?
> > Patches for 7.1 are probably non-existent by now.
> > And the perl version might start limiting you to newer versions of
> > MailScanner and spamassassin.
>
> Just a little slow to upgrade.  I have been trying out RHEL clones as well
> as Fedora Core 4, but they all had display problems affecting text mode
> operation - apparently a known issue that Red Hat does not intend to fix.
> See https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=71958.
>
> That was a great discouragement, as I have no intention of running a
> server in GUI mode - I like the control I get using Midnight Commander as
> my interface in text mode.  Recently I have tried out Debian, and not only
> does it solve the display problems I had but also has other features that
> I like much more than Red Hat - especially its intelligent package
> management.  So once I get the hang of that I will be upgrading to Debian
> Sarge.
>
> Regards
>
> Jim Holland
> System Administrator
> MANGO - Zimbabwe's non-profit e-mail service
>
Mandriva with urpmi, or some of the HREL thingies (CentOS etc) with
yum, should be as simple/powerful as Debian with apt...

I can vouch that Mdv (with a vga fb mode, sure) running mc will look
as nice (and readable) as is possible for it... I'm rather severely
color-blind, so good readable colors are _very_ important... And the
timetested colors of Norton/Midnight commander does give that:-).

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ajos1 at onion.demon.co.uk  Sat Dec  3 12:00:33 2005
From: ajos1 at onion.demon.co.uk (Dj Ajos1)
Date: Thu Jan 12 21:31:22 2006
Subject: Ummm
Message-ID: <mailman.17504.1137101482.24926.mailscanner@lists.mailscanner.info>

-

Is there something obvious that I am missing?

It says I need 5.412 or greater... but I have 5.418!!!


[root@www mailscanner]# rpm -Uvh mailscanner-4.48.4-2.noarch.rpm
----------------------------------------------------------------
error: Failed dependencies:
        perl-MIME-tools >= 5.412 is needed by mailscanner-4.48.4-2.noarch


But...


[root@www mailscanner]# perl ~/servers/perl_ext/modtest.pl MIME::Tools
----------------------------------------------------------------------
Module: MIME::Tools          - 5.418

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Sat Dec  3 12:04:58 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:22 2006
Subject: SA 3.1.0 scoring a lot of messages on this list rather high..
Message-ID: <mailman.17505.1137101482.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 03/12/05, Dhawal Doshy <dhawal@netmagicsolutions.com> wrote:
> Matt Kettler wrote:
> > It would appear that references to the wiki cause a strong-scoring SA 3.1.0 rule
> > to fire off. "URI_NO_WWW_INFO_CGI", which matches URIs to CGI scripts in the
> > info tld that don't start with www.  wiki.mailscanner.info matches the hostname
> > requirements, and direct links to various PHP sub-pages containing a ? cause a
> > match for the cgi part.
> >
> >
> > This rule scores rather high, particularly for set3 users:
> > score URI_NO_WWW_INFO_CGI 3.280 3.241 3.792 4.100
> >
> > And it double-fires with INFO_TLD:
> >
> > score INFO_TLD 1.373 0.813 1.457 1.273
> >
> > Giving messages with links to the wiki a >5.3 point penalty just for linking
> > articles in the wiki (rather harsh).  This is contributing to some FPs on this
> > list.
> >
> > Users might want to check and either whitelist this list, or adjust the scores
> > of those rules.
>
> If it helps anyone, i am using these 2 lines in my sa prefs to whitelist
> the list.
>
> whitelist_from_rcvd owner-mailscanner@jiscmail.ac.uk ictmailer1.itd.rl.ac.uk
> bayes_ignore_from owner-mailscanner@jiscmail.ac.uk
>
> - dhawal
>

With the risk of reopening the debate of what shoud go in
mailscanner.cf, or not... Wouldn't that be rather nice defaults for
Jules to add? Or perhaps after any move of the list, amended to the
new service .....:)

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dickenson at CFMC.COM  Sat Dec  3 16:37:26 2005
From: dickenson at CFMC.COM (Jim Dickenson)
Date: Thu Jan 12 21:31:22 2006
Subject: Ummm
Message-ID: <mailman.17506.1137101482.24926.mailscanner@lists.mailscanner.info>

I think you want to do

rpm -q perl-MIME-tools

It might be that you updated this perl module outside of the rpm system.
-- 
Jim Dickenson
mailto:dickenson@cfmc.com

CfMC
http://www.cfmc.com/



> From: Dj Ajos1 <ajos1@onion.demon.co.uk>
> Reply-To: <ajos1@onion.demon.co.uk>
> Date: Sat, 3 Dec 2005 12:00:33 +0000
> To: <MAILSCANNER@JISCMAIL.AC.UK>
> Subject: Ummm
> 
> -
> 
> Is there something obvious that I am missing?
> 
> It says I need 5.412 or greater... but I have 5.418!!!
> 
> 
> [root@www mailscanner]# rpm -Uvh mailscanner-4.48.4-2.noarch.rpm
> ----------------------------------------------------------------
> error: Failed dependencies:
>         perl-MIME-tools >= 5.412 is needed by mailscanner-4.48.4-2.noarch
> 
> 
> But...
> 
> 
> [root@www mailscanner]# perl ~/servers/perl_ext/modtest.pl MIME::Tools
> ----------------------------------------------------------------------
> Module: MIME::Tools          - 5.418
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Sat Dec  3 16:53:24 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:22 2006
Subject: Ummm
Message-ID: <mailman.17507.1137101482.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I would advise
rpm -e perl-MIME-tools

and then run my ./install.sh to do the installation for you.

Dj Ajos1 wrote:

>-
>
>Is there something obvious that I am missing?
>
>It says I need 5.412 or greater... but I have 5.418!!!
>
>
>[root@www mailscanner]# rpm -Uvh mailscanner-4.48.4-2.noarch.rpm
>----------------------------------------------------------------
>error: Failed dependencies:
>        perl-MIME-tools >= 5.412 is needed by mailscanner-4.48.4-2.noarch
>
>
>But...
>
>
>[root@www mailscanner]# perl ~/servers/perl_ext/modtest.pl MIME::Tools
>----------------------------------------------------------------------
>Module: MIME::Tools          - 5.418
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>  
>

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQA/AwUBQ5HNhBH2WUcUFbZUEQKDKgCeP7SrBEJ/Vk94x5ZsdU/YNpF//5UAnjJS
OswDYdDTC1T4ppPeScriDvs4
=abvi
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Sat Dec  3 17:31:22 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:22 2006
Subject: Ummm
Message-ID: <mailman.17508.1137101482.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Dj Ajos1 wrote on         Sat, 3 Dec 2005 12:00:33 +0000:

> It says I need 5.412 or greater... but I have 5.418!!!

Yes, but you didn't install it via rpm. Use --nodeps.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Sat Dec  3 17:43:03 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:22 2006
Subject: Viruses apparently getting through
Message-ID: <mailman.17509.1137101482.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Where is your copy of ClamAV installed? The location must be correct in 
/etc/MailScanner/virus.scanners.conf.
If "which clamscan" produces /usr/local/bin/clamscan, then the entry in 
virus.scanners.conf should be "/usr/local", if it produces 
/usr/bin/clamscan, then it should be "/usr".

What does your maillog say? That should give some indication of what 
it's finding.

Gib Gilbertson Jr. wrote:

> Hi.
>
> I seeing a lot of e-mails getting through that are caught by ZoneAlarm 
> Security Suite and reported to be infected by the Win32.Sober.W!.ZIP 
> virus. These are coming in as attachments with the extension .zm9 as 
> reported by ZoneAlarm.
>
>
> I am running the following on FreeBSD 4.10
>
> MailScanner 4.32.4
> ClamAV 0.87.1/1200
>
> I've added a file types rule to deny \.zm9$ files
>
> I'm still getting them in e-mail though.
>
> Any thoughts?
>
> Thanks
>
> gib
>
>
>
>      Gib Gilbertson Jr.
>      Tierramiga Info Systems
>      619-287-8647 Support
>      http://www.tmisnet.com
>      San Diego's Friendly ISP
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!


- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQA/AwUBQ5HZKBH2WUcUFbZUEQIKBwCgl9T7X9Xg2QhKFbL0n+cNjFcTTB4AoNUP
YoXqXQOSA1AVwLUeKTERIIbm
=fo8d
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Sat Dec  3 18:05:09 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:22 2006
Subject: SA 3.1.0 scoring a lot of messages on this list rather high..
Message-ID: <mailman.17510.1137101482.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Glenn Steen wrote:

>On 03/12/05, Dhawal Doshy <dhawal@netmagicsolutions.com> wrote:
>  
>
>>Matt Kettler wrote:
>>    
>>
>>>It would appear that references to the wiki cause a strong-scoring SA 3.1.0 rule
>>>to fire off. "URI_NO_WWW_INFO_CGI", which matches URIs to CGI scripts in the
>>>info tld that don't start with www.  wiki.mailscanner.info matches the hostname
>>>requirements, and direct links to various PHP sub-pages containing a ? cause a
>>>match for the cgi part.
>>>
>>>
>>>This rule scores rather high, particularly for set3 users:
>>>score URI_NO_WWW_INFO_CGI 3.280 3.241 3.792 4.100
>>>
>>>And it double-fires with INFO_TLD:
>>>
>>>score INFO_TLD 1.373 0.813 1.457 1.273
>>>
>>>Giving messages with links to the wiki a >5.3 point penalty just for linking
>>>articles in the wiki (rather harsh).  This is contributing to some FPs on this
>>>list.
>>>
>>>Users might want to check and either whitelist this list, or adjust the scores
>>>of those rules.
>>>      
>>>
>>If it helps anyone, i am using these 2 lines in my sa prefs to whitelist
>>the list.
>>
>>whitelist_from_rcvd owner-mailscanner@jiscmail.ac.uk ictmailer1.itd.rl.ac.uk
>>bayes_ignore_from owner-mailscanner@jiscmail.ac.uk
>>
>>- dhawal
>>
>>    
>>
>
>With the risk of reopening the debate of what shoud go in
>mailscanner.cf, or not... Wouldn't that be rather nice defaults for
>Jules to add? Or perhaps after any move of the list, amended to the
>new service .....:)
>
Good idea. Once the list is moved, I'll try to remember to do this.

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQA/AwUBQ5HeVhH2WUcUFbZUEQLJaQCghrcXz2offOlil9AhWHXoAz9XP1EAnRJ7
pu3TYdT6RC7WgJaQNjZI3MRH
=bWUE
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Sat Dec  3 18:31:26 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:22 2006
Subject: GreyListing experiences
Message-ID: <mailman.17511.1137101482.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Peter Bonivart wrote on         Fri, 2 Dec 2005 00:29:28 +0100:

> Have you tried HUPing sendmail? Otherwise restart 
> greylist first and then sendmail. If sendmail can't find greylist it 
> will just complain and get on with it. No big problem.

Hm, it doesn't stop complaining here. Each time it wants to connect it 
complains and no check is done although the milter restarted successfully. 
This happens as long as I haven't "synced" both of them somehow with a few 
restarts. Anyway, I stop restarting it now :-)

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Sat Dec  3 18:31:26 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:22 2006
Subject: GreyListing experiences
Message-ID: <mailman.17512.1137101482.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Dennis Willson wrote on         Thu, 1 Dec 2005 15:10:31 -0800:

> I have had little reason to restart it.

Yep, that's what I do now, thanks :-)

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Sat Dec  3 18:31:26 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:22 2006
Subject: Why is MS doing spam checks first?
Message-ID: <mailman.17513.1137101482.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Remco Barendse wrote on         Sat, 3 Dec 2005 05:41:34 +0100:

> Yes, they are backing up / queuing mail when our mail servers would be 
> offline.

So they just do backup MX for you? Then I don't see a problem with rejection at 
MTA level. I thought you were reluctant to bounce back to your ISP, but if they 
only do backup MX for you they won't get the rejected mail or temp-failed mail. 
Backup MX is only used when the machine is not reachable at all. Even a 
non-running SMTP does not guarantee that the sending client tries the backup. 
When I set up our MX's some years ago I did some tests and if I recall it right 
the only way I could make sendmail try the backup MX was to make the IP 
unreachable, a simple "connection refused" from the socket wasn't enough. Other 
daemons may behave different.


> I tried, but as soon as I increase the number of MailScanner processes I 
> start getting these annoying SpamAss timeouts 

Apart from the above you may want to troubleshoot why you get these SA timeouts. 
You will probably have to do this outside of MS with spamassassin -D. And check 
how much memory your MS and SA processes need and avoid rulesets which use too 
much. Sa version is also important. If you still use 2.64 and rules like bigevil 
SA will eat lots of RAM for these.


Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Sat Dec  3 18:31:26 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:22 2006
Subject: GreyListing experiences
Message-ID: <mailman.17514.1137101482.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Matt Kettler wrote on         Fri, 2 Dec 2005 11:30:08 -0500:

> Important question: Why are you restarting milter-greylist? 

Important answer: because I'm used to. The other milter I have been using for a 
long time on other machines has to be restarted for every config change and there 
is no problem with sendmail when I do this.

Yeah, I understand now that I don't need to restart or reload milter-greylist. 
Thank you all :-)

Where's the best location to discuss milter-greylist? comp.mail.sendmail? A 
search on groups.google mainly lists cvs commits, but only a few "real" 
discussions.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Sat Dec  3 18:31:26 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:22 2006
Subject: GreyListing experiences
Message-ID: <mailman.17515.1137101482.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Peter Bonivart wrote on         Fri, 2 Dec 2005 00:29:28 +0100:

> Have you tried HUPing sendmail? Otherwise restart 
> greylist first and then sendmail. If sendmail can't find greylist it 
> will just complain and get on with it. No big problem.

Hm, it doesn't stop complaining here. Each time it wants to connect it 
complains and no check is done although the milter restarted successfully. 
This happens as long as I haven't "synced" both of them somehow with a few 
restarts. Anyway, I stop restarting it now :-)

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Sat Dec  3 18:31:26 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:22 2006
Subject: GreyListing experiences
Message-ID: <mailman.17516.1137101482.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Dennis Willson wrote on         Thu, 1 Dec 2005 15:10:31 -0800:

> I have had little reason to restart it.

Yep, that's what I do now, thanks :-)

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Sat Dec  3 18:31:26 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:22 2006
Subject: Why is MS doing spam checks first?
Message-ID: <mailman.17517.1137101482.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Remco Barendse wrote on         Sat, 3 Dec 2005 05:41:34 +0100:

> Yes, they are backing up / queuing mail when our mail servers would be 
> offline.

So they just do backup MX for you? Then I don't see a problem with rejection at 
MTA level. I thought you were reluctant to bounce back to your ISP, but if they 
only do backup MX for you they won't get the rejected mail or temp-failed mail. 
Backup MX is only used when the machine is not reachable at all. Even a 
non-running SMTP does not guarantee that the sending client tries the backup. 
When I set up our MX's some years ago I did some tests and if I recall it right 
the only way I could make sendmail try the backup MX was to make the IP 
unreachable, a simple "connection refused" from the socket wasn't enough. Other 
daemons may behave different.


> I tried, but as soon as I increase the number of MailScanner processes I 
> start getting these annoying SpamAss timeouts 

Apart from the above you may want to troubleshoot why you get these SA timeouts. 
You will probably have to do this outside of MS with spamassassin -D. And check 
how much memory your MS and SA processes need and avoid rulesets which use too 
much. Sa version is also important. If you still use 2.64 and rules like bigevil 
SA will eat lots of RAM for these.


Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Sat Dec  3 18:31:26 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:22 2006
Subject: GreyListing experiences
Message-ID: <mailman.17518.1137101482.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Matt Kettler wrote on         Fri, 2 Dec 2005 11:30:08 -0500:

> Important question: Why are you restarting milter-greylist? 

Important answer: because I'm used to. The other milter I have been using for a 
long time on other machines has to be restarted for every config change and there 
is no problem with sendmail when I do this.

Yeah, I understand now that I don't need to restart or reload milter-greylist. 
Thank you all :-)

Where's the best location to discuss milter-greylist? comp.mail.sendmail? A 
search on groups.google mainly lists cvs commits, but only a few "real" 
discussions.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Sat Dec  3 18:51:17 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:22 2006
Subject: Why is MS doing spam checks first?
Message-ID: <mailman.17519.1137101482.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Remco Barendse wrote:

> That's why I thought it would be nifty if the scanning order would be 
> user settable. I know that I will never get more mail than this but 
> virusscanning first could take out the really nasty peaks in traffic 
> we are seeing now.

Unfortunately this is really awkward in the current architecture, and 
isn't a practical proposition without serious amounts of work on my part 
(weeks worth). Sorry, the current architecture was not designed with 
this in mind. It may sound like a simple switch, but its not, 
unfortunately. I had to make a few basic assumptions when designing it, 
and this was one of them.

I'm sure it would be better if the whole thing was built from some kind 
of trendy plug-in modular architecture, like Apache, but that's beyond 
my programming experience and knowledge. I'm not a computer scientist or 
a professionally trained programmer, I'm entirely self-taught.

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQA/AwUBQ5HpJRH2WUcUFbZUEQIpPgCgtIMeidDDq4mv/d/qCzHsVLiLWDYAmgIg
U+Gv0FSL1OvK/tG1Fb1zTGIu
=vh8k
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Sat Dec  3 18:54:39 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:22 2006
Subject: Why is MS doing spam checks first?
Message-ID: <mailman.17520.1137101482.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Remco Barendse wrote:

>> Do you have a local caching name server running on that box? If not 
>> you ought to run one. Bind is really quite easy to set up to cache 
>> only (The instructions are in /etc/named/named.conf or similar). Try 
>> increasing the child processes one at a time until you reach the best 
>> you can. My old (Well OK ancient!) 450Mz P3 with 128Mb of ram will 
>> run 2 processes without swapping (With a maximum batch size of 25) 
>> and Bind so you box should manage more than it is. Have a look in the 
>> wiki as there are some good optimisation tips in there that will help.
>
>
> Thanks for the tip!
>
> Yes I do have my own caching nameserver running but as soon as I set 
> the number of processes higher than 2 I start getting SA timeouts. 
> With only 2 I don't get any timeouts and everything is filtered as it 
> should.

Why does it start timing out? Is it virtual memory and swapping? "vmstat 
5" will show large pi+po or si+so swapping figures if that's the case. 
It's worth researching why it is timing out. Also try switching on + off 
particular features such as DCC and Razor, to see if that makes a 
difference. At the moment I'm having all sorts of nasty DCC problems so 
have had to drop all use of it.

> I don't know why SA is so slow. Whenever there has been an outage and 
> there are several thousands of messages waiting SA seems to take hours 
> to process one batch of let's say 30 messages or so.

Research why SA is going so slow.

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQA/AwUBQ5Hp7xH2WUcUFbZUEQJ/kwCfWmHjTyarXW14nZv8/m9HKYBjL5IAoIc/
aloI++dA+7rvrwxE3TZD/T1B
=+Hjj
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From alex at NKPANAMA.COM  Sat Dec  3 20:03:23 2005
From: alex at NKPANAMA.COM (Alex Neuman)
Date: Thu Jan 12 21:31:22 2006
Subject: Why is MS doing spam checks first?
Message-ID: <mailman.17521.1137101482.24926.mailscanner@lists.mailscanner.info>

I use clamav-milter to do it and it works like a charm. MailScanner
rarely, if ever, sees a virus; and when it does then either BitDefender
or whatever picks up the slack.

On Sat, 2005-12-03 at 18:51 +0000, Julian Field wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Remco Barendse wrote:
> 
> > That's why I thought it would be nifty if the scanning order would be 
> > user settable. I know that I will never get more mail than this but 
> > virusscanning first could take out the really nasty peaks in traffic 
> > we are seeing now.
> 
> Unfortunately this is really awkward in the current architecture, and 
> isn't a practical proposition without serious amounts of work on my part 
> (weeks worth). Sorry, the current architecture was not designed with 
> this in mind. It may sound like a simple switch, but its not, 
> unfortunately. I had to make a few basic assumptions when designing it, 
> and this was one of them.
> 
> I'm sure it would be better if the whole thing was built from some kind 
> of trendy plug-in modular architecture, like Apache, but that's beyond 
> my programming experience and knowledge. I'm not a computer scientist or 
> a professionally trained programmer, I'm entirely self-taught.
> 
> - -- 
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> 
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.0.3 (Build 2932)
> 
> iQA/AwUBQ5HpJRH2WUcUFbZUEQIpPgCgtIMeidDDq4mv/d/qCzHsVLiLWDYAmgIg
> U+Gv0FSL1OvK/tG1Fb1zTGIu
> =vh8k
> -----END PGP SIGNATURE-----
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Sat Dec  3 20:08:13 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:22 2006
Subject: Why is MS doing spam checks first?
Message-ID: <mailman.17522.1137101482.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 03/12/05, Julian Field <MailScanner@ecs.soton.ac.uk> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Remco Barendse wrote:
>
> > That's why I thought it would be nifty if the scanning order would be
> > user settable. I know that I will never get more mail than this but
> > virusscanning first could take out the really nasty peaks in traffic
> > we are seeing now.
>
> Unfortunately this is really awkward in the current architecture, and
> isn't a practical proposition without serious amounts of work on my part
> (weeks worth). Sorry, the current architecture was not designed with
> this in mind. It may sound like a simple switch, but its not,
> unfortunately. I had to make a few basic assumptions when designing it,
> and this was one of them.

It's late, and I've enjoyed entirely too much wine, and I've not
reviewed this thread particularly much,, but still.... If one
perceives this as problem, then why not do some simple AV-scanning at
the MTA level first? milter-clamav or some such comes to mind. Then
let the rest (MS/SA/other AVs) kick in on everything that survives the
initial check.
Anyway, just a thought. This pops up from time to time, and the longer
I've used MS, the less... necessary... the "changeability" of order
seems to me.

> I'm sure it would be better if the whole thing was built from some kind
> of trendy plug-in modular architecture, like Apache, but that's beyond
> my programming experience and knowledge. I'm not a computer scientist or
> a professionally trained programmer, I'm entirely self-taught.

Best kind:-).
I'm rather the other way around... Started as a "trained" programmer
(in ancient history:-), but slowly diffundated(sp?) over to more
traditional sysadm. Taught myself perl though.... Can't really say the
traditional training in imperative and functional prog langs really
helped much:-):-) Guess I'm just trying to say "Thanks for a great
product", in a rather roundabout and... mellow way:-)

>
> - --
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
>
(snip)

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From peter.bonivart at LKPG.VISIT.SE  Sat Dec  3 22:36:50 2005
From: peter.bonivart at LKPG.VISIT.SE (Peter Bonivart)
Date: Thu Jan 12 21:31:22 2006
Subject: Why is MS doing spam checks first?
Message-ID: <mailman.17523.1137101482.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:
> At the moment I'm having all sorts of nasty DCC problems so 
> have had to drop all use of it.

So I'm not alone having DCC problems for a week or so? It works on and 
off for me, first time in years I've had a problem with it. Haven't 
noticed any performance problems though since SA times it out so quickly.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From gib at TMISNET.COM  Sat Dec  3 22:37:14 2005
From: gib at TMISNET.COM (Gib Gilbertson Jr.)
Date: Thu Jan 12 21:31:22 2006
Subject: Viruses apparently getting through
Message-ID: <mailman.17524.1137101482.24926.mailscanner@lists.mailscanner.info>

Hi.

At 05:43 PM 3/12/2005, you wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Where is your copy of ClamAV installed? The location must be correct in
>/etc/MailScanner/virus.scanners.conf.
>If "which clamscan" produces /usr/local/bin/clamscan, then the entry in
>virus.scanners.conf should be "/usr/local", if it produces
>/usr/bin/clamscan, then it should be "/usr".
>
>What does your maillog say? That should give some indication of what
>it's finding.
>

Location is correct. It is catching other viruses fine. Just for some 
reason a few e-mails which appear to be messages from other mail 
systems reporting mail to non existent users has been returned for 
what ever reason. The headers of the original e-mail are always 
forged with some address from tmisnet.com such as hostmaster, or 
webmaster, etc.

Here is an entry for a typical virus found by ClamAV:

Dec  3 01:27:22 thumper MailScanner[62916]: 
/var/spool/MailScanner/incoming/62916/./jB39R0OK082075/account-password.zip: 
Worm.Mytob.
JM FOUND
Dec  3 01:27:22 thumper MailScanner[62916]: Virus Scanning: ClamAV 
found 1 infections
Dec  3 01:27:22 thumper MailScanner[62916]: Infected message 
jB39R0OK082075 came from 59.92.149.188
Dec  3 01:27:22 thumper MailScanner[62916]: Virus Scanning: Found 1 viruses

Just doesn't seem to be picking up this latest virus for some reason. 
ClamAV is up to date.

Thanks

gib



>Gib Gilbertson Jr. wrote:
>
> > Hi.
> >
> > I seeing a lot of e-mails getting through that are caught by ZoneAlarm
> > Security Suite and reported to be infected by the Win32.Sober.W!.ZIP
> > virus. These are coming in as attachments with the extension .zm9 as
> > reported by ZoneAlarm.
> >
> >
> > I am running the following on FreeBSD 4.10
> >
> > MailScanner 4.32.4
> > ClamAV 0.87.1/1200
> >
> > I've added a file types rule to deny \.zm9$ files
> >
> > I'm still getting them in e-mail though.
> >
> > Any thoughts?
> >
> > Thanks
> >
> > gib
> >



      Gib Gilbertson Jr.
      Tierramiga Info Systems
      619-287-8647 Support
      http://www.tmisnet.com
      San Diego's Friendly ISP

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jaearick at COLBY.EDU  Sat Dec  3 22:40:25 2005
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:31:22 2006
Subject: Viruses apparently getting through
Message-ID: <mailman.17525.1137101482.24926.mailscanner@lists.mailscanner.info>

Sigh.  I think this is another OS-specific instance of Clam failing
to catch Sober.U, noted by me earlier this week in this list.
Try using the latest CVS version of Clam to see if this solves your
problem.

Jeff Earickson
Colby College

On Sat, 3 Dec 2005, Gib Gilbertson Jr. wrote:

> Date: Sat, 3 Dec 2005 13:21:13 +1000
> From: Gib Gilbertson Jr. <gib@TMISNET.COM>
> Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Viruses apparently getting through
> 
> Hi.
>
> I seeing a lot of e-mails getting through that are caught by ZoneAlarm 
> Security Suite and reported to be infected by the Win32.Sober.W!.ZIP virus. 
> These are coming in as attachments with the extension .zm9 as reported by 
> ZoneAlarm.
>
>
> I am running the following on FreeBSD 4.10
>
> MailScanner 4.32.4
> ClamAV 0.87.1/1200
>
> I've added a file types rule to deny \.zm9$ files
>
> I'm still getting them in e-mail though.
>
> Any thoughts?
>
> Thanks
>
> gib
>
>
>
>     Gib Gilbertson Jr.
>     Tierramiga Info Systems
>     619-287-8647 Support
>     http://www.tmisnet.com
>     San Diego's Friendly ISP
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From peter.bonivart at LKPG.VISIT.SE  Sun Dec  4 00:05:09 2005
From: peter.bonivart at LKPG.VISIT.SE (Peter Bonivart)
Date: Thu Jan 12 21:31:22 2006
Subject: Viruses apparently getting through
Message-ID: <mailman.17526.1137101482.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Jeff A. Earickson wrote:
> Sigh.  I think this is another OS-specific instance of Clam failing
> to catch Sober.U, noted by me earlier this week in this list.
> Try using the latest CVS version of Clam to see if this solves your
> problem.

Must be something more specific than just OS since I'm catching lots of 
Sober.U with 0.87.1 on my Solaris 9 systems.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From gib at TMISNET.COM  Sun Dec  4 00:13:16 2005
From: gib at TMISNET.COM (Gib Gilbertson Jr.)
Date: Thu Jan 12 21:31:22 2006
Subject: Viruses apparently getting through
Message-ID: <mailman.17527.1137101482.24926.mailscanner@lists.mailscanner.info>

Hi.

At 05:40 PM 3/12/2005, you wrote:
>Sigh.  I think this is another OS-specific instance of Clam failing
>to catch Sober.U, noted by me earlier this week in this list.
>Try using the latest CVS version of Clam to see if this solves your
>problem.
>
>Jeff Earickson
>Colby College

ClamAV is catching the Sober.U virus. Here is a typical entry from my maillog.

Dec  3 08:41:05 thumper MailScanner[11564]: 
/var/spool/MailScanner/incoming/11564/./jB3Gei3e027819/reg_pass.zip: 
Worm.Sober.U FOUND
Dec  3 08:41:05 thumper MailScanner[11564]: Virus Scanning: ClamAV 
found 1 infections
Dec  3 08:41:05 thumper MailScanner[11564]: Infected message 
jB3Gei3e027819 came from 24.206.80.69
Dec  3 08:41:05 thumper MailScanner[11564]: Virus Scanning: Found 1 viruses

This appears to be a virus called Win32.Sober.W!.ZIP according to 
ZoneAlarm Security Suite. Note the W in the virus name.

gib


>On Sat, 3 Dec 2005, Gib Gilbertson Jr. wrote:
>
>>Date: Sat, 3 Dec 2005 13:21:13 +1000
>>From: Gib Gilbertson Jr. <gib@TMISNET.COM>
>>Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
>>To: MAILSCANNER@JISCMAIL.AC.UK
>>Subject: Viruses apparently getting through
>>Hi.
>>
>>I seeing a lot of e-mails getting through that are caught by 
>>ZoneAlarm Security Suite and reported to be infected by the 
>>Win32.Sober.W!.ZIP virus. These are coming in as attachments with 
>>the extension .zm9 as reported by ZoneAlarm.
>>
>>
>>I am running the following on FreeBSD 4.10
>>
>>MailScanner 4.32.4
>>ClamAV 0.87.1/1200
>>
>>I've added a file types rule to deny \.zm9$ files
>>
>>I'm still getting them in e-mail though.
>>
>>Any thoughts?
>>
>>Thanks
>>
>>gib



      Gib Gilbertson Jr.
      Tierramiga Info Systems
      619-287-8647 Support
      http://www.tmisnet.com
      San Diego's Friendly ISP

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From gib at TMISNET.COM  Sun Dec  4 00:25:43 2005
From: gib at TMISNET.COM (Gib Gilbertson Jr.)
Date: Thu Jan 12 21:31:22 2006
Subject: Viruses apparently getting through
Message-ID: <mailman.17528.1137101482.24926.mailscanner@lists.mailscanner.info>

At 05:43 PM 3/12/2005, you wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Where is your copy of ClamAV installed? The location must be correct in
>/etc/MailScanner/virus.scanners.conf.
>If "which clamscan" produces /usr/local/bin/clamscan, then the entry in
>virus.scanners.conf should be "/usr/local", if it produces
>/usr/bin/clamscan, then it should be "/usr".
>
>What does your maillog say? That should give some indication of what
>it's finding.

One thing I'm wondering about is why MailScanner isn't rejecting the 
file based on the file extension since it's set to deny in the 
filename.rules.conf file.

deny    \.zm9$

>Gib Gilbertson Jr. wrote:
>
> > Hi.
> >
> > I seeing a lot of e-mails getting through that are caught by ZoneAlarm
> > Security Suite and reported to be infected by the Win32.Sober.W!.ZIP
> > virus. These are coming in as attachments with the extension .zm9 as
> > reported by ZoneAlarm.
> >
> >
> > I am running the following on FreeBSD 4.10
> >
> > MailScanner 4.32.4
> > ClamAV 0.87.1/1200
> >
> > I've added a file types rule to deny \.zm9$ files
> >
> > I'm still getting them in e-mail though.
> >
> > Any thoughts?
> >
> > Thanks
> >
> > gib
> >
> >
> >
> >      Gib Gilbertson Jr.
> >      Tierramiga Info Systems
> >      619-287-8647 Support
> >      http://www.tmisnet.com
> >      San Diego's Friendly ISP
> >
> > ------------------------ MailScanner list ------------------------
> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> > Support MailScanner development - buy the book off the website!
>
>
>- --
>Julian Field
>www.MailScanner.info
>Buy the MailScanner book at www.MailScanner.info/store
>Professional Support Services at www.MailScanner.biz
>MailScanner thanks transtec Computers for their support
>
>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGP Desktop 9.0.3 (Build 2932)
>
>iQA/AwUBQ5HZKBH2WUcUFbZUEQIKBwCgl9T7X9Xg2QhKFbL0n+cNjFcTTB4AoNUP
>YoXqXQOSA1AVwLUeKTERIIbm
>=fo8d
>-----END PGP SIGNATURE-----
>
>--
>This message has been scanned for viruses and
>dangerous content by MailScanner, and is
>believed to be clean.
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!



      Gib Gilbertson Jr.
      Tierramiga Info Systems
      619-287-8647 Support
      http://www.tmisnet.com
      San Diego's Friendly ISP

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Sun Dec  4 09:23:24 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:22 2006
Subject: Viruses apparently getting through
Message-ID: <mailman.17529.1137101482.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 04/12/05, Gib Gilbertson Jr. <gib@tmisnet.com> wrote:
> At 05:43 PM 3/12/2005, you wrote:
> >-----BEGIN PGP SIGNED MESSAGE-----
> >Hash: SHA1
> >
> >Where is your copy of ClamAV installed? The location must be correct in
> >/etc/MailScanner/virus.scanners.conf.
> >If "which clamscan" produces /usr/local/bin/clamscan, then the entry in
> >virus.scanners.conf should be "/usr/local", if it produces
> >/usr/bin/clamscan, then it should be "/usr".
> >
> >What does your maillog say? That should give some indication of what
> >it's finding.
>
> One thing I'm wondering about is why MailScanner isn't rejecting the
> file based on the file extension since it's set to deny in the
> filename.rules.conf file.
>
> deny    \.zm9$
>

Are you positive that that is really what it's named when MS/Clamav
sees it? Might be zine alarm fiddling with the name...

About the virus name... What one AV calls a virus rarely map exactly
with what anyone else is calling it. For all we know, ZA night call
Sober.U (clamav) for Sober.W (compare with for example f-secure, that
call it Sober.Y ... still the same thing though). So that isn't much
of an indicator, unfortunately.
Are the archives really valid? Unpackable? If you unpack one of them,
and run Clamav on the unpacked content, is it detected then?

I see you run FreeBSD, but seem to only run clamav... Consider adding
BitDefender too, and see what that gives on the specific troublesome
mails (http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus:bitdefender:install#installing_on_freebsd)...
Unless you already have it, but haven't told us about that:-).

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dhawal at NETMAGICSOLUTIONS.COM  Sun Dec  4 11:22:23 2005
From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy)
Date: Thu Jan 12 21:31:22 2006
Subject: Block SOBER at MTA (postfix)
Message-ID: <mailman.17530.1137101482.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "utf-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hello All, 

A simple body check in postfix will reject all sober.u mails. Create a file
/etc/postfix/virus_body_checks with this content: 

/^UEsDBAoAAAAAAACQdjPMyus3XtgAAF7YAAAYAAAARmlsZS1wYWNrZWRfZGF0YUluZm8uZXhlTV 
qQ/
       REJECT VIRUS (W32/Sober.U@MM) 

OR download it from here..
http://mx2.netmagicians.com/virus_body_checks 

And add this to your /etc/postfix/main.cf
body_checks = regexp:/etc/postfix/virus_body_checks 

The string UEsDBAoAAAAAAA.... is the first mime encoded line of the sober.u 
variant. This works well for sober but no 100% strike rate (yet) for netsky. 

Going forward (if the interest exists) i think we ought to maintain this for 
all supported MTAs and all (possible) new virus outbreaks. 

 - dhawal

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Sun Dec  4 12:31:22 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:22 2006
Subject: Viruses apparently getting through
Message-ID: <mailman.17531.1137101482.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Gib Gilbertson Jr. wrote on         Sun, 4 Dec 2005 10:25:43 +1000:

> One thing I'm wondering about is why MailScanner isn't rejecting the 
> file based on the file extension since it's set to deny in the 
> filename.rules.conf file.

I'd start testing by sending such files to me ...

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Sun Dec  4 12:31:22 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:22 2006
Subject: Viruses apparently getting through
Message-ID: <mailman.17532.1137101482.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Gib Gilbertson Jr. wrote on         Sun, 4 Dec 2005 10:13:16 +1000:

> This appears to be a virus called Win32.Sober.W!.ZIP according to 
> ZoneAlarm Security Suite. Note the W in the virus name.

You should be aware that most vendors name/enumerate them slightly 
differently, unfortunately.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Sun Dec  4 12:48:05 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:22 2006
Subject: Why is MS doing spam checks first?
Message-ID: <mailman.17533.1137101482.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Peter Bonivart wrote:

> Julian Field wrote:
>
>> At the moment I'm having all sorts of nasty DCC problems so have had 
>> to drop all use of it.
>
>
> So I'm not alone having DCC problems for a week or so? It works on and 
> off for me, first time in years I've had a problem with it. Haven't 
> noticed any performance problems though since SA times it out so quickly.

What does "cdcc rtt" produce?
Do some of the servers take seconds to respond?
And what is the average time of response (near the top of the output)?

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Sun Dec  4 12:50:19 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:22 2006
Subject: Viruses apparently getting through
Message-ID: <mailman.17534.1137101482.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Gib Gilbertson Jr. wrote:

> At 05:43 PM 3/12/2005, you wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Where is your copy of ClamAV installed? The location must be correct in
>> /etc/MailScanner/virus.scanners.conf.
>> If "which clamscan" produces /usr/local/bin/clamscan, then the entry in
>> virus.scanners.conf should be "/usr/local", if it produces
>> /usr/bin/clamscan, then it should be "/usr".
>>
>> What does your maillog say? That should give some indication of what
>> it's finding.
>
>
> One thing I'm wondering about is why MailScanner isn't rejecting the 
> file based on the file extension since it's set to deny in the 
> filename.rules.conf file.
>
> deny    \.zm9$

Do you have the 2 logging and user report strings after that? There must 
be 4 fields in each line in that file, or it will ignore the line (and 
should log the syntax error).

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From drew at THEMARSHALLS.CO.UK  Sun Dec  4 15:35:58 2005
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:31:22 2006
Subject: Block SOBER at MTA (postfix)
Message-ID: <mailman.17535.1137101482.24926.mailscanner@lists.mailscanner.info>

On 4 Dec 2005, at 11:22, Dhawal Doshy wrote:

> Hello All,
> A simple body check in postfix will reject all sober.u mails.  
> Create a file
> /etc/postfix/virus_body_checks with this content:
> / 
> ^UEsDBAoAAAAAAACQdjPMyus3XtgAAF7YAAAYAAAARmlsZS1wYWNrZWRfZGF0YUluZm8uZ 
> XhlTV qQ/
>       REJECT VIRUS (W32/Sober.U@MM)

Nice. Smart way to prevent MailScanner swamping as Remco is  
experiencing.

> OR download it from here..
> http://mx2.netmagicians.com/virus_body_checks
> And add this to your /etc/postfix/main.cf
> body_checks = regexp:/etc/postfix/virus_body_checks
> The string UEsDBAoAAAAAAA.... is the first mime encoded line of the  
> sober.u variant. This works well for sober but no 100% strike rate  
> (yet) for netsky.
> Going forward (if the interest exists) i think we ought to maintain  
> this for all supported MTAs and all (possible) new virus outbreaks.

Agreed. Perhaps we can lift some of the regex's from the Clam virus  
definitions? I have no idea how possible this is/ maybe...

Drew

-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Sun Dec  4 15:49:51 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:22 2006
Subject: Block SOBER at MTA (postfix)
Message-ID: <mailman.17536.1137101482.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Drew Marshall wrote:

> On 4 Dec 2005, at 11:22, Dhawal Doshy wrote:
>
>> Hello All,
>> A simple body check in postfix will reject all sober.u mails.  Create 
>> a file
>> /etc/postfix/virus_body_checks with this content:
>> / 
>> ^UEsDBAoAAAAAAACQdjPMyus3XtgAAF7YAAAYAAAARmlsZS1wYWNrZWRfZGF0YUluZm8uZ 
>> XhlTV qQ/
>>       REJECT VIRUS (W32/Sober.U@MM)
>
>
> Nice. Smart way to prevent MailScanner swamping as Remco is  
> experiencing.
>
>> OR download it from here..
>> http://mx2.netmagicians.com/virus_body_checks
>> And add this to your /etc/postfix/main.cf
>> body_checks = regexp:/etc/postfix/virus_body_checks
>> The string UEsDBAoAAAAAAA.... is the first mime encoded line of the  
>> sober.u variant. This works well for sober but no 100% strike rate  
>> (yet) for netsky.
>> Going forward (if the interest exists) i think we ought to maintain  
>> this for all supported MTAs and all (possible) new virus outbreaks.
>
>
> Agreed. Perhaps we can lift some of the regex's from the Clam virus  
> definitions? I have no idea how possible this is/ maybe... 

This sounds remarkably like you are trying to make a virus scanner of 
your own. You better be sure this is really the sort of thing you want 
to take on as a project. You'll have users wanting signatures very 
quickly and stuff like that, before you know where you are.
Personally I would steer well clear of it, and try out various ways of 
deploying ClamAV at MTA level if that's what you want to achieve.
Just my 2p worth...

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jgouveia at GMAIL.COM  Sun Dec  4 16:27:47 2005
From: jgouveia at GMAIL.COM ([ISO-8859-1] João Gouveia)
Date: Thu Jan 12 21:31:22 2006
Subject: Viruses apparently getting through
Message-ID: <mailman.17537.1137101482.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi,

I've seen a similar behaviour. In that particular situation, after
analisys, it turned out that the zip file was corrupted.
Running clamav by hand would render an error stating that the file
could not be unziped.

J.

On 12/3/05, Gib Gilbertson Jr. <gib@tmisnet.com> wrote:
> Hi.
>
> At 05:43 PM 3/12/2005, you wrote:
> >-----BEGIN PGP SIGNED MESSAGE-----
> >Hash: SHA1
> >
> >Where is your copy of ClamAV installed? The location must be correct in
> >/etc/MailScanner/virus.scanners.conf.
> >If "which clamscan" produces /usr/local/bin/clamscan, then the entry in
> >virus.scanners.conf should be "/usr/local", if it produces
> >/usr/bin/clamscan, then it should be "/usr".
> >
> >What does your maillog say? That should give some indication of what
> >it's finding.
> >
>
> Location is correct. It is catching other viruses fine. Just for some
> reason a few e-mails which appear to be messages from other mail
> systems reporting mail to non existent users has been returned for
> what ever reason. The headers of the original e-mail are always
> forged with some address from tmisnet.com such as hostmaster, or
> webmaster, etc.
>
> Here is an entry for a typical virus found by ClamAV:
>
> Dec  3 01:27:22 thumper MailScanner[62916]:
> /var/spool/MailScanner/incoming/62916/./jB39R0OK082075/account-password.zip:
> Worm.Mytob.
> JM FOUND
> Dec  3 01:27:22 thumper MailScanner[62916]: Virus Scanning: ClamAV
> found 1 infections
> Dec  3 01:27:22 thumper MailScanner[62916]: Infected message
> jB39R0OK082075 came from 59.92.149.188
> Dec  3 01:27:22 thumper MailScanner[62916]: Virus Scanning: Found 1 viruses
>
> Just doesn't seem to be picking up this latest virus for some reason.
> ClamAV is up to date.
>
> Thanks
>
> gib
>
>
>
> >Gib Gilbertson Jr. wrote:
> >
> > > Hi.
> > >
> > > I seeing a lot of e-mails getting through that are caught by ZoneAlarm
> > > Security Suite and reported to be infected by the Win32.Sober.W!.ZIP
> > > virus. These are coming in as attachments with the extension .zm9 as
> > > reported by ZoneAlarm.
> > >
> > >
> > > I am running the following on FreeBSD 4.10
> > >
> > > MailScanner 4.32.4
> > > ClamAV 0.87.1/1200
> > >
> > > I've added a file types rule to deny \.zm9$ files
> > >
> > > I'm still getting them in e-mail though.
> > >
> > > Any thoughts?
> > >
> > > Thanks
> > >
> > > gib
> > >
>
>
>
>       Gib Gilbertson Jr.
>       Tierramiga Info Systems
>       619-287-8647 Support
>       http://www.tmisnet.com
>       San Diego's Friendly ISP
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Sun Dec  4 16:36:36 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:22 2006
Subject: Viruses apparently getting through
Message-ID: <mailman.17538.1137101482.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Corrupted viruses are surprisingly common. It always makes me wonder how 
this happens. The other thing that happens is they turn into 0-length 
files. Everything else about the message looks exactly like the virus, 
just the attachment has no data in it. Never figured that one out 
either, unless it's a broken virus scanner doing it. I hope MailScanner 
doesn't ever do that!

João Gouveia wrote:

>Hi,
>
>I've seen a similar behaviour. In that particular situation, after
>analisys, it turned out that the zip file was corrupted.
>Running clamav by hand would render an error stating that the file
>could not be unziped.
>
>J.
>
>On 12/3/05, Gib Gilbertson Jr. <gib@tmisnet.com> wrote:
>  
>
>>Hi.
>>
>>At 05:43 PM 3/12/2005, you wrote:
>>    
>>
>>>-----BEGIN PGP SIGNED MESSAGE-----
>>>Hash: SHA1
>>>
>>>Where is your copy of ClamAV installed? The location must be correct in
>>>/etc/MailScanner/virus.scanners.conf.
>>>If "which clamscan" produces /usr/local/bin/clamscan, then the entry in
>>>virus.scanners.conf should be "/usr/local", if it produces
>>>/usr/bin/clamscan, then it should be "/usr".
>>>
>>>What does your maillog say? That should give some indication of what
>>>it's finding.
>>>
>>>      
>>>
>>Location is correct. It is catching other viruses fine. Just for some
>>reason a few e-mails which appear to be messages from other mail
>>systems reporting mail to non existent users has been returned for
>>what ever reason. The headers of the original e-mail are always
>>forged with some address from tmisnet.com such as hostmaster, or
>>webmaster, etc.
>>
>>Here is an entry for a typical virus found by ClamAV:
>>
>>Dec  3 01:27:22 thumper MailScanner[62916]:
>>/var/spool/MailScanner/incoming/62916/./jB39R0OK082075/account-password.zip:
>>Worm.Mytob.
>>JM FOUND
>>Dec  3 01:27:22 thumper MailScanner[62916]: Virus Scanning: ClamAV
>>found 1 infections
>>Dec  3 01:27:22 thumper MailScanner[62916]: Infected message
>>jB39R0OK082075 came from 59.92.149.188
>>Dec  3 01:27:22 thumper MailScanner[62916]: Virus Scanning: Found 1 viruses
>>
>>Just doesn't seem to be picking up this latest virus for some reason.
>>ClamAV is up to date.
>>
>>Thanks
>>
>>gib
>>
>>
>>
>>    
>>
>>>Gib Gilbertson Jr. wrote:
>>>
>>>      
>>>
>>>>Hi.
>>>>
>>>>I seeing a lot of e-mails getting through that are caught by ZoneAlarm
>>>>Security Suite and reported to be infected by the Win32.Sober.W!.ZIP
>>>>virus. These are coming in as attachments with the extension .zm9 as
>>>>reported by ZoneAlarm.
>>>>
>>>>
>>>>I am running the following on FreeBSD 4.10
>>>>
>>>>MailScanner 4.32.4
>>>>ClamAV 0.87.1/1200
>>>>
>>>>I've added a file types rule to deny \.zm9$ files
>>>>
>>>>I'm still getting them in e-mail though.
>>>>
>>>>Any thoughts?
>>>>
>>>>Thanks
>>>>
>>>>gib
>>>>

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From drew at THEMARSHALLS.CO.UK  Sun Dec  4 16:52:35 2005
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:31:22 2006
Subject: Block SOBER at MTA (postfix)
Message-ID: <mailman.17539.1137101482.24926.mailscanner@lists.mailscanner.info>

On 4 Dec 2005, at 15:49, Julian Field wrote:

>>> Going forward (if the interest exists) i think we ought to  
>>> maintain  this for all supported MTAs and all (possible) new  
>>> virus outbreaks.
>>
>>
>> Agreed. Perhaps we can lift some of the regex's from the Clam  
>> virus  definitions? I have no idea how possible this is/ maybe...
>
> This sounds remarkably like you are trying to make a virus scanner  
> of your own. You better be sure this is really the sort of thing  
> you want to take on as a project. You'll have users wanting  
> signatures very quickly and stuff like that, before you know where  
> you are.
> Personally I would steer well clear of it, and try out various ways  
> of deploying ClamAV at MTA level if that's what you want to achieve.
> Just my 2p worth...

Re-reading my post it does sound like that doesn't it...

Certainly this is not what I am trying to achieve, however for major  
outbreaks using header/ body checks maybe useful (My ISP uses a  
similar technique on their incoming MTA's). This sort of thing can  
never be a substitute for a real AV product. After all, why re-invent  
the wheel, Clam does rather a good job and if you want MTA scanning  
use clamd direct from your MTA. Most have some form of plugin  
capability.

Drew

-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From support-lists at PETDOCTORS.CO.UK  Sun Dec  4 21:05:17 2005
From: support-lists at PETDOCTORS.CO.UK (Nigel kendrick)
Date: Thu Jan 12 21:31:22 2006
Subject: Blocking emails that claim to come from our domain
Message-ID: <mailman.17540.1137101482.24926.mailscanner@lists.mailscanner.info>

Apologies if the answer to this is staring me in the face - I have done a
few searches but without any luck.

We are seeing a steady stream of emails from
adsl-70-248-164-89.dsl.hstntx.swbell.net[70.248.164.89] that claim to come
from an address in our domain (i.e.: admin@ourdomainname.com) and contain
the usual stuff about verifying passwords, mail accounts being suspended
etc. All legitimate users have to login to send mail so what's the most
effective and simple way to block mail from external sources that contain
our domain name? At the moment I am just putting the subjects in a
spamassassin rule but it's a bit of a 'blunt' way of trapping them.

Thanks

Nigel Kendrick

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Sun Dec  4 21:33:30 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:22 2006
Subject: Blocking emails that claim to come from our domain
Message-ID: <mailman.17541.1137101482.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 04/12/05, Nigel kendrick <support-lists@petdoctors.co.uk> wrote:
> Apologies if the answer to this is staring me in the face - I have done a
> few searches but without any luck.
>
> We are seeing a steady stream of emails from
> adsl-70-248-164-89.dsl.hstntx.swbell.net[70.248.164.89] that claim to come
> from an address in our domain (i.e.: admin@ourdomainname.com) and contain
> the usual stuff about verifying passwords, mail accounts being suspended
> etc. All legitimate users have to login to send mail so what's the most
> effective and simple way to block mail from external sources that contain
> our domain name? At the moment I am just putting the subjects in a
> spamassassin rule but it's a bit of a 'blunt' way of trapping them.
>
> Thanks
>
> Nigel Kendrick
>
Reject at the MTA (I use Postfix, and have a nice "ati-spoof" check
that I apply on HELO and senders... All trusted clients are handled by
a permit_mynetworks, so aren't affected). If it is a single IP, then
just firewall it.

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From steve.swaney at fsl.com  Sun Dec  4 21:40:30 2005
From: steve.swaney at fsl.com (Stephen Swaney)
Date: Thu Jan 12 21:31:22 2006
Subject: Blocking emails that claim to come from our domain
Message-ID: <mailman.17542.1137101482.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Nigel kendrick
> Sent: Sunday, December 04, 2005 4:05 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Blocking emails that claim to come from our domain
> 
> Apologies if the answer to this is staring me in the face - I have done a
> few searches but without any luck.
> 
> We are seeing a steady stream of emails from
> adsl-70-248-164-89.dsl.hstntx.swbell.net[70.248.164.89] that claim to come
> from an address in our domain (i.e.: admin@ourdomainname.com) and contain
> the usual stuff about verifying passwords, mail accounts being suspended
> etc. All legitimate users have to login to send mail so what's the most
> effective and simple way to block mail from external sources that contain
> our domain name? At the moment I am just putting the subjects in a
> spamassassin rule but it's a bit of a 'blunt' way of trapping them.
> 
> Thanks
> 
> Nigel Kendrick

If you're using sendmail take a look at:

http://www.cs.niu.edu/~rickert/cf/hack/block_bad_helo.m4 

Steve

Stephen Swaney
Fort Systems Ltd.
stephen.swaney@fsl.com
www.fsl.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mailscanner at MANGO.ZW  Sun Dec  4 21:41:43 2005
From: mailscanner at MANGO.ZW (Jim Holland)
Date: Thu Jan 12 21:31:22 2006
Subject: Blocking emails that claim to come from our domain
Message-ID: <mailman.17543.1137101482.24926.mailscanner@lists.mailscanner.info>

Hi

On Sun, 4 Dec 2005, Nigel kendrick wrote:

> We are seeing a steady stream of emails from
> adsl-70-248-164-89.dsl.hstntx.swbell.net[70.248.164.89] that claim to come
> from an address in our domain (i.e.: admin@ourdomainname.com) and contain
> the usual stuff about verifying passwords, mail accounts being suspended
> etc. All legitimate users have to login to send mail so what's the most
> effective and simple way to block mail from external sources that contain
> our domain name? At the moment I am just putting the subjects in a
> spamassassin rule but it's a bit of a 'blunt' way of trapping them.

I also used a pretty blunt method as well, noticing that the addresses 
involved were:

administrator@yourdomain
admin@yourdomain
adm@yourdomain
apache@yourdomain
ftp@yourdomain
hostmaster@yourdomain
ident@yourdomain
info@yourdomain
mail@yourdomain
noreply@yourdomain
operator@yourdomain
register@yourdomain
service@yourdomain
staff@yourdomain
subs@yourdomain
support@yourdomain
system@yourdomain
update@yourdomain
validation@yourdomain
webmaster@yourdomain

As none of the above addresses were being used for outgoing mail, I just
put lines such as the following for each of the addresses in the sendmail 
access file:

From:admin@mydomain	550 Blocking spoofed address admin@mydomain

I also found a problem with numerous bounces to such addresses, so put in 
lines such as the following:

To:admin@mydomain	550 This address is no longer valid - please write to postmaster instead

It was quick and dirty but stopped large numbers of problem messages.

More elegant solutions will be found in the archives.

Regards

Jim Holland
System Administrator
MANGO - Zimbabwe's non-profit e-mail service

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From gib at TMISNET.COM  Mon Dec  5 01:09:44 2005
From: gib at TMISNET.COM (Gib Gilbertson Jr.)
Date: Thu Jan 12 21:31:22 2006
Subject: Viruses apparently getting through
Message-ID: <mailman.17544.1137101482.24926.mailscanner@lists.mailscanner.info>

At 12:50 PM 4/12/2005, you wrote:

>>One thing I'm wondering about is why MailScanner isn't rejecting 
>>the file based on the file extension since it's set to deny in the 
>>filename.rules.conf file.
>>
>>deny    \.zm9$
>
>Do you have the 2 logging and user report strings after that? There 
>must be 4 fields in each line in that file, or it will ignore the 
>line (and should log the syntax error).
>
>--
>Julian Field
>www.MailScanner.info
>Buy the MailScanner book at www.MailScanner.info/store
>Professional Support Services at www.MailScanner.biz
>MailScanner thanks transtec Computers for their support

Here is the full string from the filename.rules.conf file, tabs 
between fields...

deny    \.zm9$   Possible virus hidden in zip files      Sober .W virus





      Gib Gilbertson Jr.
      Tierramiga Info Systems
      619-287-8647 Support
      http://www.tmisnet.com
      San Diego's Friendly ISP

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From gib at TMISNET.COM  Mon Dec  5 02:12:02 2005
From: gib at TMISNET.COM (Gib Gilbertson Jr.)
Date: Thu Jan 12 21:31:22 2006
Subject: Viruses apparently getting through
Message-ID: <mailman.17545.1137101482.24926.mailscanner@lists.mailscanner.info>

Hi.

At 10:23 AM 4/12/2005, you wrote:

>I see you run FreeBSD, but seem to only run clamav... Consider adding
>BitDefender too, and see what that gives on the specific troublesome
>mails 
>(http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus:bitdefender:install#installing_on_freebsd)...
>Unless you already have it, but haven't told us about that:-).
>

I have it now. Just installed it and it's already caught a virus that 
ClamAV missed. So now we shall see.

Thanks for all the help

gib




      Gib Gilbertson Jr.
      Tierramiga Info Systems
      619-287-8647 Support
      http://www.tmisnet.com
      San Diego's Friendly ISP

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From martinh at SOLID-STATE-LOGIC.COM  Mon Dec  5 09:09:37 2005
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:31:22 2006
Subject: Exim Install
Message-ID: <mailman.17546.1137101482.24926.mailscanner@lists.mailscanner.info>

Steve

Aha - you're using slit queues...you need to enable that setting in the
MailScanner.conf..

--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Steve Evans
> Sent: 02 December 2005 18:26
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: [MAILSCANNER] Exim Install
> 
> I went through the instructions again, starting from scratch.  I've made
> some serious progress.  MailScanner is definantly processing some mail.  I
> show that I process some mail in the maillog.
> 
> However I keep getting these lines in the maillog
> 
> Dec  2 13:25:58 1n6-5 MailScanner[19651]: Could not open file
> >/var/spool/exim.out/input/i/1EiFai-0004f7-Sr-D: No such file or directory
> Dec  2 13:25:58 1n6-5 MailScanner[19651]: Cannot create + lock clean body
> /var/spool/exim.out/input/i/1EiFai-0004f7-Sr-D,
> 
> And it will be for the same file over and over again.
> 
> Here are the results of check_MailScanner though.
> 
> Starting MailScanner...
> In Debugging mode, not forking...
> Done the parse. Counter = 0 and max = 200
> format error: bad signature: 0x00905a4d at offset 0 in file
> /var/spool/MailScanner/incoming/32097/1Ehj5W-0001dj-A9/File-
> packed_dataInfo.exe
>  at /usr/lib/MailScanner/MailScanner/MessageBatch.pm line 443
> IO error: seeking to local header : Invalid argument
>  at /usr/lib/MailScanner/MailScanner/MessageBatch.pm line 443
> Done the parse. Counter = 0 and max = 200
> format error: can't find EOCD signature
>  at /usr/sbin/MailScanner line 599
> Done the parse. Counter = 0 and max = 200
> format error: can't find EOCD signature
>  at /usr/sbin/MailScanner line 599
> Done the parse. Counter = 0 and max = 200
> Done the parse. Counter = 0 and max = 200
> format error: bad signature: 0x00905a4d at offset 0 in file
> /var/spool/MailScanner/incoming/32097/1EhWT6-0002aZ-H3/File-
> packed_dataInfo.exe
>  at /usr/lib/MailScanner/MailScanner/MessageBatch.pm line 443
> IO error: seeking to local header : Invalid argument
>  at /usr/lib/MailScanner/MailScanner/MessageBatch.pm line 443
> Done the parse. Counter = 0 and max = 200
> Done the parse. Counter = 0 and max = 200
> Done the parse. Counter = 0 and max = 200
> format error: bad signature: 0x00905a4d at offset 0 in file
> /var/spool/MailScanner/incoming/32097/1EhGoQ-0005Hr-QC/File-
> packed_dataInfo.exe
>  at /usr/lib/MailScanner/MailScanner/MessageBatch.pm line 443
> IO error: seeking to local header : Invalid argument
>  at /usr/lib/MailScanner/MailScanner/MessageBatch.pm line 443
> Done the parse. Counter = 0 and max = 200
> format error: bad signature: 0x00905a4d at offset 0 in file
> /var/spool/MailScanner/incoming/32097/1EhbVW-0005E9-33/File-
> packed_dataInfo.exe
>  at /usr/lib/MailScanner/MailScanner/MessageBatch.pm line 443
> IO error: seeking to local header : Invalid argument
>  at /usr/lib/MailScanner/MailScanner/MessageBatch.pm line 443
> Done the parse. Counter = 0 and max = 200
> Done the parse. Counter = 0 and max = 200
> Done the parse. Counter = 0 and max = 200
> Done the parse. Counter = 0 and max = 200
> Done the parse. Counter = 0 and max = 200
> Done the parse. Counter = 0 and max = 200
> format error: bad signature: 0x00905a4d at offset 0 in file
> /var/spool/MailScanner/incoming/32097/1Ehqwg-0000F1-N0/File-
> packed_dataInfo.exe
>  at /usr/lib/MailScanner/MailScanner/MessageBatch.pm line 443
> IO error: seeking to local header : Invalid argument
>  at /usr/lib/MailScanner/MailScanner/MessageBatch.pm line 443
> Done the parse. Counter = 0 and max = 200
> Done the parse. Counter = 0 and max = 200
> format error: bad signature: 0x00905a4d at offset 0 in file
> /var/spool/MailScanner/incoming/32097/1EhrjH-0003vf-J8/File-
> packed_dataInfo.exe
>  at /usr/lib/MailScanner/MailScanner/MessageBatch.pm line 443
> IO error: seeking to local header : Invalid argument
>  at /usr/lib/MailScanner/MailScanner/MessageBatch.pm line 443
> Done the parse. Counter = 0 and max = 200
> format error: bad signature: 0x00905a4d at offset 0 in file
> /var/spool/MailScanner/incoming/32097/1EhJXv-0003mO-Np/File-
> packed_dataInfo.exe
>  at /usr/lib/MailScanner/MailScanner/MessageBatch.pm line 443
> IO error: seeking to local header : Invalid argument
>  at /usr/lib/MailScanner/MailScanner/MessageBatch.pm line 443
> Done the parse. Counter = 0 and max = 200
> Done the parse. Counter = 0 and max = 200
> Done the parse. Counter = 0 and max = 200
> Done the parse. Counter = 0 and max = 200
> format error: bad signature: 0x00905a4d at offset 0 in file
> /var/spool/MailScanner/incoming/32097/1EhYXr-0000G5-58/File-
> packed_dataInfo.exe
>  at /usr/lib/MailScanner/MailScanner/MessageBatch.pm line 443
> IO error: seeking to local header : Invalid argument
>  at /usr/lib/MailScanner/MailScanner/MessageBatch.pm line 443
> Done the parse. Counter = 0 and max = 200
> Done the parse. Counter = 0 and max = 200
> format error: bad signature: 0x00905a4d at offset 0 in file
> /var/spool/MailScanner/incoming/32097/1EhduZ-0003xD-UA/File-
> packed_dataInfo.exe
>  at /usr/lib/MailScanner/MailScanner/MessageBatch.pm line 443
> IO error: seeking to local header : Invalid argument
>  at /usr/lib/MailScanner/MailScanner/MessageBatch.pm line 443
> Done the parse. Counter = 0 and max = 200
> Done the parse. Counter = 0 and max = 200
> Done the parse. Counter = 0 and max = 200
> Done the parse. Counter = 0 and max = 200
> Done the parse. Counter = 0 and max = 200
> Done the parse. Counter = 0 and max = 200
> Cannot create + lock clean body /var/spool/exim.out/input/O/1Ehj7O-0007z2-
> HW-D,  at /usr/lib/MailScanner/MailScanner/EximDiskStore.pm line 370
> 
> 
> 
> 
> Steve Evans
> 805-756-7517
> 
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Martin Hepworth
> Sent: Friday, December 02, 2005 9:47 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Exim Install
> 
> Hmmm
> 
> When its in debug mode it should only go through one sequence and stop....
> most odd..
> 
> 
> 
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
> 
> > -----Original Message-----
> > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> > Behalf Of Steve Evans
> > Sent: 02 December 2005 17:33
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: Re: [MAILSCANNER] Exim Install
> >
> > 4.43
> >
> > If I take out the line queue_only = true from /etc/exim.conf I can
> > start MailScanner and it runs fine.  It just doesn't scan mail.  Mail
> > just gets delieverd like normal.  So I'm pretty sure I have everything
> > pointed to the right conf files.
> >
> > Also if I do a check_MailScanner I noticed that no exim process's ever
> > fire.  It gets stuck before that point.
> >
> > One of the steps from the wiki
> >
> (http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:
> > exim:installation&s=exim+4) was to change the file /etc/init.d/exim
> >
> > I had trouble finding the line /usr/exim/bin/exim -bd -q15m, so I
> > moved the exim file, created a new one, and put in the two lines
> >
> > /usr/sbin/exim -bd
> > /usr/sbin/exim -q15m -C /etc/exim_scanned.conf
> >
> > Obviously there's no error checking or such, but it gets the job done
> > for now.  If I start my new exim service it runs fine.  I just have to
> > kill the process's manually.  I have attached the original
> > /etc/init.d/exim file.
> >
> > Steve Evans
> > 805-756-7517
> >
> > -----Original Message-----
> > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> > Behalf Of Martin Hepworth
> > Sent: Friday, December 02, 2005 9:19 AM
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: Re: Exim Install
> >
> > Steve
> >
> > Well in your original email you had the config file as /etc/exim.conf
> > and /etc/exim_scanned.conf.
> >
> > What version of Exim are you using?
> >
> > --
> > Martin Hepworth
> > Snr Systems Administrator
> > Solid State Logic
> > Tel: +44 (0)1865 842300
> >
> > > -----Original Message-----
> > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]
> > > On Behalf Of Steve Evans
> > > Sent: 02 December 2005 17:09
> > > To: MAILSCANNER@JISCMAIL.AC.UK
> > > Subject: Re: [MAILSCANNER] Exim Install
> > >
> > > It is correct.
> > >
> > >
> > > Steve Evans
> > > 805-756-7517
> > >
> > > -----Original Message-----
> > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]
> > > On Behalf Of Martin Hepworth
> > > Sent: Friday, December 02, 2005 8:43 AM
> > > To: MAILSCANNER@JISCMAIL.AC.UK
> > > Subject: Re: Exim Install
> > >
> > > Steve
> > >
> > > Hmm silly line wrapping....
> > >
> > > Edit the /etc/sysconfig/MailScanner
> > >
> > > Make sure the EXIMINCF and EXIMSENDCF vars are set properly to point
> > > at the correct files...
> > >
> > > EXIMINCF=/etc/exim.conf
> > >
> > > EXIMSENDCF=/etc/exim_scanned.conf
> > >
> > > --
> > > Martin Hepworth
> > > Snr Systems Administrator
> > > Solid State Logic
> > > Tel: +44 (0)1865 842300
> > >
> > > > -----Original Message-----
> > > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]
> > > > On Behalf Of Steve Evans
> > > > Sent: 02 December 2005 16:33
> > > > To: MAILSCANNER@JISCMAIL.AC.UK
> > > > Subject: Re: [MAILSCANNER] Exim Install
> > > >
> > > > I'm sorry, what do you want me to try exactly?
> > > >
> > > >
> > > > Steve Evans
> > > > 805-756-7517
> > > >
> > > > -----Original Message-----
> > > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]
> > > > On Behalf Of Martin Hepworth
> > > > Sent: Friday, December 02, 2005 8:28 AM
> > > > To: MAILSCANNER@JISCMAIL.AC.UK
> > > > Subject: Re: Exim Install
> > > >
> > > > Steve
> > > >
> > > > Try
> > > >
> > > > Modified the file /etc/sysconfig/MailScanner EXIM=/usr/sbin/exim
> > > > EXIMINCF=/etc/exim.conf EXIMSENDCF=/etc/exim_scanned.conf
> > > >
> > > > --
> > > > Martin Hepworth
> > > > Snr Systems Administrator
> > > > Solid State Logic
> > > > Tel: +44 (0)1865 842300
> > > >
> > > > > -----Original Message-----
> > > > > From: MailScanner mailing list
> > > > > [mailto:MAILSCANNER@JISCMAIL.AC.UK]
> > > > > On Behalf Of Steve Evans
> > > > > Sent: 02 December 2005 16:23
> > > > > To: MAILSCANNER@JISCMAIL.AC.UK
> > > > > Subject: Re: [MAILSCANNER] Exim Install
> > > > >
> > > > > First it was telling me:
> > > > >
> > > > > In Debugging mode, not forking...
> > > > > Cannot create temporary Work Dir /22113. Are the permissions and
> > > > > ownership of  correct? at
> > > > > /usr/lib/MailScanner/MailScanner/WorkArea.pm
> > > > > line 152
> > > > >
> > > > > Then I changed the ownership of /var/spool/MailScanner to
> > > > > mailnull.mailnull (which is the user and group that exim runs
> > > > > as) and now when I run check_MailScanner it just sits there
> > > > > forever
> > with:
> > > > >
> > > > > Starting MailScanner...
> > > > > In Debugging mode, not forking...
> > > > >
> > > > > If I run top it lists MailScanner at the top of the list but
> > > > > it's consuming no to little CPU.
> > > > >
> > > > >
> > > > > Steve Evans
> > > > > 805-756-7517
> > > > >
> > > > > -----Original Message-----
> > > > > From: MailScanner mailing list
> > > > > [mailto:MAILSCANNER@JISCMAIL.AC.UK]
> > > > > On Behalf Of Martin Hepworth
> > > > > Sent: Friday, December 02, 2005 12:58 AM
> > > > > To: MAILSCANNER@JISCMAIL.AC.UK
> > > > > Subject: Re: Exim Install
> > > > >
> > > > > Steve
> > > > >
> > > > > Make sure there's something in the incoming spool
> > > > >
> > > > > Put MailScanner into debug mode (edit MailScanner.conf and
> > > > > change both debug values to yes).
> > > > >
> > > > > Stop MailScanner
> > > > >
> > > > > Run check_mailscanner
> > > > >
> > > > > This will dump a load of debug to the screen and you should be
> > > > > able to see whats happening (or not in your case)
> > > > >
> > > > > --
> > > > > Martin Hepworth
> > > > > Snr Systems Administrator
> > > > > Solid State Logic
> > > > > Tel: +44 (0)1865 842300
> > > > > > -----Original Message-----
> > > > > > From: MailScanner mailing list
> > > > > > [mailto:MAILSCANNER@JISCMAIL.AC.UK]
> > > > > > On Behalf Of Steve Evans
> > > > > > Sent: 01 December 2005 20:29
> > > > > > To: MAILSCANNER@JISCMAIL.AC.UK
> > > > > > Subject: [MAILSCANNER] Exim Install
> > > > > >
> > > > > > I'm trying to install MailScanner with exim for the first time.
> > > > > > Here is a list of the steps I have taken.
> > > > > >
> > > > > > Install MailScanner (no problems) Copied /etc/exim.conf to
> > > > > > /etc/exim_scanned.conf Added these lines to /etc/exim.conf
> > > > > >     spool_directory = /var/spool/exim_incoming
> > > > > >     queue_only = true
> > > > > >
> > > > > > Then down in the routers config section of /etc/exim.conf I
> added
> > > > > >     defer_router:
> > > > > >         driver = manualroute
> > > > > >         route_list = * 127.0.0.1 byname
> > > > > >         self = defer
> > > > > >         verify = false
> > > > > >
> > > > > > In MailScanner.conf I modified these lines
> > > > > >     Incoming Queue Dir = /var/spool/exim_incoming/input/
> > > > > >     Outgoing Queue Dir = /var/spool/exim/input/
> > > > > >     MTA = exim
> > > > > >     Sendmail = /usr/sbin/exim
> > > > > >     Sendmail2 = /usr/sbin/exim -C /etc/exim_scanned.conf
> > > > > >
> > > > > > Modified the file /etc/sysconfig/MailScanner
> > > > > >     EXIM=/usr/sbin/exim
> > > > > >     EXIMINCF=/etc/exim/exim.conf
> > > > > >     EXIMSENDCF=/etc/exim/exim_scanned.conf
> > > > > >
> > > > > > My two queue directories have the permissions of
> > > > > >     drwxr-x---   5 mailnull mail 4096 Jul 22  2004 exim/
> > > > > >     drwxr-x---   5 mailnull mail 4096 Nov 30 15:45
> exim_incoming/
> > > > > >
> > > > > >     (note:  I didn't touch the exim folder, just the
> > > > > > exim_incoming)
> > > > > >
> > > > > > Then I do a service exim stop and a service MailScanner start.
> > > > > >
> > > > > > The mail comes into /var/spool/exim_incoming but nothing
> > > > > > happens after that.  It just stacks up there.  If I stop
> > > > > > MailScanner, change back the exim.conf file, and start exim
> > > > > > mail flows as normal.  If I change the exim.conf file to only
> > > > > > specify a new spool directory everything works fine.  So I"m
> > > > > > pretty sure I have my queues set up
> > > > correctly.
> > > > > > Obviously though MailScanner doesn't scan the mail if I do that.
> > > > > >
> > > > > > Can someone tell me what I'm missing?
> > > > > >
> > > > > > Steve Evans
> > > > > > 805-756-7517
> > > > > >
> >
> >
> >
> > **********************************************************************
> >
> > This email and any files transmitted with it are confidential and
> > intended solely for the use of the individual or entity to whom they are
> addressed.
> > If you have received this email in error please notify the system
> manager.
> >
> > This footnote confirms that this email message has been swept for the
> > presence of computer viruses and is believed to be clean.
> >
> > **********************************************************************
> >
> > ------------------------ MailScanner list ------------------------ To
> > unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the
> > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> > Support MailScanner development - buy the book off the website!
> >
> > ------------------------ MailScanner list ------------------------ To
> > unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the
> > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> > Support MailScanner development - buy the book off the website!
> 
> 
> **********************************************************************
> 
> This email and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity to whom they are addressed.
> If you have received this email in error please notify the system manager.
> 
> This footnote confirms that this email message has been swept for the
> presence of computer viruses and is believed to be clean.
> 
> **********************************************************************
> 
> ------------------------ MailScanner list ------------------------ To
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and the
> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From boris.jordanov at GMAIL.COM  Mon Dec  5 09:51:10 2005
From: boris.jordanov at GMAIL.COM ([UTF-8] Boris Jordanov / Бори� Йорданов)
Date: Thu Jan 12 21:31:22 2006
Subject: MailScanner stoped working after PERL upgrade (I think so)
Message-ID: <mailman.17547.1137101482.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "UTF-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi MailScanners. Last night, after (i think so) a Perl upgrade to
perl-5.8.6-18 (Fedora Core 4, selinux disabled) MailScanner stoped
working. The setup is MailScanner+Postfix+SpamAssassin+Pyzor. For the
moment SpamAssassin+Pyzor are not active.
When I saw the problem I've upgraded MailScanner to 4.48.4-2(rpm) but no
change.
The mail makes it's way to the hold directory, and when it comes to
MailScanner (Debug=yes):

Can't call method "DropFromBatch" on unblessed reference at
/usr/lib/MailScanner/MailScanner/Postfix.pm

This is the one and only debug line and the proces dies. When
SpamAssassin is enabled there is much more output, but everything before
this line looks perfect.

Any ideas/help?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Mon Dec  5 10:04:15 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:22 2006
Subject: Viruses apparently getting through
Message-ID: <mailman.17548.1137101482.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 05/12/05, Gib Gilbertson Jr. <gib@tmisnet.com> wrote:
> Hi.
>
> At 10:23 AM 4/12/2005, you wrote:
>
> >I see you run FreeBSD, but seem to only run clamav... Consider adding
> >BitDefender too, and see what that gives on the specific troublesome
> >mails
> >(http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus:bitdefender:install#installing_on_freebsd)...
> >Unless you already have it, but haven't told us about that:-).
> >
>
> I have it now. Just installed it and it's already caught a virus that
> ClamAV missed. So now we shall see.
>
> Thanks for all the help
>
> gib
>
Ah, good. Having them in the quarantine definitely will  make it
easier to test why clamav isn't getting it... Assuming you do
quarantine infections....

Cheers
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Nicolas.Schmitz at EC-NANTES.FR  Mon Dec  5 10:48:19 2005
From: Nicolas.Schmitz at EC-NANTES.FR (Nicolas Schmitz)
Date: Thu Jan 12 21:31:22 2006
Subject: Files hidden in very deeply nested archive
Message-ID: <mailman.17549.1137101482.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Thanks Julian, it works.

Julian Field a écrit :

>-----BEGIN PGP SIGNED MESSAGE-----
>
>"Maximum Archive Depth" setting in MailScanner.conf.
>
>On 1 Dec 2005, at 09:12, Nicolas Schmitz wrote:
>
>  
>
>>Hello,
>>I have quite often false positive with "Files hidden in very deeply  
>>nested archive". Is there a setting I can change to avoid that ?
>>    
>>
>
>- -- 
>Julian Field
>www.MailScanner.info
>Buy the MailScanner book at www.MailScanner.info/store
>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGP Desktop 9.0.3 (Build 2932)
>
>iQEVAwUBQ47CAfw32o+k+q+hAQHevAgAh6k78AyF+yysOB1Z2UE5hlXSioUmDsFM
>CM7lOIithAj435+pF9+5EOBzwc6qE7ARSL7fxGkjfURVKGQzERn6mjXFMvnrA6Lp
>CiLo5tpa104Y+wfV0U3PbXMu7N2mQarsNuRTbbt7/Kcx+8FxkybWxe++tepkwo3w
>tvQ7aFE/Uc7hsNfVPFlhkX0PIg7gpjWyR9LbxqzGlud+sj8GoV/8BBjpMTJN00J/
>Ly23c0e18hxzXPDrxmCKMXeFVWSLRunvCSBP73VxIuy+UdPqtEh5Vi3W1nHcOJht
>skt21NIomjJnTb5lOcAdbGWGOi30NnyKc/vX/b1uIcI2E+MaKiBwMQ==
>=j7dd
>-----END PGP SIGNATURE-----
>
>  
>


-- 
Nicolas Schmitz

Centre de Ressources Informatiques 		
Ecole Centrale de Nantes                 	

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Mon Dec  5 11:32:37 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:22 2006
Subject: MailScanner stoped working after PERL upgrade (I think so)
Message-ID: <mailman.17550.1137101482.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "KOI8-R" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 05/12/05, Boris Jordanov / âÏÒÉÓ êÏÒÄÁÎÏ× <boris.jordanov@gmail.com> wrote:
> Hi MailScanners. Last night, after (i think so) a Perl upgrade to
> perl-5.8.6-18 (Fedora Core 4, selinux disabled) MailScanner stoped
> working. The setup is MailScanner+Postfix+SpamAssassin+Pyzor. For the
> moment SpamAssassin+Pyzor are not active.
> When I saw the problem I've upgraded MailScanner to 4.48.4-2(rpm) but no
> change.
> The mail makes it's way to the hold directory, and when it comes to
> MailScanner (Debug=yes):
>
> Can't call method "DropFromBatch" on unblessed reference at
> /usr/lib/MailScanner/MailScanner/Postfix.pm
>
> This is the one and only debug line and the proces dies. When
> SpamAssassin is enabled there is much more output, but everything before
> this line looks perfect.
>
> Any ideas/help?
>

Aside from the perl issue you seem to have, is the files in hold
really valid queue files (check with postcat)? That member sub will
only be invoked if it/they are not fully written.

Can't really say I have any ideas about the perl thing though (having
a "brain-fade-day" here:-).
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

From glenn.steen at GMAIL.COM  Mon Dec  5 12:00:16 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:22 2006
Subject: MailScanner stoped working after PERL upgrade (I think so)
Message-ID: <mailman.17551.1137101482.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "KOI8-R" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 05/12/05, Glenn Steen <glenn.steen@gmail.com> wrote:
> On 05/12/05, Boris Jordanov / âÏÒÉÓ êÏÒÄÁÎÏ× <boris.jordanov@gmail.com> wrote:
> > Hi MailScanners. Last night, after (i think so) a Perl upgrade to
> > perl-5.8.6-18 (Fedora Core 4, selinux disabled) MailScanner stoped
> > working. The setup is MailScanner+Postfix+SpamAssassin+Pyzor. For the
> > moment SpamAssassin+Pyzor are not active.
> > When I saw the problem I've upgraded MailScanner to 4.48.4-2(rpm) but no
> > change.
> > The mail makes it's way to the hold directory, and when it comes to
> > MailScanner (Debug=yes):
> >
> > Can't call method "DropFromBatch" on unblessed reference at
> > /usr/lib/MailScanner/MailScanner/Postfix.pm
> >
> > This is the one and only debug line and the proces dies. When
> > SpamAssassin is enabled there is much more output, but everything before
> > this line looks perfect.
> >
> > Any ideas/help?
> >
>
> Aside from the perl issue you seem to have, is the files in hold
> really valid queue files (check with postcat)? That member sub will
> only be invoked if it/they are not fully written.
>
> Can't really say I have any ideas about the perl thing though (having
> a "brain-fade-day" here:-).

As said, I'm having a brain-fade-day, but don't those calls need be
"$meddage->{DropFromBatch}();"?

--
-- Glenn (with a terrible cold, feeling exceptionally dense...:)
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

From glenn.steen at GMAIL.COM  Mon Dec  5 12:01:59 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:23 2006
Subject: MailScanner stoped working after PERL upgrade (I think so)
Message-ID: <mailman.17552.1137101482.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 05/12/05, Glenn Steen <glenn.steen@gmail.com> wrote:
(snip)
> As said, I'm having a brain-fade-day, but don't those calls need be
> "$meddage->{DropFromBatch}();"?
Now this is a _really_ bad cold, it even affects my typing...
"meddage" should be "message", of course:-).

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From boris.jordanov at GMAIL.COM  Mon Dec  5 12:27:28 2005
From: boris.jordanov at GMAIL.COM ([UTF-8] Boris Jordanov / Бори� Йорданов)
Date: Thu Jan 12 21:31:23 2006
Subject: MailScanner stoped working after PERL upgrade (I think so)
Message-ID: <mailman.17553.1137101483.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "UTF-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Glenn Steen wrote:
> On 05/12/05, Glenn Steen <glenn.steen@gmail.com> wrote:
> (snip)
> 
>>As said, I'm having a brain-fade-day, but don't those calls need be
>>"$meddage->{DropFromBatch}();"?

postcat parsed the two files in the hold directory with no
errors/complains/... I think they are valid.

$message{DropFromBatch}(); produces


Can't use string ("") as a subroutine ref while "strict refs" in use at
/usr/lib/MailScanner/MailScanner/Postfix.pm line 332

argh...

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Mon Dec  5 12:39:58 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:23 2006
Subject: MailScanner stoped working after PERL upgrade (I think so)
Message-ID: <mailman.17554.1137101483.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "KOI8-R" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 05/12/05, Boris Jordanov / âÏÒÉÓ êÏÒÄÁÎÏ× <boris.jordanov@gmail.com> wrote:
> Glenn Steen wrote:
> > On 05/12/05, Glenn Steen <glenn.steen@gmail.com> wrote:
> > (snip)
> >
> >>As said, I'm having a brain-fade-day, but don't those calls need be
> >>"$meddage->{DropFromBatch}();"?
>
> postcat parsed the two files in the hold directory with no
> errors/complains/... I think they are valid.
>
> $message{DropFromBatch}(); produces
>
>
> Can't use string ("") as a subroutine ref while "strict refs" in use at
> /usr/lib/MailScanner/MailScanner/Postfix.pm line 332
>
> argh...
>
Hm, somethings strange... The lines arount 332 is
    # If the data offset is 0 then Postfix definitely hasn't finished
    # writing the message.
    unless ($DataOffset+0 > 10) { # 10 == arbitrary small number
      $message->DropFromBatch();
      return 0;
    }

.... Hm, is the "$message{DropFromBatch}();" without the "->" in the
code too? Oh well, I can't seem to think straight, so... Better hope
someone with a clearer head sees this.... I'm probably just being
incredibly dense ATM:-):-)

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

From brose at MED.WAYNE.EDU  Mon Dec  5 13:13:51 2005
From: brose at MED.WAYNE.EDU (Rose, Bobby)
Date: Thu Jan 12 21:31:23 2006
Subject: MailScanner Rules question
Message-ID: <mailman.17555.1137101483.24926.mailscanner@lists.mailscanner.info>

Is there a Not ability?  For example, this whitelist sample rule would
read that anymessage that is from example.com "and" from 127.0.0.1 would
be whitelisted
From:   /[\@\.]examlpe\.com$/ and From: 127.0.0.1    yes
Could an opposite be written for the blacklist that says anything from
example.com and Not From 127.0.0.1 should be blacklisted?  I'm tired of
hearing from people about stupid virus generated messages from
webmaster@med.wayne.edu that don't have a payload and would like to see
if I can drop such messages as high scoring spam since I can't reject
webmaster mail.
 
Thanks
-=Bobby

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From martinh at SOLID-STATE-LOGIC.COM  Mon Dec  5 13:28:00 2005
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:31:23 2006
Subject: MailScanner Rules question
Message-ID: <mailman.17556.1137101483.24926.mailscanner@lists.mailscanner.info>

Bobby

Given the way MS 'fires' the rules in order you should be able to use...



From: webmaster@med.wayne.edu AND From: 127.0.0.1 no
From: webmaster@med.wayne.edu yes
FromOrTo:	default  no

In your case if emails from webmail@ and localhost will hit the rule first
and NOT be blacklisted. Any other from webmaster@ will hit line 2 and be
classed as spam, and lastly the default action with fire it the email
doesn't match the first two lines.

Actually this is pretty cool. I'm off to try this myself.

--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Rose, Bobby
> Sent: 05 December 2005 13:14
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: [MAILSCANNER] MailScanner Rules question
> 
> Is there a Not ability?  For example, this whitelist sample rule would
> read that anymessage that is from example.com "and" from 127.0.0.1 would
> be whitelisted
> From:   /[\@\.]examlpe\.com$/ and From: 127.0.0.1    yes
> 
> Could an opposite be written for the blacklist that says anything from
> example.com and Not From 127.0.0.1 should be blacklisted?  I'm tired of
> hearing from people about stupid virus generated messages from
> webmaster@med.wayne.edu that don't have a payload and would like to see if
> I can drop such messages as high scoring spam since I can't reject
> webmaster mail.
> 
> Thanks
> -=Bobby
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!



**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ebruce at HPMICH.COM  Mon Dec  5 14:41:30 2005
From: ebruce at HPMICH.COM (Ed Bruce)
Date: Thu Jan 12 21:31:23 2006
Subject: New feature: "Reject Message"
Message-ID: <mailman.17557.1137101483.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Scott Silva wrote:
>
> Hats off to you! And a great big thank you!
>
> If the PTB's don't spring for the book by the first of the year, I am
> just going to break down and buy it myself!
>
>
>   

I just went purchased my 2nd copy instead of trying to get my PHB to pay 
for it. Sometimes its just easier.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Mon Dec  5 14:44:07 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:23 2006
Subject: MailScanner stoped working after PERL upgrade (I think so)
Message-ID: <mailman.17558.1137101483.24926.mailscanner@lists.mailscanner.info>

It didn't give you a line number did it?
And what does the end of the maillog look like when it's just bombed  
out with this?

And does this patch to Postfix.pm fix the problem?


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 1.2, Application/X-GZIP  736bytes. ]
    [ Unable to print this part. ]


    [ Part 1.3: "Attached Text" ]

    [ The following text is in the "UTF-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]


On 5 Dec 2005, at 09:51, Boris Jordanov / Ð^ÑоÑ^ÀиÑ^Á Ð^ÙоÑ^Àданов  
wrote:

> Hi MailScanners. Last night, after (i think so) a Perl upgrade to
> perl-5.8.6-18 (Fedora Core 4, selinux disabled) MailScanner stoped
> working. The setup is MailScanner+Postfix+SpamAssassin+Pyzor. For the
> moment SpamAssassin+Pyzor are not active.
> When I saw the problem I've upgraded MailScanner to 4.48.4-2(rpm)  
> but no
> change.
> The mail makes it's way to the hold directory, and when it comes to
> MailScanner (Debug=yes):
>
> Can't call method "DropFromBatch" on unblessed reference at
> /usr/lib/MailScanner/MailScanner/Postfix.pm
>
> This is the one and only debug line and the proces dies. When
> SpamAssassin is enabled there is much more output, but everything  
> before
> this line looks perfect.
>
> Any ideas/help?
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, Application/PGP-SIGNATURE  498bytes. ]
    [ Unable to print this part. ]


From boris.jordanov at GMAIL.COM  Mon Dec  5 14:49:47 2005
From: boris.jordanov at GMAIL.COM ([UTF-8] Boris Jordanov / Бори� Йорданов)
Date: Thu Jan 12 21:31:23 2006
Subject: MailScanner stoped working after PERL upgrade (I think so)
Message-ID: <mailman.17559.1137101483.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "UTF-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:
> It didn't give you a line number did it?
> And what does the end of the maillog look like when it's just bombed 
> out with this?
> 
> And does this patch to Postfix.pm fix the problem?
> 
Sorry, my fault. The error is at line 332. I'll check the patch.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From boris.jordanov at gmail.com  Mon Dec  5 15:05:21 2005
From: boris.jordanov at gmail.com ([UTF-8] Boris Jordanov / Бори� Йорданов)
Date: Thu Jan 12 21:31:23 2006
Subject: MailScanner stoped working after PERL upgrade (I think so)
Message-ID: <mailman.17560.1137101483.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "UTF-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:
> It didn't give you a line number did it?
> And what does the end of the maillog look like when it's just bombed 
> out with this?
> 
> And does this patch to Postfix.pm fix the problem?

After the patch:

/var/log/maillog

Dec  5 16:58:52 im MailScanner[9011]: MailScanner E-Mail Virus Scanner
version 4.48.4 starting...
Dec  5 16:58:53 im MailScanner[9011]: Read 683 hostnames from the
phishing whitelist
Dec  5 16:58:53 im MailScanner[9011]: lock.pl sees Config  LockType =  flock
Dec  5 16:58:53 im MailScanner[9011]: lock.pl sees have_module =  0
Dec  5 16:58:53 im MailScanner[9011]: Using locktype = flock

And nothing more, the second MailScanner process does not start

[root@im MailScanner]# service MailScanner restart
Shutting down MailScanner daemons:
         MailScanner:                                      [FAILED]
         incoming postfix:                                 [  OK  ]
         outgoing postfix:                                 [  OK  ]
Starting MailScanner daemons:
         incoming postfix:                                 [  OK  ]
         outgoing postfix:                                 [  OK  ]
         MailScanner:       In Debugging mode, not forking...

The same here. This time no error messages, but the mail is not
checked/delivered.

[root@im MailScanner]# ll /var/spool/postfix/hold/
total 8
-rwx------  1 postfix postfix 1130 Dec  5 16:54 09E3416FBD
-rwx------  1 postfix postfix 2101 Dec  5 14:51 7392E16FD4

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Mon Dec  5 15:20:40 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:23 2006
Subject: MailScanner stoped working after PERL upgrade (I think so)
Message-ID: <mailman.17561.1137101483.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "UTF-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----

On 5 Dec 2005, at 15:05, Boris Jordanov / Ð^ÑоÑ^ÀиÑ^Á Ð^ÙоÑ^Àданов  
wrote:
> Julian Field wrote:
>> It didn't give you a line number did it?
>> And what does the end of the maillog look like when it's just bombed
>> out with this?
>>
>> And does this patch to Postfix.pm fix the problem?
>
> After the patch:
>
> /var/log/maillog
>
> Dec  5 16:58:52 im MailScanner[9011]: MailScanner E-Mail Virus Scanner
> version 4.48.4 starting...
> Dec  5 16:58:53 im MailScanner[9011]: Read 683 hostnames from the
> phishing whitelist
> Dec  5 16:58:53 im MailScanner[9011]: lock.pl sees Config  LockType  
> =  flock
> Dec  5 16:58:53 im MailScanner[9011]: lock.pl sees have_module =  0
> Dec  5 16:58:53 im MailScanner[9011]: Using locktype = flock
>
> And nothing more, the second MailScanner process does not start
>
> [root@im MailScanner]# service MailScanner restart
> Shutting down MailScanner daemons:
>          MailScanner:                                      [FAILED]
>          incoming postfix:                                 [  OK  ]
>          outgoing postfix:                                 [  OK  ]
> Starting MailScanner daemons:
>          incoming postfix:                                 [  OK  ]
>          outgoing postfix:                                 [  OK  ]
>          MailScanner:       In Debugging mode, not forking...
>
> The same here. This time no error messages, but the mail is not
> checked/delivered.
>
> [root@im MailScanner]# ll /var/spool/postfix/hold/
> total 8
> -rwx------  1 postfix postfix 1130 Dec  5 16:54 09E3416FBD
> -rwx------  1 postfix postfix 2101 Dec  5 14:51 7392E16FD4

Just before line 332 of Postfix.pm, there are 4 "print STDERR" lines.  
Please uncomment these lines (remove the # from the start of the  
line), and run MailScanner in Debug=yes mode. This should make it  
print a bunch of numbers, please show me what it prints.
- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBQ5Rayvw32o+k+q+hAQEhnAgAvCqrUGI7pnNzH1Hww1y85JFLh6K13VxX
yB62RPO1QKEzT/5fjj6lpRPvjOzLknBSPA0g7E2mp5NNNdEiCjs+3P2ZVvfQqvqF
K3o1SNQpA0lXPvKk5YYgom50Pn1lG30z9N1/G93M6y7Jfpdqs9JcvpeQloYi4iSC
4RGwyDoCaQpdQ74I2WoOjJwAP63By6el/IYWw5IDqz+HM4xxX/Q4DYzUdGS9BBME
TTwchDqHkO1KAwhh5cEDTQ95Gy1AasF6f2jfR9IOK2cpyU59T9n3nmtN88kprOnU
5TUva1f7gf91uXNy5gdvjcxmYEYF2kof+amv9dUHIEqiVwS8vUqhmQ==
=xntA
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Mon Dec  5 15:19:55 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:23 2006
Subject: MailScanner stoped working after PERL upgrade (I think so)
Message-ID: <mailman.17562.1137101483.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "KOI8-R" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 05/12/05, Boris Jordanov / âÏÒÉÓ êÏÒÄÁÎÏ× <boris.jordanov@gmail.com> wrote:
> Julian Field wrote:
> > It didn't give you a line number did it?
> > And what does the end of the maillog look like when it's just bombed
> > out with this?
> >
> > And does this patch to Postfix.pm fix the problem?
>
> After the patch:
>
> /var/log/maillog
>
> Dec  5 16:58:52 im MailScanner[9011]: MailScanner E-Mail Virus Scanner
> version 4.48.4 starting...
> Dec  5 16:58:53 im MailScanner[9011]: Read 683 hostnames from the
> phishing whitelist
> Dec  5 16:58:53 im MailScanner[9011]: lock.pl sees Config  LockType =  flock
> Dec  5 16:58:53 im MailScanner[9011]: lock.pl sees have_module =  0
> Dec  5 16:58:53 im MailScanner[9011]: Using locktype = flock
>
> And nothing more, the second MailScanner process does not start
>
> [root@im MailScanner]# service MailScanner restart
> Shutting down MailScanner daemons:
>          MailScanner:                                      [FAILED]
>          incoming postfix:                                 [  OK  ]
>          outgoing postfix:                                 [  OK  ]
> Starting MailScanner daemons:
>          incoming postfix:                                 [  OK  ]
>          outgoing postfix:                                 [  OK  ]
>          MailScanner:       In Debugging mode, not forking...
>
> The same here. This time no error messages, but the mail is not
> checked/delivered.
>
> [root@im MailScanner]# ll /var/spool/postfix/hold/
> total 8
> -rwx------  1 postfix postfix 1130 Dec  5 16:54 09E3416FBD
> -rwx------  1 postfix postfix 2101 Dec  5 14:51 7392E16FD4
>

And if you send another mail through, that "gets stuck" in hold too?
If the content of the mails aren't sensitive, you'd best send one (or
both) to Jules for inspection... As stated in the comments to line
332, these are (for some reason) deduced as "not fully written (by
postfix)".

Did you only update perl, or did PF get updated too?

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

From boris.jordanov at GMAIL.COM  Mon Dec  5 15:32:51 2005
From: boris.jordanov at GMAIL.COM ([UTF-8] Boris Jordanov / Бори� Йорданов)
Date: Thu Jan 12 21:31:23 2006
Subject: MailScanner stoped working after PERL upgrade (I think so)
Message-ID: <mailman.17563.1137101483.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "UTF-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:
...
> Just before line 332 of Postfix.pm, there are 4 "print STDERR" lines.  
> Please uncomment these lines (remove the # from the start of the  
> line), and run MailScanner in Debug=yes mode. This should make it  
> print a bunch of numbers, please show me what it prints.

[root@im MailScanner]# ll /var/spool/postfix/hold/
total 4
-rwx------  1 postfix postfix 985 Dec  5 17:26 459D616FBD

[root@im MailScanner]# service MailScanner restart
Shutting down MailScanner daemons:
         MailScanner:                                      [FAILED]
         incoming postfix:                                 [  OK  ]
         outgoing postfix:                                 [  OK  ]
Starting MailScanner daemons:
         incoming postfix:                                 [  OK  ]
         outgoing postfix:                                 [  OK  ]
         MailScanner:       In Debugging mode, not forking...
MsgContSize=459 DataOffset=0 NumRecips=0
Content size = 459
Data offset  = 0
Num Recips   = 0
Can't call method "DropFromBatch" on unblessed reference at
/usr/lib/MailScanner/MailScanner/Postfix.pm line 332.
                                                           [  OK  ]

The update last night was perl, perl-MailTools (not sure, i should see
if I can find the logwatch report) and almost sure - not postfix.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, Application/OCTET-STREAM (Name: "459D616FBD")  1.3KB. ]
    [ Unable to print this part. ]


From brose at MED.WAYNE.EDU  Mon Dec  5 15:37:10 2005
From: brose at MED.WAYNE.EDU (Rose, Bobby)
Date: Thu Jan 12 21:31:23 2006
Subject: MailScanner Rules question
Message-ID: <mailman.17564.1137101483.24926.mailscanner@lists.mailscanner.info>

Ok that seems workable.

Added to blacklist ruleset where x.x.x.x is our netblock
From:	webmaster@med.wayne.edu and From: x.x.x.x        no
From: webmaster@med.wayne.edu         yes

Added to spam actions ruleset
From:   webmaster@med.wayne.edu and From: x.x.x.x     deliver

From:   webmaster@med.wayne.edu         delete

I noticed that whitelist ruleset does trump because I had set x.x.x.x to
specific IP but because I also had a netblock rule in the whitelist
ruleset the messages were still being whitelisted regardless of what IP
address (in our netblock) the webmaster message came from.  Since most
of this junk is coming from outside our network, then setting it so only
webmaster mails can come from machines in our netblock should be ok. 

-=Bobby

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of Martin Hepworth
Sent: Monday, December 05, 2005 8:28 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: MailScanner Rules question

Bobby

Given the way MS 'fires' the rules in order you should be able to use...



From: webmaster@med.wayne.edu AND From: 127.0.0.1 no
From: webmaster@med.wayne.edu yes
FromOrTo:	default  no

In your case if emails from webmail@ and localhost will hit the rule
first and NOT be blacklisted. Any other from webmaster@ will hit line 2
and be classed as spam, and lastly the default action with fire it the
email doesn't match the first two lines.

Actually this is pretty cool. I'm off to try this myself.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On 
> Behalf Of Rose, Bobby
> Sent: 05 December 2005 13:14
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: [MAILSCANNER] MailScanner Rules question
> 
> Is there a Not ability?  For example, this whitelist sample rule would

> read that anymessage that is from example.com "and" from 127.0.0.1 
> would be whitelisted
> From:   /[\@\.]examlpe\.com$/ and From: 127.0.0.1    yes
> 
> Could an opposite be written for the blacklist that says anything from

> example.com and Not From 127.0.0.1 should be blacklisted?  I'm tired 
> of hearing from people about stupid virus generated messages from 
> webmaster@med.wayne.edu that don't have a payload and would like to 
> see if I can drop such messages as high scoring spam since I can't 
> reject webmaster mail.
> 
> Thanks
> -=Bobby
> 
> ------------------------ MailScanner list ------------------------ To 
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and the 
> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!



**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please notify the
system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Mon Dec  5 16:21:33 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:23 2006
Subject: Why is MS doing spam checks first?
Message-ID: <mailman.17565.1137101483.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Remco Barendse spake the following on 12/2/2005 8:41 PM:
> On Sat, 3 Dec 2005, Kai Schaetzl wrote:
> 
>> Remco Barendse wrote on         Fri, 2 Dec 2005 18:56:41 +0100:
>>
>>> Unfortunately, in my case I also have batched SMTP from my provider.
>>> This
>>> means that any mail that is not deliverable directly to one of the mail
>>> servers, it is queued by my provider.
>>
>>
>> You mean, the mail is delivered from your ISP to you instead of
>> directly? If
>> you have a static IP and connected 24/7 to the net I'd change this.
>> Obviously
>> you are better off if you can just reject all those viruses instead of
>> taking
>> them from your ISP.
> 
> 
> Yes, they are backing up / queuing mail when our mail servers would be
> offline. It's a thing from the past actually, something that was in use
> when there was still dial-up internet and dsl connections were flakey.
> 
>>> Right now one box (an Athlon XP2600 with 1 Gb of ram and max 2
>>> MailScanner
>>> threads) is getting hammered with virii. It's taking up to 10K virus
>>> mails
>>> per day now (normal volume is 100-200 mails per day on that 2nd in
>>> line box).
>>
>>
>> You need more than 2 MailScanner processes for this, go to 5 or more.
>> Your
>> RAM is enough for that unless something else is hogging memory.
>> If you can't get mail to you directly the only choice you have is to
>> avoid
>> processing as much as possible. F.i. if many viruses go to non-existent
>> addresses because of catch-alls remove the catch-alls. Drop sa
>> scanning for
>> the time being. And complain to your upstream ISP.
> 
> 
> I tried, but as soon as I increase the number of MailScanner processes I
> start getting these annoying SpamAss timeouts resulting in spam slipping
> through (which is really infuriating me because it would have been
> killed otherwise). Without SA in between the box handles 5 processes
> easily, it's SA that starts to be difficult. (The box is only handling
> mail, nothing else).
> 
> If all mails get filtered through SA+MS I have only 2-3 spam mails per
> WEEK slipping through (for the whole company!).
> 
> That's why I thought it would be nifty if the scanning order would be
> user settable. I know that I will never get more mail than this but
> virusscanning first could take out the really nasty peaks in traffic we
> are seeing now.
> 
> Remco
> 
You could try clamav-milter if you run sendmail to pre-screen for
viruses, and then let mailscanner handle any that slip through because
of the occasional failure of a single virus scanner.


-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mkettler at EVI-INC.COM  Mon Dec  5 16:46:03 2005
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:31:23 2006
Subject: GreyListing experiences
Message-ID: <mailman.17566.1137101483.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Kai Schaetzl wrote:
> Matt Kettler wrote on         Fri, 2 Dec 2005 11:30:08 -0500:
> 
> 
>>Important question: Why are you restarting milter-greylist? 
> 
> 
> Important answer: because I'm used to. The other milter I have been using for a 
> long time on other machines has to be restarted for every config change and there 
> is no problem with sendmail when I do this.
> 
> Yeah, I understand now that I don't need to restart or reload milter-greylist. 
> Thank you all :-)
> 
> Where's the best location to discuss milter-greylist? comp.mail.sendmail? A 
> search on groups.google mainly lists cvs commits, but only a few "real" 
> discussions.
> 

milter-greylist has a yahoo groups based mailing list.

http://groups.yahoo.com/group/milter-greylist/

Among other things, the author actually reads/posts there, as do I.

The list volume is a bit low, but discussion is the usual mix of config
problems/bugs/feature suggestions/test patches.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Mon Dec  5 16:47:12 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:23 2006
Subject: Block SOBER at MTA (postfix)
Message-ID: <mailman.17567.1137101483.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field spake the following on 12/4/2005 7:49 AM:
> Drew Marshall wrote:
> 
>> On 4 Dec 2005, at 11:22, Dhawal Doshy wrote:
>>
>>> Hello All,
>>> A simple body check in postfix will reject all sober.u mails.  Create
>>> a file
>>> /etc/postfix/virus_body_checks with this content:
>>> /
>>> ^UEsDBAoAAAAAAACQdjPMyus3XtgAAF7YAAAYAAAARmlsZS1wYWNrZWRfZGF0YUluZm8uZ
>>> XhlTV qQ/
>>>       REJECT VIRUS (W32/Sober.U@MM)
>>
>>
>>
>> Nice. Smart way to prevent MailScanner swamping as Remco is 
>> experiencing.
>>
>>> OR download it from here..
>>> http://mx2.netmagicians.com/virus_body_checks
>>> And add this to your /etc/postfix/main.cf
>>> body_checks = regexp:/etc/postfix/virus_body_checks
>>> The string UEsDBAoAAAAAAA.... is the first mime encoded line of the 
>>> sober.u variant. This works well for sober but no 100% strike rate 
>>> (yet) for netsky.
>>> Going forward (if the interest exists) i think we ought to maintain 
>>> this for all supported MTAs and all (possible) new virus outbreaks.
>>
>>
>>
>> Agreed. Perhaps we can lift some of the regex's from the Clam virus 
>> definitions? I have no idea how possible this is/ maybe... 
> 
> 
> This sounds remarkably like you are trying to make a virus scanner of
> your own. You better be sure this is really the sort of thing you want
> to take on as a project. You'll have users wanting signatures very
> quickly and stuff like that, before you know where you are.
> Personally I would steer well clear of it, and try out various ways of
> deploying ClamAV at MTA level if that's what you want to achieve.
> Just my 2p worth...
> 
Julian is right on the money! Any paid programmer knows that if you
touch it once, you support it forever.



-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Mon Dec  5 17:03:47 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:23 2006
Subject: MailScanner stoped working after PERL upgrade (I think so)
Message-ID: <mailman.17568.1137101483.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "UTF-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----


On 5 Dec 2005, at 15:32, Boris Jordanov / Ð^ÑоÑ^ÀиÑ^Á Ð^ÙоÑ^Àданов  
wrote:

> Julian Field wrote:
> ...
>> Just before line 332 of Postfix.pm, there are 4 "print STDERR" lines.
>> Please uncomment these lines (remove the # from the start of the
>> line), and run MailScanner in Debug=yes mode. This should make it
>> print a bunch of numbers, please show me what it prints.
>
> [root@im MailScanner]# ll /var/spool/postfix/hold/
> total 4
> -rwx------  1 postfix postfix 985 Dec  5 17:26 459D616FBD
>
> [root@im MailScanner]# service MailScanner restart
> Shutting down MailScanner daemons:
>          MailScanner:                                      [FAILED]
>          incoming postfix:                                 [  OK  ]
>          outgoing postfix:                                 [  OK  ]
> Starting MailScanner daemons:
>          incoming postfix:                                 [  OK  ]
>          outgoing postfix:                                 [  OK  ]
>          MailScanner:       In Debugging mode, not forking...
> MsgContSize=459 DataOffset=0 NumRecips=0
> Content size = 459
> Data offset  = 0
> Num Recips   = 0
> Can't call method "DropFromBatch" on unblessed reference at
> /usr/lib/MailScanner/MailScanner/Postfix.pm line 332.

Data offset = 0 implies a broken message. What version of Postfix are  
you using now? Wouldn't be surprised if Wietse has changed Postfix  
again to break MailScanner.
Does it work okay on other messages, is it just this one?

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBQ5Ry9fw32o+k+q+hAQGaqAf/dLotXnSDKRtuDjHh8iM1xfxFpf4VSEtZ
UaioOXENDSqM0rIdaPHkZ4wijfWOZfyxsWu2qeWZ++OJJA7bqaDaQgeRmtkB4K7t
oGwPGjekEkMFwpCoC3rgMgrl3wLF0FJ1v5+59ssjLk7X3CT/VFZXYjrLFzhbKIVc
F38W87fHPMtUgE8uVovdoYmY6akMZBrAFK3WHdKAjnN+3XJJ/80tJ7/3yA0O48KY
0mkNqt5Pz9K6c4438DSUMmhZBnx0dXf2E4Gd51gURXXgcNrTQ4Cak+k3J/IrpYC5
Hq49tXF8L3P7oXg0JHopbmGtxfdJRXIEmrpgqM7K0L0rh+LRPHB02g==
=yDqX
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dhawal at NETMAGICSOLUTIONS.COM  Mon Dec  5 17:15:07 2005
From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy)
Date: Thu Jan 12 21:31:23 2006
Subject: Block SOBER at MTA (postfix)
Message-ID: <mailman.17569.1137101483.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Scott Silva wrote:
> Julian Field spake the following on 12/4/2005 7:49 AM:
> 
>>Drew Marshall wrote:
>>
>>>On 4 Dec 2005, at 11:22, Dhawal Doshy wrote:
>>>
>>>>Hello All,
>>>>A simple body check in postfix will reject all sober.u mails.  Create
>>>>a file
>>>>/etc/postfix/virus_body_checks with this content:
>>>
>>>Nice. Smart way to prevent MailScanner swamping as Remco is 
>>>experiencing.
>>>
>>>
[snip]
>>>>Going forward (if the interest exists) i think we ought to maintain 
>>>>this for all supported MTAs and all (possible) new virus outbreaks.
>>>
>>>Agreed. Perhaps we can lift some of the regex's from the Clam virus 
>>>definitions? I have no idea how possible this is/ maybe... 
>>
>>This sounds remarkably like you are trying to make a virus scanner of
>>your own. You better be sure this is really the sort of thing you want
>>to take on as a project. You'll have users wanting signatures very
>>quickly and stuff like that, before you know where you are.
>>Personally I would steer well clear of it, and try out various ways of
>>deploying ClamAV at MTA level if that's what you want to achieve.
>>Just my 2p worth...
>>
> 
> Julian is right on the money! Any paid programmer knows that if you
> touch it once, you support it forever.

As Drew mentioned, this is NOT supposed to replace a real AV but at the
same time i'd like having a feature where viruses are rejected without
much processing power. Plugging in an AV at the MTA is not such a great 
idea (no bandwidth savings and no decrease in resource usage).

What i was not sure about is when do these body checks take place.

a. Mail is almost accepted / rejected (just before 250 OK / 550 REJECT)
and then rejected in which case there is no substantial bandwidth 
saving. This is not the case as per the postfix-users list.
b. Rejected as soon as the offending MIME line is found, this is done
using the body_checks_size_limit (default 51200) in postfix. This is 
what really happens (see postfix ain't so bad after all).

I have a significant benefit (decrease in bandwidth and resource usage) 
in doing these checks, if someone benefits from this as well great!! but 
i completely agree in NOT converting this in to a project but rather 
continuing on a per incident basis in case of severe viral outbreaks and 
let MailScanner handle regular non-PITA/N worms (so any volunteers? :) ).

- dhawal

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dhawal at NETMAGICSOLUTIONS.COM  Mon Dec  5 17:34:57 2005
From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy)
Date: Thu Jan 12 21:31:23 2006
Subject: Block SOBER at MTA (postfix)
Message-ID: <mailman.17570.1137101483.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Dhawal Doshy wrote:
>>>>> Hello All,
>>>>> A simple body check in postfix will reject all sober.u mails.  Create
>>>>> a file
>>>>> /etc/postfix/virus_body_checks with this content:
>>>
>>> This sounds remarkably like you are trying to make a virus scanner of
>>> your own. You better be sure this is really the sort of thing you want
>>> to take on as a project. You'll have users wanting signatures very
>>> quickly and stuff like that, before you know where you are.
>>> Personally I would steer well clear of it, and try out various ways of
>>> deploying ClamAV at MTA level if that's what you want to achieve.
>>> Just my 2p worth...
>>
>> Julian is right on the money! Any paid programmer knows that if you
>> touch it once, you support it forever.

> b. Rejected as soon as the offending MIME line is found, this is done
> using the body_checks_size_limit (default 51200) in postfix. This is 
> what really happens (see postfix ain't so bad after all).

Replying to myself, how remarkable.. there are no bandwidth savings 
except for the bandwidth saved in rejecting rather than bouncing (not 
that i do) the virus. This was just confirmed by one of the co-authors 
of postfix.

==
the whole message is received over the network before the response to 
"." is sent.
==

The reduction in resource usage continues to be there (unless i reply to 
myself again)

- dhawal

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From boris.jordanov at GMAIL.COM  Mon Dec  5 17:42:15 2005
From: boris.jordanov at GMAIL.COM ([ISO-8859-5] Boris Jordanov / ±ÞàØá ¹ÞàÔÐÝÞÒ)
Date: Thu Jan 12 21:31:23 2006
Subject: MailScanner stoped working after PERL upgrade (I think so)
Message-ID: <mailman.17571.1137101483.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

2005/12/5, Julian Field <MailScanner@ecs.soton.ac.uk>:

>
> Data offset = 0 implies a broken message. What version of Postfix are
> you using now? Wouldn't be surprised if Wietse has changed Postfix
> again to break MailScanner.
> Does it work okay on other messages, is it just this one?

postfix 2.2.2-2

No, it fails no matter what the message is :(

Can it be the Perl-MailTools? Is the routine that... processes
messages internal to MS or external?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From drew at THEMARSHALLS.CO.UK  Mon Dec  5 17:12:34 2005
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:31:23 2006
Subject: MailScanner stoped working after PERL upgrade (I
Message-ID: <mailman.17572.1137101483.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On Mon, December 5, 2005 17:03, Julian Field wrote:
> Wouldn't be surprised if Wietse has changed Postfix
> again to break MailScanner.

As if the nice man would do such a thing ;-) (Or at least deliberately!)

Drew


-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From drew at THEMARSHALLS.CO.UK  Mon Dec  5 17:52:04 2005
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:31:23 2006
Subject: Block SOBER at MTA (postfix)
Message-ID: <mailman.17573.1137101483.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On Mon, December 5, 2005 17:15, Dhawal Doshy wrote:
> As Drew mentioned, this is NOT supposed to replace a real AV but at the
> same time i'd like having a feature where viruses are rejected without
> much processing power. Plugging in an AV at the MTA is not such a great
> idea (no bandwidth savings and no decrease in resource usage).

Oh, I don't know. If you plug in the clamAV scanner in the right place...

If you use before queue scanning as described here
http://www.postfix.org/SMTPD_PROXY_README.html and set up the SMTP clam
scanner as per here http://memberwebs.com/nielsen/software/clamsmtp/ you
will save bandwidth as you can get Postfix to reject the mail at SMTP
stage

but it won't save processing in the same way as a decent MIME/ header/
body check will do.

>
> What i was not sure about is when do these body checks take place.
>
> a. Mail is almost accepted / rejected (just before 250 OK / 550 REJECT)
> and then rejected in which case there is no substantial bandwidth
> saving. This is not the case as per the postfix-users list.
> b. Rejected as soon as the offending MIME line is found, this is done
> using the body_checks_size_limit (default 51200) in postfix. This is
> what really happens (see postfix ain't so bad after all).
>
> I have a significant benefit (decrease in bandwidth and resource usage)
> in doing these checks, if someone benefits from this as well great!! but
> i completely agree in NOT converting this in to a project but rather
> continuing on a per incident basis in case of severe viral outbreaks and
> let MailScanner handle regular non-PITA/N worms (so any volunteers? :) ).

Not being smart enough to do this (Reliably) I'll gracefully back away.

It should also be remembered that you should consider what/ who you will
be '550ing' and take suitable steps. For example one of my boxes relays
for another Internet connected box, which also happens to serve another
domain. The incoming mail is swept for viruses after this box relays to me
so I receive 'unclean' mail from it and clean it before delivery. In this
instance it is of no benefit to bounce this mail as it would just generate
virus laden bounce messages from the incoming server (Who has, after all,
accepted the message). Rather than remove the problem it adds to it (And
possibly creates a Joe Job for some poor domain owner else where on the
Internet). In this instance, I would rather take the bandwidth hit and
just send those messages to the bit bucket to no longer pester the world.

Drew


-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From drew at THEMARSHALLS.CO.UK  Mon Dec  5 18:02:15 2005
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:31:23 2006
Subject: Block SOBER at MTA (postfix)
Message-ID: <mailman.17574.1137101483.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On Mon, December 5, 2005 17:52, Drew Marshall wrote:
> On Mon, December 5, 2005 17:15, Dhawal Doshy wrote:
>> As Drew mentioned, this is NOT supposed to replace a real AV but at the
>> same time i'd like having a feature where viruses are rejected without
>> much processing power. Plugging in an AV at the MTA is not such a great
>> idea (no bandwidth savings and no decrease in resource usage).
>
> Oh, I don't know. If you plug in the clamAV scanner in the right place...
>
Replying to one's self, it's something to do with Postfix users. How sad...

> If you use before queue scanning as described here
> http://www.postfix.org/SMTPD_PROXY_README.html and set up the SMTP clam
> scanner as per here http://memberwebs.com/nielsen/software/clamsmtp/ you
> will save bandwidth as you can get Postfix to reject the mail at SMTP
> stage

Save some processing power not bandwidth is what I meant as you don't use
SA this early (Not indeed do you accept the message).

Thinking about this further, I wouldn't recommend it as you box would
start to die under a sustained mail bombardment as the mail wouldn't queue
for scanning (One of the advantages of MailScanner) and you would be
reliant on Clam returning before the SMTP session timed out.

>
> but it won't save processing in the same way as a decent MIME/ header/
> body check will do.

As that doesn't use Clam at all! A word of caution, which I should have
included before, all forms of message check come at a performance price so
the more you add or the more complex you make them the larger the hit
(Hence the word decent!).

>
>>
>> What i was not sure about is when do these body checks take place.
>>
>> a. Mail is almost accepted / rejected (just before 250 OK / 550 REJECT)
>> and then rejected in which case there is no substantial bandwidth
>> saving. This is not the case as per the postfix-users list.
>> b. Rejected as soon as the offending MIME line is found, this is done
>> using the body_checks_size_limit (default 51200) in postfix. This is
>> what really happens (see postfix ain't so bad after all).
>>
>> I have a significant benefit (decrease in bandwidth and resource usage)
>> in doing these checks, if someone benefits from this as well great!! but
>> i completely agree in NOT converting this in to a project but rather
>> continuing on a per incident basis in case of severe viral outbreaks and
>> let MailScanner handle regular non-PITA/N worms (so any volunteers? :)
>> ).
>
> Not being smart enough to do this (Reliably) I'll gracefully back away.
>
> It should also be remembered that you should consider what/ who you will
> be '550ing' and take suitable steps. For example one of my boxes relays
> for another Internet connected box, which also happens to serve another
> domain. The incoming mail is swept for viruses after this box relays to me
> so I receive 'unclean' mail from it and clean it before delivery. In this
> instance it is of no benefit to bounce this mail as it would just generate
> virus laden bounce messages from the incoming server (Who has, after all,
> accepted the message). Rather than remove the problem it adds to it (And
> possibly creates a Joe Job for some poor domain owner else where on the
> Internet). In this instance, I would rather take the bandwidth hit and
> just send those messages to the bit bucket to no longer pester the world.
>
> Drew
>
>
> --
> In line with our policy, this message has
> been scanned for viruses and dangerous
> content by MailScanner, and is believed to be clean.
> www.themarshalls.co.uk/policy
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>



-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From itdept at FRACTALWEB.COM  Mon Dec  5 18:09:29 2005
From: itdept at FRACTALWEB.COM (IT Dept)
Date: Thu Jan 12 21:31:23 2006
Subject: Viruses apparently getting through
Message-ID: <mailman.17575.1137101483.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Gib Gilbertson Jr. wrote:

> Hi.
>
> I seeing a lot of e-mails getting through that are caught by ZoneAlarm 
> Security Suite and reported to be infected by the Win32.Sober.W!.ZIP 
> virus. These are coming in as attachments with the extension .zm9 as 
> reported by ZoneAlarm.
>
>
> I am running the following on FreeBSD 4.10
>
> MailScanner 4.32.4
> ClamAV 0.87.1/1200
>
> I've added a file types rule to deny \.zm9$ files
>
> I'm still getting them in e-mail though.
>
> Any thoughts?
>
> Thanks
>
> gib
>
>
Gib,

I was having a similar problem last week, and it wasn't until Glenn and 
Ken suggested that my system may have two separate versions of ClamAV 
running that we figgured it out. Sure enough, I had upgraded ClamAV 
manually to 0.87.1, but there was another instance of 0.6x laying 
around. When I manually scanned something, it used 0.87.1; guess which 
one MailScanner was using?

Once I did this, my system was happily catching all of the viruses.

Hope this helps.

Chris

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Mon Dec  5 17:32:38 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:23 2006
Subject: MailScanner stoped working after PERL upgrade (I think so)
Message-ID: <mailman.17576.1137101483.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "UTF-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field spake the following on 12/5/2005 9:03 AM:
> 
> On 5 Dec 2005, at 15:32, Boris Jordanov / ^Q>@8A ^Y>@40=>2  
> wrote:
> 
> 
>>>Julian Field wrote:
>>>...
>>>
>>>>Just before line 332 of Postfix.pm, there are 4 "print STDERR" lines.
>>>>Please uncomment these lines (remove the # from the start of the
>>>>line), and run MailScanner in Debug=yes mode. This should make it
>>>>print a bunch of numbers, please show me what it prints.
>>>
>>>[root@im MailScanner]# ll /var/spool/postfix/hold/
>>>total 4
>>>-rwx------  1 postfix postfix 985 Dec  5 17:26 459D616FBD
>>>
>>>[root@im MailScanner]# service MailScanner restart
>>>Shutting down MailScanner daemons:
>>>         MailScanner:                                      [FAILED]
>>>         incoming postfix:                                 [  OK  ]
>>>         outgoing postfix:                                 [  OK  ]
>>>Starting MailScanner daemons:
>>>         incoming postfix:                                 [  OK  ]
>>>         outgoing postfix:                                 [  OK  ]
>>>         MailScanner:       In Debugging mode, not forking...
>>>MsgContSize=459 DataOffset=0 NumRecips=0
>>>Content size = 459
>>>Data offset  = 0
>>>Num Recips   = 0
>>>Can't call method "DropFromBatch" on unblessed reference at
>>>/usr/lib/MailScanner/MailScanner/Postfix.pm line 332.
> 
> 
> Data offset = 0 implies a broken message. What version of Postfix are  
> you using now? Wouldn't be surprised if Wietse has changed Postfix  
> again to break MailScanner.
> Does it work okay on other messages, is it just this one?
> 
I wish Wietse would stop feuding with Julian and just accept
MailScanner. It is like he is stuck in "god mode". It would be so much
better for the community at large to have the choice without constantly
having things break.



-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jstork at pbco.ca  Mon Dec  5 18:18:56 2005
From: jstork at pbco.ca (Johnny Stork)
Date: Thu Jan 12 21:31:23 2006
Subject: MailScanner ANNOUNCE: 4.48 released
Message-ID: <mailman.17577.1137101483.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

What's the best (recommended) way to upgrade say from version 4.47.4? Just run the install script in the latest mailscanner tarbal and then run upgrade_MailScanner_conf? Or should I run the complete install-Clam-SA.tar.gz again, followed by the mailscanner install script?

Thanks
 

 


----- Original Message -----
From: Julian Field 
Sent: Thu Dec 01 2005 12:13:59 GMT-0800 (Pacific Standard Time)
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: MailScanner ANNOUNCE: 4.48 released

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sorry about that, fixed now.

Nigel kendrick wrote:

>Sorry guys - forgot to run upgrade_MailScanner_conf (yeah, pillock!)
>
>Mind you - now I have...
>
>Dec  1 14:36:31 chichester MailScanner[12720]: MailScanner E-Mail Virus
>Scanner version 4.48.4 starting... 
>Dec  1 14:36:32 chichester MailScanner[12720]: Could not read file
>/etc/MailScanner/reports/en/rejection.report.txt 
>Dec  1 14:36:32 chichester MailScanner[12720]: Error in line 865, file
>"/etc/MailScanner/reports/en/rejection.report.txt" for rejectionreport does
>not exist (or can not be read) 
>
>I have created the file and we seem to be starting up now. 
>
>(This is from the RedHat rpm install)
>
>Nigel
>
>-----Original Message-----
>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
>Of Martin Hepworth
>Sent: 01 December 2005 13:59
>To: MAILSCANNER@JISCMAIL.AC.UK
>Subject: Re: MailScanner ANNOUNCE: 4.48 released
>
>Looks like you've not upgrade properly.
>
>That setting was commented out when I ran the upgrade_MailScanner_conf
>script.
>
>How did you upgrade?
>
>--
>Martin Hepworth
>Snr Systems Administrator
>Solid State Logic
>Tel: +44 (0)1865 842300
>
>  
>
>>-----Original Message-----
>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On 
>>Behalf Of Nigel kendrick
>>Sent: 01 December 2005 13:47
>>To: MAILSCANNER@JISCMAIL.AC.UK
>>Subject: Re: [MAILSCANNER] MailScanner ANNOUNCE: 4.48 released
>>
>>Dec  1 13:44:29 chichester MailScanner[12403]: MailScanner E-Mail 
>>Virus Scanner version 4.48.4 starting...
>>Dec  1 13:44:29 chichester MailScanner[12403]: Syntax error(s) in 
>>configuration file:
>>Dec  1 13:44:29 chichester MailScanner[12403]: Unrecognised keyword 
>>"spamassassinprefsfile" at line 1399 Dec  1 13:44:29 chichester 
>>MailScanner[12403]: Aborting due to syntax errors in 
>>/etc/MailScanner/MailScanner.conf.
>>
>>??
>>
>>Nigel
>>
>>------------------------ MailScanner list ------------------------ To 
>>unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and the 
>>archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>Support MailScanner development - buy the book off the website!
>>    
>>
>
>
>**********************************************************************
>
>This email and any files transmitted with it are confidential and intended
>solely for the use of the individual or entity to whom they are addressed.
>If you have received this email in error please notify the system manager.
>
>This footnote confirms that this email message has been swept
>for the presence of computer viruses and is believed to be clean.    
>
>**********************************************************************
>
>------------------------ MailScanner list ------------------------ To
>unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and the
>archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>  
>

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQA/AwUBQ49Y0xH2WUcUFbZUEQKidACgguQkVjUY5zjtyBDRsrEMtP9QOuIAn1yZ
ZrAEvAZ1BdDYqNgTYkLbt6g+
=LH0+
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From admin at thenamegame.com  Mon Dec  5 18:24:48 2005
From: admin at thenamegame.com (admin@thenamegame.com)
Date: Thu Jan 12 21:31:23 2006
Subject: Cannot create directory /var/spool/MailScanner/archive/20051130
Message-ID: <mailman.17578.1137101483.24926.mailscanner@lists.mailscanner.info>

Have you checked that to see if the archive directory is writable?

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Chris Mason (Lists)
Sent: Wednesday, November 30, 2005 11:41 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Cannot create directory /var/spool/MailScanner/archive/20051130

I have a new MailScanner installation, a Redhat ES3 server with 
Sendmail. Everything else seems fine but I see this in the logs a lot.
Cannot create directory /var/spool/MailScanner/archive/20051130

Any ideas? The permissions seem fine.

Chris

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Mon Dec  5 18:44:07 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:23 2006
Subject: MailScanner stoped working after PERL upgrade (I think so)
Message-ID: <mailman.17579.1137101483.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "UTF-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Boris Jordanov / Ð^ÑоÑ^ÀиÑ^Á Ð^ÙоÑ^Àданов wrote:

>2005/12/5, Julian Field <MailScanner@ecs.soton.ac.uk>:
>
>  
>
>>Data offset = 0 implies a broken message. What version of Postfix are
>>you using now? Wouldn't be surprised if Wietse has changed Postfix
>>again to break MailScanner.
>>Does it work okay on other messages, is it just this one?
>>    
>>
>
>postfix 2.2.2-2
>
>No, it fails no matter what the message is :(
>
>Can it be the Perl-MailTools? Is the routine that... processes
>messages internal to MS or external?
>
I take back my comment about Wietse, he doesn't appear to have broken 
anything in 2.2.6 (the latest version). I have just used it to create a 
message and nothing has changed.

Can you send me (zip it first) an offending message please? I have just 
built and installed 2.2.6 and cannot reproduce your problem.

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Kevin_Miller at CI.JUNEAU.AK.US  Mon Dec  5 18:49:34 2005
From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller)
Date: Thu Jan 12 21:31:23 2006
Subject: Joe Jobbed, etc.
Message-ID: <mailman.17580.1137101483.24926.mailscanner@lists.mailscanner.info>

One of my users is the victom of a joe job.  I'm getting hundreds of
messages like the following:

------------------------------------------------------------------
Your message did not reach some or all of the intended recipients.

      Subject:	Message Undeliverable!
      Sent:	12/5/2005 9:33 AM

The following recipient(s) could not be reached:

      jeanette_stgeorgehhvj@ci.juneau.ak.us on 12/5/2005 9:33 AM
            The e-mail account does not exist at the organization this
message was sent to.  Check the e-mail address, or contact the recipient
directly to find out the correct address.
            < mxg.ci.juneau.ak.us #5.1.1 SMTP; 550 5.1.1 User unknown>
--------------------------------------------------------------------

The address is valid, except for the last four characters before the '@'
sign.  Those seem to be random.  I using MS/sendmail on a gateway which
forwards to an Exchange 2003 box.  What I'd like to do is refuse these
at the MTA level.  I can't put that address in the access file though,
as the last four characters vary and access won't take a regex (to the
best of my knowledge).

If there's no way to do it at the MTA level, I guess a SA rule might do
the trick, setting them to a value above high scoring spam and just let
MS delete them.  If that's the best option, could someone please show me
the regex to test for in the rule?  I'm a bit weak in that arena.

Anybody have any other ideas on the best way to deal w/this?  I've got
SPF records (set to softfail at the moment) which may help some but not
enough yet.  

On a related note, I want to implement milter-ahead which would deal
w/this issue handily.  Has anybody set that up on a SuSE 9.3 or 10
server?  I have a few questions, but since that's a bit off topic to MS
I don't want to get too far off.

Thanks much...

...Kevin
-- 
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500
 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Mon Dec  5 18:33:05 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:23 2006
Subject: MailScanner ANNOUNCE: 4.48 released
Message-ID: <mailman.17581.1137101483.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Johnny Stork spake the following on 12/5/2005 10:18 AM:
> What's the best (recommended) way to upgrade say from version 4.47.4? Just run the install script in the latest mailscanner tarbal and then run upgrade_MailScanner_conf? Or should I run the complete install-Clam-SA.tar.gz again, followed by the mailscanner install script?
> 
> Thanks
>  
You don't need to run the install-clam-sa bit unless you want/need to
upgrade clamav or spamassassin.
MailScanner install kit has all its needs included in the install.
If you are doing a very recent upgrade, you could probably just
rpm -Fvh MailScanner*.rpm, and then upgrade_MailScanner_conf

-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From steve.swaney at fsl.com  Mon Dec  5 19:02:04 2005
From: steve.swaney at fsl.com (Stephen Swaney)
Date: Thu Jan 12 21:31:23 2006
Subject: Joe Jobbed, etc.
Message-ID: <mailman.17582.1137101483.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Kevin Miller
> Sent: Monday, December 05, 2005 1:50 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Joe Jobbed, etc.
> 
> One of my users is the victom of a joe job.  I'm getting hundreds of
> messages like the following:
> 
> ------------------------------------------------------------------
> Your message did not reach some or all of the intended recipients.
> 
>       Subject:	Message Undeliverable!
>       Sent:	12/5/2005 9:33 AM
> 
> The following recipient(s) could not be reached:
> 
>       jeanette_stgeorgehhvj@ci.juneau.ak.us on 12/5/2005 9:33 AM
>             The e-mail account does not exist at the organization this
> message was sent to.  Check the e-mail address, or contact the recipient
> directly to find out the correct address.
>             < mxg.ci.juneau.ak.us #5.1.1 SMTP; 550 5.1.1 User unknown>
> --------------------------------------------------------------------
> 
> The address is valid, except for the last four characters before the '@'
> sign.  Those seem to be random.  I using MS/sendmail on a gateway which
> forwards to an Exchange 2003 box.  What I'd like to do is refuse these
> at the MTA level.  I can't put that address in the access file though,
> as the last four characters vary and access won't take a regex (to the
> best of my knowledge).

I you're using sendmail, go to the list server archives and look up 

	"handle joe job on 020404"

This should find this message which described how to configure sendmail to
discard messages with a blank, <> "From" field. 

http://www.jiscmail.ac.uk/cgi-bin/wa.exe?A2=ind04&L=MAILSCANNER&P=R251201&I=
-3&X=2C4A8320D5980931A2&Y=steve.swaney%40fsl.com 

Please note that this breaks RFC 1123 and should never be used in normal
operations. If you host a lot of domains, you might want to think about
setting up a server to handle only mail for the joe-jobbed domain until
things settle down.

Hope this helps,

Steve

Stephen Swaney
Fort Systems Ltd.
stephen.swaney@fsl.com
www.fsl.com

> If there's no way to do it at the MTA level, I guess a SA rule might do
> the trick, setting them to a value above high scoring spam and just let
> MS delete them.  If that's the best option, could someone please show me
> the regex to test for in the rule?  I'm a bit weak in that arena.
> 
> Anybody have any other ideas on the best way to deal w/this?  I've got
> SPF records (set to softfail at the moment) which may help some but not
> enough yet.
> 
> On a related note, I want to implement milter-ahead which would deal
> w/this issue handily.  Has anybody set that up on a SuSE 9.3 or 10
> server?  I have a few questions, but since that's a bit off topic to MS
> I don't want to get too far off.
> 
> Thanks much...
> 
> ...Kevin
> --
> Kevin Miller                Registered Linux User No: 307357
> CBJ MIS Dept.               Network Systems Admin., Mail Admin.
> 155 South Seward Street     ph: (907) 586-0242
> Juneau, Alaska 99801        fax: (907 586-4500
> 
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jwilliams at COURTESYMORTGAGE.COM  Mon Dec  5 19:19:35 2005
From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams)
Date: Thu Jan 12 21:31:23 2006
Subject: MailScanner users using Postfix as their MTA: Question
Message-ID: <mailman.17583.1137101483.24926.mailscanner@lists.mailscanner.info>


Greetings everyone!

 

As I am getting ready to setup a new MailScanner server for our company,
I have toyed with the idea of using a different MTA; specifically,
Postfix. My background with MTA&#8217;s are in Sendmail, Postfix and
Exchange. I have had very good success running MailScanner with Sendmail,
but I wanted to switch things up a bit and possibly try Postfix here
(keeps things fun and interesting, right?)

 

Anyway, I was hoping to ask current users of Mailscanner with Postfix, if
they could give me their feedback of what they like, dislike etc. Are
there any known issues or problems? Any performance hits? Lost mail etc.

 

Any information is greatly appreciated and feel free to email me
personally.

Thank you

 

Cheers,

 

Jason Williams


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From wietse at boudisque.nl  Mon Dec  5 19:31:40 2005
From: wietse at boudisque.nl (Wietse Muizelaar)
Date: Thu Jan 12 21:31:23 2006
Subject: MailScanner stoped working after PERL upgrade (I
Message-ID: <mailman.17584.1137101483.24926.mailscanner@lists.mailscanner.info>

Hi,

On Mon, December 5, 2005 17:03, Julian Field wrote:
> Wouldn't be surprised if Wietse has changed Postfix
> again to break MailScanner.

I promise, I won't break it ;)

-- 
Kind regards,

Wietse Muizelaar

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From boris.jordanov at GMAIL.COM  Mon Dec  5 19:48:04 2005
From: boris.jordanov at GMAIL.COM (Boris Jordanov)
Date: Thu Jan 12 21:31:23 2006
Subject: MailScanner stoped working after PERL upgrade (I think so)
Message-ID: <mailman.17585.1137101483.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "UTF-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:
...
> I take back my comment about Wietse, he doesn't appear to have broken 
> anything in 2.2.6 (the latest version). I have just used it to create a 
> message and nothing has changed.
> 
> Can you send me (zip it first) an offending message please? I have just 
> built and installed 2.2.6 and cannot reproduce your problem.
> 

As I told you - the message does not matter. It dies on  _every_ message 
(at least these are my observations).

perl 5.8.6-18
perl-MailTools 1.67-2.2
postfix 2.2.2-2

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, Application/OCTET-STREAM (Name: "459D616FBD.zip")  1KB. ]
    [ Unable to print this part. ]


From mailscanner at ELIQUID.COM  Mon Dec  5 19:58:38 2005
From: mailscanner at ELIQUID.COM (Wess Bechard)
Date: Thu Jan 12 21:31:23 2006
Subject: MailScanner users using Postfix as their MTA: Question
Message-ID: <mailman.17586.1137101483.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "utf-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Whats not to like?

I've not experienced any big problems, and the tension between Postfix
and MailScanner is quite amusing. :)

In all honesty, MailScanner and Postfix has been a positive experience
for me.  Julian does great work, especially with an MTA that seems to be
against his efforts at times.

On Mon, 2005-12-05 at 11:19 -0800, Jason Williams wrote:
      Greetings everyone!

       

      As I am getting ready to setup a new MailScanner server for
      our company, I have toyed with the idea of using a different
      MTA; specifically, Postfix. My background with MTA&#8217;s
      are in Sendmail, Postfix and Exchange. I have had very good
      success running MailScanner with Sendmail, but I wanted to
      switch things up a bit and possibly try Postfix here (keeps
      things fun and interesting, right?)

       

      Anyway, I was hoping to ask current users of Mailscanner with
      Postfix, if they could give me their feedback of what they
      like, dislike etc. Are there any known issues or problems?
      Any performance hits? Lost mail etc.

       

      Any information is greatly appreciated and feel free to email
      me personally.

      Thank you

       

      Cheers,

       

      Jason Williams



      ------------------------ MailScanner list
      ------------------------
      To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
      'leave mailscanner' in the body of the email.
      Before posting, read the Wiki (http://wiki.mailscanner.info/)
      and the archives
      (http://www.jiscmail.ac.uk/lists/mailscanner.html).

      Support MailScanner development - buy the book off the
      website!


___________________________________________

Wess Bechard
Information Technology Manager
eliquidMEDIA International Inc.
Visit: www.eliquid.com
Office: 519.973.1930  -  1.800.561.7525
Fax: 519.253.0337
Cell: 519.791.9492
___________________________________________
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From jaearick at COLBY.EDU  Mon Dec  5 20:06:05 2005
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:31:23 2006
Subject: MailScanner ANNOUNCE: 4.48 released
Message-ID: <mailman.17587.1137101483.24926.mailscanner@lists.mailscanner.info>

Julian,

Since I never use the install.sh script (a long story), I did this
by hand and got:

/opt/perl5/etc/mail/spamassassin

I was expecting /etc/mail/spamassassin.  Scratched head, went and
looked at this stuff.  It was something old and crusty (circa 2003)
from SA long ago.  I moved this /opt/perl5/etc out of the way then
got /etc/mail/spamassassin on the next try.  What I expected.

Jeff Earickson
Colby College

On Fri, 2 Dec 2005, Julian Field wrote:

> Date: Fri, 2 Dec 2005 11:43:20 +0000
> From: Julian Field <MailScanner@ECS.SOTON.AC.UK>
> Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: MailScanner ANNOUNCE: 4.48 released
> 
> -----BEGIN PGP SIGNED MESSAGE-----
>
> I hope you don't mind, I will publish this to the list for other
> people too.
>
> What you need to do is this:
>
> perl -MMail::SpamAssassin -e 'print Mail::SpamAssassin->new-
> >first_existing_path(@Mail::SpamAssassin::site_rules_path)'
> (all of that is on 1 line)
>
> This will print out a directory name if you have SpamAssassin installed.
> Say it prints out
> 	/etc/mail/spamassassin
> and you have MailScanner installed in /usr/local/MailScanner, then
> you want to do
> 	ln -s -f /usr/local/MailScanner/etc/spam.assassin.prefs.conf /etc/
> mail/spamassassin/mailscanner.cf
> (again all on 1 line).
>
> To put it a different way, say the perl command outputs directory SA,
> and your MailScanner etc directory is in directory MS, then you want to
> 	ln -s -f MS/spam.assassin.prefs.conf SA/mailscanner.cf
>
>
> On 2 Dec 2005, at 11:36, Grigorios G. Papazoglou wrote:
>
>> Hi Julian,
>> since in my current installation is rather difficult (for me at the
>> moment) to use the install.sh script, could you please let me know
>> the necessary manual action (if I am to upgrade to 4.48) as far as
>> spam.assassin.prefs.conf is concerned?
>> Thanks
>>
>> Julian Field wrote:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> I have just released the December version of MailScanner, version
>>> 4.48.
>>> Download it as usual from www.mailscanner.info
>>> The major new features this month are:
>>> - - The way spam.assassin.prefs.conf is used has changed.
>>>    **You don't have to worry about this, the install.sh scripts
>>> handle it all for you.**
>>>    The file used to be effectively read by MailScanner specially
>>> as  SpamAssassin starts up, but there have been various problems
>>> with  this as it breaks the rules on what SpamAssassin settings
>>> can be in  what files. The file is now linked into the
>>> SpamAssassin directories  (/etc/mail/spamassassin on most Linux,
>>> for example). It is no longer  read specially by MailScanner, it
>>> is just read by SpamAssassin as  part of its normal startup.
>>> - - There is a new "Reject Message" configuration option that can
>>> cause  some messages to be rejected and a rejection report sent
>>> back to the  original sender of the message. This is designed to
>>> be used with a  ruleset. Although you can easily configure your
>>> MTA (sendmail,  Postfix, etc) to do this for you, you only have 1
>>> line to use as the  error message. Doing it in MailScanner allows
>>> you to send back a  polite well-formatted message that can explain
>>> to the sender what  happened and why. There is a matching
>>> "Rejection Report" setting that  will set the name and location of
>>> the report sent to the sender.
>>> The full Change Log is this:
>>> * New Features and Improvements *
>>> - - Added a new configuration option "Reject Message". This is
>>> designed  to be
>>>    used with a ruleset. Any message matching the ruleset will be
>>> deleted and
>>>    the "rejection.report.txt" email message will be sent back to
>>> the  original
>>>    sender of the offending message. To save a copy of the message
>>> as  well as
>>>    reject it, use the "Archive Mail" setting.
>>> - - Rearranged SpamAssassin spam.assassin.prefs.conf file, it is
>>> now  read by
>>>    SpamAssassin via a link called "mailscanner.cf" in the
>>> site_rules  directory.
>>>    It is no longer read directly by MailScanner, it is just read
>>> by  Spam-
>>>    Assassin during its normal initialisation process.
>>> - - Enabled blocking of messages containing web bugs. Note this
>>> may  have some
>>>    false alarms, as a web bug is any image of 2x2 or smaller.
>>> - - Improved ClamAVmodule scanning by adding new suggestions from
>>> ClamAV author.
>>> - - Changed ClamAV parser to not generate warning output when it
>>> sees  lines it
>>>    wasn't expected, as there are so many false positives that no-
>>> one  ever
>>>    looks at them anyway.
>>> - - Improved Sophos wrapper script to allow for EM library
>>> installations.
>>>    No support for Sophos V5.0 yet.
>>> - - Upgraded ClamAV to 0.87.1.
>>> - - Added HTML::Parser to the list of Perl modules installed by
>>> my  ClamAV+SA
>>>    package so it can be used separately from MailScanner, without
>>> needing
>>>    MailScanner to be installed first.
>>> - - Improved Clam+SA package and other installation scripts to
>>> create  the soft-
>>>    link whenever possible.
>>> - - Rewritten comments at the top of spam.assassin.prefs.conf.
>>> - - Speed improvement changing &POSIX::WNOHANG to WNOHANG in sub
>>> Explode.
>>> * Fixes *
>>> - - Added "report-type" MIME attribute to spam notification
>>> multipart/ report
>>>    messages as the RFC says it should be there, and this lacking
>>> caused a
>>>    problem in a few email apps. Thanks for Georg@hackt.net for this.
>>> - - Added missing ", 0777" from mkdir call in internal TNEF code.
>>> - - Fixed startup problems reading rulesets from LDAP on first
>>> message  batch.
>>> - - Subject lines are all MIME-decoded properly now.
>>> - -- Julian Field
>>> www.MailScanner.info
>>> Buy the MailScanner book at www.MailScanner.info/store
>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: PGP Desktop 9.0.3 (Build 2932)
>>> iQEVAwUBQ47Nlfw32o+k+q+hAQEnvwf9GR1dMgqFLSkMjpOJl1zAbLC9A7guGibk
>>> ZCWQ8bUjdDA3I5+QrtQWUOK6NaCqVqP+TFgOd4/ZNgr/qEeIaRU6q38wYja1ihrx
>>> yn0QTFLh99T1Bo307YHZQPOrdP3koPom6zKhqTGJT4EX+2ORU7WNN28r5OAR3MVl
>>> tb37/6QZcDc9+kw8d/rFU6RgYeyLeEmHTovuEjMnPGbZY9NKsWy5ydnJxznqoIpx
>>> 5JMtQhHUUENa+/tTjtjq38wDrXTHQ5LdtDJOSuvj10iWTbhjtA/aRSbOjwKhaUpN
>>> LxhWDFOv2dJx9uiWPj+2BQ8UEuwV43PVwcMoX0qLctrdI68zM3iKkA==
>>> =Rf9n
>>> -----END PGP SIGNATURE-----
>>
>> --
>> Grigorios G. Papazoglou
>> System Administrator
>> Faculty of Medicine
>> University of Crete
>> Heraklion 710 03
>> GREECE
>> Telephone: +30 (281) 0394748
>> E-mail: grp@med.uoc.gr
>
> - --
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.0.3 (Build 2932)
>
> iQEVAwUBQ5AzW/w32o+k+q+hAQF3Vwf9Gf0DVbIOuFh3NG1IEu3UZ3T+8P5ALhXk
> ArPpLJUkTHtQd+GO5jaNNwokdobExIfnWzzMtJZP4dW582W9qRWMghIFg/bIti66
> t733OhwylSoLJylAWtYEwTsKw7tzdxI5G6uSkMGXsHFUdO/78y89g35wt6+TpakF
> pDt5TVzLzwKdp87sXdTwkEOQXUuqagJ1kYmfxK75rWRIcWMwpNCEq9CuBaNA9ySI
> R2k+GW829czLEhXWX+vQPrRRtWmmeszlj1V+EDTxxK3Zfj+/AhGVpzC/Pzt62wP/
> 5c+FGl3p9z1MeYPeXdaDiawCHdSLAPAOsz7xm00H35wEt6SJukjpzg==
> =ng5k
> -----END PGP SIGNATURE-----
>
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From drew at THEMARSHALLS.CO.UK  Mon Dec  5 20:22:48 2005
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:31:23 2006
Subject: MailScanner users using Postfix as their MTA: Question
Message-ID: <mailman.17588.1137101483.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "WINDOWS-1252" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 5 Dec 2005, at 19:19, Jason Williams wrote:

      Greetings everyone!

       

      As I am getting ready to setup a new MailScanner server for
      our company, I have toyed with the idea of using a different
      MTA; specifically, Postfix. My background with MTA^Òs are in
      Sendmail, Postfix and Exchange. I have had very good success
      running MailScanner with Sendmail, but I wanted to switch
      things up a bit and possibly try Postfix here (keeps things
      fun and interesting, right?)

       

      Anyway, I was hoping to ask current users of Mailscanner with
      Postfix, if they could give me their feedback of what they
      like, dislike etc. Are there any known issues or problems?
      Any performance hits? Lost mail etc.


Personally, I like Postfix. It is sad that Jules and Wietse can't see eye
to eye as they are similar developers, in so much as they both write
good, reliable, continuously improving software with a nice simple
configuration file and documentation, although some what different
personalities! Performance hits, I haven't noticed any. Lost mail, not
for a very long time. Can Postfix do things that other MTAs can do, yes
and without re-building it or in many instances without needing plugins.
Is it the best/ better than anything else, well that's a question that
has started intercontinental wars :-)

Go for it. At least you can say you gave it a go!

Drew

--
In line with our policy, this message has been scanned for
viruses and dangerous content by MailScanner, and is
believed to be clean.
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From pete at ENITECH.COM.AU  Mon Dec  5 20:50:11 2005
From: pete at ENITECH.COM.AU (Pete Russell)
Date: Thu Jan 12 21:31:23 2006
Subject: Joe Jobbed, etc.
Message-ID: <mailman.17589.1137101483.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Wont mitler-ahead deal with this by blocking those email during 
handshaking for being incorrectly addressed? Only accept mail for 
delivery that is accurately addressed?

Pete



Kevin Miller wrote:
> One of my users is the victom of a joe job.  I'm getting hundreds of
> messages like the following:
> 
> ------------------------------------------------------------------
> Your message did not reach some or all of the intended recipients.
> 
>       Subject:	Message Undeliverable!
>       Sent:	12/5/2005 9:33 AM
> 
> The following recipient(s) could not be reached:
> 
>       jeanette_stgeorgehhvj@ci.juneau.ak.us on 12/5/2005 9:33 AM
>             The e-mail account does not exist at the organization this
> message was sent to.  Check the e-mail address, or contact the recipient
> directly to find out the correct address.
>             < mxg.ci.juneau.ak.us #5.1.1 SMTP; 550 5.1.1 User unknown>
> --------------------------------------------------------------------
> 
> The address is valid, except for the last four characters before the '@'
> sign.  Those seem to be random.  I using MS/sendmail on a gateway which
> forwards to an Exchange 2003 box.  What I'd like to do is refuse these
> at the MTA level.  I can't put that address in the access file though,
> as the last four characters vary and access won't take a regex (to the
> best of my knowledge).
> 
> If there's no way to do it at the MTA level, I guess a SA rule might do
> the trick, setting them to a value above high scoring spam and just let
> MS delete them.  If that's the best option, could someone please show me
> the regex to test for in the rule?  I'm a bit weak in that arena.
> 
> Anybody have any other ideas on the best way to deal w/this?  I've got
> SPF records (set to softfail at the moment) which may help some but not
> enough yet.  
> 
> On a related note, I want to implement milter-ahead which would deal
> w/this issue handily.  Has anybody set that up on a SuSE 9.3 or 10
> server?  I have a few questions, but since that's a bit off topic to MS
> I don't want to get too far off.
> 
> Thanks much...
> 
> ...Kevin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Kevin_Miller at CI.JUNEAU.AK.US  Mon Dec  5 20:53:25 2005
From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller)
Date: Thu Jan 12 21:31:23 2006
Subject: Joe Jobbed, etc.
Message-ID: <mailman.17590.1137101483.24926.mailscanner@lists.mailscanner.info>

Pete Russell wrote:
> Wont mitler-ahead deal with this by blocking those email during
> handshaking for being incorrectly addressed? Only accept mail for
> delivery that is accurately addressed?
> 
> Pete

Yup - which is why I want to implement it.  Was looking for a quick and
easy workaround until I can get it installed...

...Kevin
-- 
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From michele at BLACKNIGHT.IE  Mon Dec  5 20:54:12 2005
From: michele at BLACKNIGHT.IE (Michele Neylon:: Blacknight.ie)
Date: Thu Jan 12 21:31:23 2006
Subject: Joe Jobbed, etc.
Message-ID: <mailman.17591.1137101483.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Pete Russell wrote:
> Wont mitler-ahead deal with this by blocking those email during
> handshaking for being incorrectly addressed? Only accept mail for
> delivery that is accurately addressed?
> 

That's what we do and it works very well.
The bigger issue is when the return path is forged but is  to a valid
user ...




-- 
Mr Michele Neylon
Blacknight Solutions
Quality Business Hosting & Colocation
http://www.blacknight.ie/
Tel. 1850 927 280
Intl. +353 (0) 59  9183072
Direct Dial: +353 (0)59 9183090
Fax. +353 (0) 59  9164239

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Mon Dec  5 21:07:16 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:23 2006
Subject: MailScanner stoped working after PERL upgrade (I think so)
Message-ID: <mailman.17592.1137101483.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "UTF-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Something is very wrong with your system. Here's what I get with your 
message:

MsgContSize=635 DataOffset=346 NumRecips=1
Content size = 635
Data offset  = 346
Num Recips   = 1

which looks fine to me.

Boris Jordanov wrote:

> Julian Field wrote:
> ...
>
>> I take back my comment about Wietse, he doesn't appear to have broken 
>> anything in 2.2.6 (the latest version). I have just used it to create 
>> a message and nothing has changed.
>>
>> Can you send me (zip it first) an offending message please? I have 
>> just built and installed 2.2.6 and cannot reproduce your problem.
>>
>
> As I told you - the message does not matter. It dies on  _every_ 
> message (at least these are my observations).
>
> perl 5.8.6-18
> perl-MailTools 1.67-2.2
> postfix 2.2.2-2
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!


-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From pete at ENITECH.COM.AU  Mon Dec  5 21:08:00 2005
From: pete at ENITECH.COM.AU (Pete Russell)
Date: Thu Jan 12 21:31:23 2006
Subject: Joe Jobbed, etc.
Message-ID: <mailman.17593.1137101483.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I have postfix in my mailscanner but we have exchange 2003 and lotus 
domino backends. We use perl script that queries the AD and builds a 
list of valid names. POstfix checks every inbound message to see if the 
TO address matches some one in the list, if yes then great iof not then 
we dont accept the mail.

I can eamil it to you if you like, should only take a few minutres to 
setup. I assume sendmail has a POstfix recipient_maps equivilent.

Pete


Kevin Miller wrote:
> Pete Russell wrote:
> 
>>Wont mitler-ahead deal with this by blocking those email during
>>handshaking for being incorrectly addressed? Only accept mail for
>>delivery that is accurately addressed?
>>
>>Pete
> 
> 
> Yup - which is why I want to implement it.  Was looking for a quick and
> easy workaround until I can get it installed...
> 
> ...Kevin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From pete at ENITECH.COM.AU  Mon Dec  5 21:10:11 2005
From: pete at ENITECH.COM.AU (Pete Russell)
Date: Thu Jan 12 21:31:23 2006
Subject: MailScanner users using Postfix as their MTA: Question
Message-ID: <mailman.17594.1137101483.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "windows-1252" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Working fine for me for many years. Extra reliable and never had any 
lost mail or similar.

Simple and reliable - 2 very important qualities for me.

Pete

Drew Marshall wrote:
> On 5 Dec 2005, at 19:19, Jason Williams wrote:
> 
>> Greetings everyone!
>>
>>  
>>
>> As I am getting ready to setup a new MailScanner server for our 
>> company, I have toyed with the idea of using a different MTA; 
>> specifically, Postfix. My background with MTA^Òs are in Sendmail, 
>> Postfix and Exchange. I have had very good success running MailScanner 
>> with Sendmail, but I wanted to switch things up a bit and possibly try 
>> Postfix here (keeps things fun and interesting, right?)
>>
>>  
>>
>> Anyway, I was hoping to ask current users of Mailscanner with Postfix, 
>> if they could give me their feedback of what they like, dislike etc. 
>> Are there any known issues or problems? Any performance hits? Lost 
>> mail etc.
>>
> 
> Personally, I like Postfix. It is sad that Jules and Wietse can't see 
> eye to eye as they are similar developers, in so much as they both write 
> good, reliable, continuously improving software with a nice simple 
> configuration file and documentation, although some what different 
> personalities! Performance hits, I haven't noticed any. Lost mail, not 
> for a very long time. Can Postfix do things that other MTAs can do, yes 
> and without re-building it or in many instances without needing plugins. 
> Is it the best/ better than anything else, well that's a question that 
> has started intercontinental wars :-)
> 
> Go for it. At least you can say you gave it a go!
> 
> Drew
> 
> -- 
> In line with our policy <http://www.themarshalls.co.uk/policy>, this 
> message has been scanned for
> viruses and dangerous content by MailScanner 
> <http://www.mailscanner.info/>, and is
> believed to be clean.
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> *Support MailScanner development - buy the book off the website!*

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From drew at THEMARSHALLS.CO.UK  Mon Dec  5 21:29:20 2005
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:31:24 2006
Subject: Other blocked content ruleset
Message-ID: <mailman.17595.1137101483.24926.mailscanner@lists.mailscanner.info>

Guys

Can you help a poor old soul who cant see the wood for trees any more?

I want to create a ruleset based around this criteria:

 From MailScanner.conf

# *If* "Notify Senders" is set to yes, do you want to notify people
# who sent you messages containing other blocked content, such as
# partial messages or messages with external bodies?
# This can also be the filename of a ruleset.
Notify Senders Of Other Blocked Content = %rules-dir%/ 
blocked.content.rules

What I want to put in the ruleset is:

<Some string that I can't work out>		too small	no
<Some string that I can't work out>		Default		yes

i.e. I want to *not* send a notification for attachments that are too  
small but I do still want to send notifications for any of the other  
blocked content. As you can see, could some one fill in my blank  
space and stop my maillog filling with 'Syntax error in first field  
in line 3 of ruleset' as my wall can't take my more head bashing!

Thanks

Drew

-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Mon Dec  5 22:00:41 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:24 2006
Subject: Block SOBER at MTA (postfix)
Message-ID: <mailman.17596.1137101484.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 05/12/05, Drew Marshall <drew@themarshalls.co.uk> wrote:
> On Mon, December 5, 2005 17:52, Drew Marshall wrote:
> > On Mon, December 5, 2005 17:15, Dhawal Doshy wrote:
> >> As Drew mentioned, this is NOT supposed to replace a real AV but at the
> >> same time i'd like having a feature where viruses are rejected without
> >> much processing power. Plugging in an AV at the MTA is not such a great
> >> idea (no bandwidth savings and no decrease in resource usage).
> >
> > Oh, I don't know. If you plug in the clamAV scanner in the right place...
> >
> Replying to one's self, it's something to do with Postfix users. How sad...

Noted... Has been known to do this myself... Probably because our
thoughtprocesses are recursive in some way....:-)
>
> > If you use before queue scanning as described here
> > http://www.postfix.org/SMTPD_PROXY_README.html and set up the SMTP clam
> > scanner as per here http://memberwebs.com/nielsen/software/clamsmtp/ you
> > will save bandwidth as you can get Postfix to reject the mail at SMTP
> > stage
>
> Save some processing power not bandwidth is what I meant as you don't use
> SA this early (Not indeed do you accept the message).

Some little, yes. And you could actually reject the message, which is
a bit different, in the "responsibility according to RFC" department.
Still wouldn't save any bandwidth to speak of, since PF would need
wait for the dot.

> Thinking about this further, I wouldn't recommend it as you box would
> start to die under a sustained mail bombardment as the mail wouldn't queue
> for scanning (One of the advantages of MailScanner) and you would be
> reliant on Clam returning before the SMTP session timed out.

I don't know.... wouldn't this be pretty much the same as for sendmail
and the clamav milter?
If so, sure, you could run this.... provided you monitor the box ...
scrupulously!
> >
> > but it won't save processing in the same way as a decent MIME/ header/
> > body check will do.
>
> As that doesn't use Clam at all! A word of caution, which I should have
> included before, all forms of message check come at a performance price so
> the more you add or the more complex you make them the larger the hit
> (Hence the word decent!).
>
True.
(snip)
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Mon Dec  5 22:03:24 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:24 2006
Subject: Block SOBER at MTA (postfix)
Message-ID: <mailman.17597.1137101484.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 05/12/05, Glenn Steen <glenn.steen@gmail.com> wrote:
> On 05/12/05, Drew Marshall <drew@themarshalls.co.uk> wrote:
> > On Mon, December 5, 2005 17:52, Drew Marshall wrote:
> > > On Mon, December 5, 2005 17:15, Dhawal Doshy wrote:
> > >> As Drew mentioned, this is NOT supposed to replace a real AV but at the
> > >> same time i'd like having a feature where viruses are rejected without
> > >> much processing power. Plugging in an AV at the MTA is not such a great
> > >> idea (no bandwidth savings and no decrease in resource usage).
> > >
> > > Oh, I don't know. If you plug in the clamAV scanner in the right place...
> > >
> > Replying to one's self, it's something to do with Postfix users. How sad...
>
> Noted... Has been known to do this myself... Probably because our
> thoughtprocesses are recursive in some way....:-)
Look, here I go too! (Just to join the club:-)
It also might indicate a cerain sloppiness in thought as well as
execution .... Powers Prevent:-D
(Snippety-snip)
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Mon Dec  5 22:19:12 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:24 2006
Subject: MailScanner users using Postfix as their MTA: Question
Message-ID: <mailman.17598.1137101484.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 05/12/05, Pete Russell <pete@enitech.com.au> wrote:
> Working fine for me for many years. Extra reliable and never had any
> lost mail or similar.
>
> Simple and reliable - 2 very important qualities for me.
>
> Pete
>
> Drew Marshall wrote:
> > On 5 Dec 2005, at 19:19, Jason Williams wrote:
> >
> >> Greetings everyone!
> >>
> >>
> >>
> >> As I am getting ready to setup a new MailScanner server for our
> >> company, I have toyed with the idea of using a different MTA;
> >> specifically, Postfix. My background with MTA's are in Sendmail,
> >> Postfix and Exchange. I have had very good success running MailScanner
> >> with Sendmail, but I wanted to switch things up a bit and possibly try
> >> Postfix here (keeps things fun and interesting, right?)
> >>
> >>
> >>
> >> Anyway, I was hoping to ask current users of Mailscanner with Postfix,
> >> if they could give me their feedback of what they like, dislike etc.
> >> Are there any known issues or problems? Any performance hits? Lost
> >> mail etc.
> >>
> >
> > Personally, I like Postfix. It is sad that Jules and Wietse can't see
> > eye to eye as they are similar developers, in so much as they both write
> > good, reliable, continuously improving software with a nice simple
> > configuration file and documentation, although some what different
> > personalities! Performance hits, I haven't noticed any. Lost mail, not
> > for a very long time. Can Postfix do things that other MTAs can do, yes
> > and without re-building it or in many instances without needing plugins.
> > Is it the best/ better than anything else, well that's a question that
> > has started intercontinental wars :-)
> >
> > Go for it. At least you can say you gave it a go!
> >
> > Drew
> >

Same here, no real problems (since Jules fixed the queue ID thing way
back). Very stable, very simple, yet .... very configurable(!)...
I especially like the ease of coupling anti-UCE PF things (and domain
anti-spoof) with MS versatility and resilience.... Best of everything!
(Well, I could probably do without McAfee, but don't tell the PHB I
said that:-):-)
Couldn't agree more about Mr Field and Mr Benema... Sometimes I think
one should turn to the time-tested nordic traditions.... Put 'em on a
small islet with some food and a big keg of booze (and some sharp
implements).... Pick 'em up a couple of days later.... Either they'll
be friends, or there will be a need for a coroner:-):-)

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Mon Dec  5 22:21:06 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:24 2006
Subject: MailScanner users using Postfix as their MTA: Question
Message-ID: <mailman.17599.1137101484.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 05/12/05, Glenn Steen <glenn.steen@gmail.com> wrote:
(snip)
> Couldn't agree more about Mr Field and Mr Benema... Sometimes I think
(snip)
Mr Venema is of course named Mr Venema, nothing else.
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jstork at pbco.ca  Tue Dec  6 00:47:02 2005
From: jstork at pbco.ca (Johnny Stork)
Date: Thu Jan 12 21:31:24 2006
Subject: MailScanner ANNOUNCE: 4.48 released -Upgrade didnt work??
Message-ID: <mailman.17600.1137101484.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hmm. I ran the tar based install of ms 4.48 on a system running 4.47.4 and RHES4.

After the install I see a new directory created as /opt/MailScanner-4.48.4 with a symbolic link from /opt/MailScanner. I run "service MailScanner restart" and I am still running 4.47??

1: At the start of the install.sh running I recall seeing some statement about not running an rpm based system? Is this just in reference to the MailScanner inststall method? cause I certainly run rpm?

2: This does not appear to be where ms was installed previously? Now what? 

3: What do I need to do to correctly upgrade to 4.48 and if the install is in a new/different location now, what can I do to clean up the old files and folders?
 

 


----- Original Message -----
From: Scott Silva 
Sent: Mon Dec 05 2005 10:53:49 GMT-0800 (Pacific Standard Time)
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: MailScanner ANNOUNCE: 4.48 released

Johnny Stork spake the following on 12/5/2005 10:18 AM:
> What's the best (recommended) way to upgrade say from version 4.47.4? Just run the install script in the latest mailscanner tarbal and then run upgrade_MailScanner_conf? Or should I run the complete install-Clam-SA.tar.gz again, followed by the mailscanner install script?
> 
> Thanks
>  
You don't need to run the install-clam-sa bit unless you want/need to
upgrade clamav or spamassassin.
MailScanner install kit has all its needs included in the install.
If you are doing a very recent upgrade, you could probably just
rpm -Fvh MailScanner*.rpm, and then upgrade_MailScanner_conf

-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From admin at thenamegame.com  Tue Dec  6 01:55:49 2005
From: admin at thenamegame.com (admin@thenamegame.com)
Date: Thu Jan 12 21:31:24 2006
Subject: Whitelisting using 70_sare_whitelist_rcvd.cf
Message-ID: <mailman.17601.1137101484.24926.mailscanner@lists.mailscanner.info>


Hello,

 

I&#8217;m trying to use the white list .cf file from
http://www.rulesemporium.com/rules.htm#whitelist, the file being
70_sare_whitelist_rcvd.cf. Can I redirect MS to look at these rules which
contain the follow directives?

 

whitelist_from_rcvd

 

-Or- is there another way of adding the contents of this file to another
file? So far today, I have not seen any of these whitelisting rules take
affect so I believe just by placing the .cf file in /path_to_your_cf does
not work. Does MS recognize whitelist_from_rcvd and what&#8217;s the best
place to put it?

 

Thanks.


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From admin at thenamegame.com  Tue Dec  6 02:08:38 2005
From: admin at thenamegame.com (Michael S.)
Date: Thu Jan 12 21:31:24 2006
Subject: Not seeing any viruses being detected in my logs.
Message-ID: <mailman.17602.1137101484.24926.mailscanner@lists.mailscanner.info>


I am no longer seeing any evidence of viruses being caught in my logs.
I&#8217;m running F-Secure and all I see is MS exploit detected but never
see the actual name of the virus or proof that the virus existed or that
it was detected and deleted.

 

We are getting lots of messages from admin@cia.gov which does contain an
attachment but MS is simply saying the scored high and that it got
deleted. Well, what about the attachment that comes with that file? I
should be seeing F-Secure scanning it, detecting it, reporting the name
of the virus followed by either a removal and delete or a delivery to the
user. I&#8217;m not seeing any of this anymore.

 

Thank you.

 


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From maillists at CONACTIVE.COM  Tue Dec  6 02:31:32 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:24 2006
Subject: MailScanner ANNOUNCE: 4.48 released -Upgrade didnt work??
Message-ID: <mailman.17603.1137101484.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Johnny Stork wrote on         Mon, 5 Dec 2005 16:47:02 -0800:

> 3: What do I need to do to correctly upgrade to 4.48

I think you downloaded the tar.gz for "other systems" instead of the 
tar.gz for Red Hat. Get the right one. That tar.gz contains an rpm and you 
probably will just want to run rpm -Uvh MailScanner*.rpm, nothing else, as 
Scott suggested. 

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mailscanner at MANGO.ZW  Tue Dec  6 06:19:39 2005
From: mailscanner at MANGO.ZW (Jim Holland)
Date: Thu Jan 12 21:31:24 2006
Subject: Joe Jobbed, etc.
Message-ID: <mailman.17604.1137101484.24926.mailscanner@lists.mailscanner.info>

On Tue, 6 Dec 2005, Pete Russell wrote:

> I have postfix in my mailscanner but we have exchange 2003 and lotus 
> domino backends. We use perl script that queries the AD and builds a 
> list of valid names. POstfix checks every inbound message to see if the 
> TO address matches some one in the list, if yes then great iof not then 
> we dont accept the mail.
> 
> I can eamil it to you if you like, should only take a few minutres to 
> setup. I assume sendmail has a POstfix recipient_maps equivilent.

sendmail can be configured to use a virtusertable:

Set this up in the sendmail.mc file if this is not already configured:

	FEATURE(`virtusertable',`hash /etc/mail/virtusertable')dnl

If required: m4 < sendmail.mc > sendmail.cf

Add the domain to local-host-names.

Add users to virtusertable:

	user@domain	user@exchangebox

Restart MailScanner.

Regards

Jim Holland
System Administrator
MANGO - Zimbabwe's non-profit e-mail service

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From boris.jordanov at GMAIL.COM  Tue Dec  6 07:08:59 2005
From: boris.jordanov at GMAIL.COM ([UTF-8] Boris Jordanov / Бори� Йорданов)
Date: Thu Jan 12 21:31:24 2006
Subject: MailScanner stoped working after PERL upgrade (I think so)
Message-ID: <mailman.17605.1137101484.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "UTF-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:
> Something is very wrong with your system. Here's what I get with your
> message:
> 
> MsgContSize=635 DataOffset=346 NumRecips=1
> Content size = 635
> Data offset  = 346
> Num Recips   = 1
> 
> which looks fine to me.

I see...
Where should I look, can I test MailTools somehow?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From boris.jordanov at GMAIL.COM  Tue Dec  6 07:55:36 2005
From: boris.jordanov at GMAIL.COM ([UTF-8] Boris Jordanov / Бори� Йорданов)
Date: Thu Jan 12 21:31:24 2006
Subject: MailScanner stoped working after PERL upgrade (I think so)
Message-ID: <mailman.17606.1137101484.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "UTF-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:
> Something is very wrong with your system. Here's what I get with your
> message:
> 
> MsgContSize=635 DataOffset=346 NumRecips=1
> Content size = 635
> Data offset  = 346
> Num Recips   = 1
> 
> which looks fine to me.
> 
I've touched the code:

    # Read the initial record.
    # Provides Message content size, data offset and recipient count
    ($rectype, $recdata) = ReadRecord($RQf);
    print "1st $rectype is \"$recdata\"\n";
    MailScanner::Log::WarnLog("Syntax error in Postfix queue file,
didn't " .
                              "start with a C record") unless $rectype
eq 'C';
    $recdata =~ /^([0-9 ]{15}) ([0-9 ]{15}) ([0-9 ]{15})( ([0-9 ]{15}))?$/;
    print "recdata is now \"$recdata\"\n";
    ($MsgContSize, $DataOffset, $NumRecips) = ($1+0, $2+0, $3+0);
     print STDERR "MsgContSize=$MsgContSize DataOffset=$DataOffset
NumRecips=$NumRecips\n";

    # If $5 is set then we have a new data structure in the file
    $MailScanner::Postfix::DataStructure = 0;
    if ($5 ne "") {
      $MailScanner::Postfix::DataStructure = 1;
      $message->{PostfixQmgrOpts} = $5+0;
    }

    $MsgContSize =~ s/^\s*//;
    $DataOffset  =~ s/^\s*//;
    $NumRecips   =~ s/^\s*//;
    print STDERR "MsgContSize=$MsgContSize DataOffset=$DataOffset
NumRecips=$NumRecips\n";
    push @{$message->{metadata}}, "$rectype$recdata";
    print STDERR "Content size = $MsgContSize\n";
    print STDERR "Data offset  = $DataOffset\n";
    print STDERR "Num Recips   = $NumRecips\n";

    # If the data offset is 0 then Postfix definitely hasn't finished
    # writing the message.
    unless ($DataOffset+0 > 10) { # 10 == arbitrary small number
      $message->DropFromBatch();
      return 0;
    }



And here's the result:

[root@im ~]# MailScanner
In Debugging mode, not forking...
In ReadQf
hdpath = /var/spool/postfix/hold/459D616FBD
inhdhandle = FileHandle=GLOB(0xac65e98)
size = 985
1st C is "            635             346               1               0"
recdata is now "            635             346               1
      0"
MsgContSize=459 DataOffset=0 NumRecips=0
MsgContSize=459 DataOffset=0 NumRecips=0
Content size = 459
Data offset  = 0
Num Recips   = 0
Can't call method "DropFromBatch" on unblessed reference at
/usr/lib/MailScanner/MailScanner/Postfix.pm line 334.

It looks OK _until_

($MsgContSize, $DataOffset, $NumRecips) = ($1+0, $2+0, $3+0);

after that line  print STDERR "MsgContSize=$MsgContSize
DataOffset=$DataOffset NumRecips=$NumRecips\n"; returns:
MsgContSize=459 DataOffset=0 NumRecips=0

I'm not into PERL so what's wrong here?:
$recdata =~ /^([0-9 ]{15}) ([0-9 ]{15}) ([0-9 ]{15})( ([0-9 ]{15}))?$/;

I believe the ($MsgContSize, $DataOffset, $NumRecips) = ($1+0, $2+0,
$3+0); line is OK, so I blame $recdata =~ /^([0-9 ]{15}) ([0-9 ]{15})
([0-9 ]{15})( ([0-9 ]{15}))?$/;

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Tue Dec  6 08:38:04 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:24 2006
Subject: MailScanner stoped working after PERL upgrade (I think so)
Message-ID: <mailman.17607.1137101484.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "UTF-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----


On 6 Dec 2005, at 07:55, Boris Jordanov / Ð^ÑоÑ^ÀиÑ^Á Ð^ÙоÑ^Àданов  
wrote:

> Julian Field wrote:
>> Something is very wrong with your system. Here's what I get with your
>> message:
>>
>> MsgContSize=635 DataOffset=346 NumRecips=1
>> Content size = 635
>> Data offset  = 346
>> Num Recips   = 1
>>
>> which looks fine to me.
>>
> I've touched the code:
>
>     # Read the initial record.
>     # Provides Message content size, data offset and recipient count
>     ($rectype, $recdata) = ReadRecord($RQf);
>     print "1st $rectype is \"$recdata\"\n";
>     MailScanner::Log::WarnLog("Syntax error in Postfix queue file,
> didn't " .
>                               "start with a C record") unless $rectype
> eq 'C';
>     $recdata =~ /^([0-9 ]{15}) ([0-9 ]{15}) ([0-9 ]{15})( ([0-9 ] 
> {15}))?$/;
>     print "recdata is now \"$recdata\"\n";
>     ($MsgContSize, $DataOffset, $NumRecips) = ($1+0, $2+0, $3+0);

Try changing that last line to

($MsgContSize, $DataOffset, $NumRecips) = ($1, $2, $3);
$MsgContSize =~ /^\D+//;
$DataOffset =~ /^\D+//;
$NumRecips =~ /^\D+//;
$MsgContSize = $MsgContSize + 0;
$DataOffset = $DataOffset + 0;
$NumRecips = $NumRecips + 0;

and let me know what happens.

>      print STDERR "MsgContSize=$MsgContSize DataOffset=$DataOffset
> NumRecips=$NumRecips\n";
>
>     # If $5 is set then we have a new data structure in the file
>     $MailScanner::Postfix::DataStructure = 0;
>     if ($5 ne "") {
>       $MailScanner::Postfix::DataStructure = 1;
>       $message->{PostfixQmgrOpts} = $5+0;
>     }
>
>     $MsgContSize =~ s/^\s*//;
>     $DataOffset  =~ s/^\s*//;
>     $NumRecips   =~ s/^\s*//;
>     print STDERR "MsgContSize=$MsgContSize DataOffset=$DataOffset
> NumRecips=$NumRecips\n";
>     push @{$message->{metadata}}, "$rectype$recdata";
>     print STDERR "Content size = $MsgContSize\n";
>     print STDERR "Data offset  = $DataOffset\n";
>     print STDERR "Num Recips   = $NumRecips\n";
>
>     # If the data offset is 0 then Postfix definitely hasn't finished
>     # writing the message.
>     unless ($DataOffset+0 > 10) { # 10 == arbitrary small number
>       $message->DropFromBatch();
>       return 0;
>     }
>
>
>
> And here's the result:
>
> [root@im ~]# MailScanner
> In Debugging mode, not forking...
> In ReadQf
> hdpath = /var/spool/postfix/hold/459D616FBD
> inhdhandle = FileHandle=GLOB(0xac65e98)
> size = 985
> 1st C is "            635             346                
> 1               0"
> recdata is now "            635             346               1
>       0"
> MsgContSize=459 DataOffset=0 NumRecips=0
> MsgContSize=459 DataOffset=0 NumRecips=0
> Content size = 459
> Data offset  = 0
> Num Recips   = 0
> Can't call method "DropFromBatch" on unblessed reference at
> /usr/lib/MailScanner/MailScanner/Postfix.pm line 334.
>
> It looks OK _until_
>
> ($MsgContSize, $DataOffset, $NumRecips) = ($1+0, $2+0, $3+0);
>
> after that line  print STDERR "MsgContSize=$MsgContSize
> DataOffset=$DataOffset NumRecips=$NumRecips\n"; returns:
> MsgContSize=459 DataOffset=0 NumRecips=0
>
> I'm not into PERL so what's wrong here?:
> $recdata =~ /^([0-9 ]{15}) ([0-9 ]{15}) ([0-9 ]{15})( ([0-9 ]{15}))? 
> $/;
>
> I believe the ($MsgContSize, $DataOffset, $NumRecips) = ($1+0, $2+0,
> $3+0); line is OK, so I blame $recdata =~ /^([0-9 ]{15}) ([0-9 ]{15})
> ([0-9 ]{15})( ([0-9 ]{15}))?$/;
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBQ5VN7vw32o+k+q+hAQG00Qf9F05wZzJ6e/2TK/rYUPDz3m/kZvP0ulC2
YANu6ZA+59hyk+UFHYdATvn81snz0Uj/UyMa570CBe0PfyFhkxoQSLCLgbA+n+UD
ExMQ7H8x6Lse8CDdOv/6MLT2qShcwfkgQVHO09ItlVD3GoXFt6JsCzq5oeidmmsQ
HDgzveYK1VGw++zDKrVKARFASyqdamWbs9n0DB0u5PHCPhYOLaDJM5Ng/H+705dP
iht880QUNxCxaIS7KHjfXBgEgtMqSnUkoYuCrD5Qbwh7cF5lIeo4Cqf2j+osRGhn
2FwFZxaY2EErjQUge60iIqSrlWnxAmMAKC5j2Ir6U0I9feeYWLMhTw==
=P+GZ
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From boris.jordanov at GMAIL.COM  Tue Dec  6 08:44:56 2005
From: boris.jordanov at GMAIL.COM ([UTF-8] Boris Jordanov / Бори� Йорданов)
Date: Thu Jan 12 21:31:24 2006
Subject: MailScanner stoped working after PERL upgrade (I think so)
Message-ID: <mailman.17608.1137101484.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "UTF-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:
> Something is very wrong with your system. Here's what I get with your
> message:
> 

Julian, I've managed to work it out (for the proof of my idea only)

Here is the code, it's not a diff, because it is an ugly PoC. The
problem _is_ in the splitting. I split it my way (again, I'm not into
PERL, excuse my code) and it is OK. One problem - you are looking for
something referenced as $5. With the original code and my split MS says
- corrupted and moves the message to the corrupted directory. If I force:
$message->{PostfixQmgrOpts} = $5+0;

everything goes OK and the message is delivered.

Can you fix it guys? Please? :) TIA

    # Read the initial record.
    # Provides Message content size, data offset and recipient count
    ($rectype, $recdata) = ReadRecord($RQf);
    print "1st $rectype is \"$recdata\"\n";
    MailScanner::Log::WarnLog("Syntax error in Postfix queue file,
didn't " .
                              "start with a C record") unless $rectype
eq 'C';

########################################
    my @splitted = split(/ +/,$recdata);
########################################

    #$recdata =~ /^([0-9 ]{15}) ([0-9 ]{15}) ([0-9 ]{15})( ([0-9 ]{15}))?$/;
    print "recdata is now \"$recdata\"\n";
    print "splitted is now @splitted\n";

    #($MsgContSize, $DataOffset, $NumRecips) = ($1+0, $2+0, $3+0);

##############################################################
    ($MsgContSize, $DataOffset, $NumRecips) = (@splitted[1]+0,
@splitted[2]+0, @splitted[3]+0);
##############################################################

     print STDERR "MsgContSize=$MsgContSize DataOffset=$DataOffset
NumRecips=$NumRecips\n";

    # If $5 is set then we have a new data structure in the file
    $MailScanner::Postfix::DataStructure = 0;
    if ($5 ne "") {
      $MailScanner::Postfix::DataStructure = 1;
      $message->{PostfixQmgrOpts} = $5+0;
    }

#############################################
    $MailScanner::Postfix::DataStructure = 1;
    $message->{PostfixQmgrOpts} = $5+0;
#############################################

    $MsgContSize =~ s/^\s*//;
    $DataOffset  =~ s/^\s*//;
    $NumRecips   =~ s/^\s*//;
    print STDERR "MsgContSize=$MsgContSize DataOffset=$DataOffset
NumRecips=$NumRecips\n";
    push @{$message->{metadata}}, "$rectype$recdata";
    print STDERR "Content size = $MsgContSize\n";
    print STDERR "Data offset  = $DataOffset\n";
    print STDERR "Num Recips   = $NumRecips\n";

    # If the data offset is 0 then Postfix definitely hasn't finished
    # writing the message.
    unless ($DataOffset+0 > 10) { # 10 == arbitrary small number
      $message->DropFromBatch();
      return 0;
      }

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From boris.jordanov at GMAIL.COM  Tue Dec  6 08:51:42 2005
From: boris.jordanov at GMAIL.COM ([UTF-8] Boris Jordanov / Бори� Йорданов)
Date: Thu Jan 12 21:31:24 2006
Subject: MailScanner stoped working after PERL upgrade (I think so)
Message-ID: <mailman.17609.1137101484.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "UTF-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:
> 
> On 6 Dec 2005, at 07:55, Boris Jordanov / ^Q>@8A ^Y>@40=>2  
> wrote:
> 
> 
>>>Julian Field wrote:
>>>
>>>>Something is very wrong with your system. Here's what I get with your
>>>>message:
>>>>
>>>>MsgContSize=635 DataOffset=346 NumRecips=1
>>>>Content size = 635
>>>>Data offset  = 346
>>>>Num Recips   = 1
>>>>
>>>>which looks fine to me.
>>>>
>>>
>>>I've touched the code:
>>>
>>>    # Read the initial record.
>>>    # Provides Message content size, data offset and recipient count
>>>    ($rectype, $recdata) = ReadRecord($RQf);
>>>    print "1st $rectype is \"$recdata\"\n";
>>>    MailScanner::Log::WarnLog("Syntax error in Postfix queue file,
>>>didn't " .
>>>                              "start with a C record") unless $rectype
>>>eq 'C';
>>>    $recdata =~ /^([0-9 ]{15}) ([0-9 ]{15}) ([0-9 ]{15})( ([0-9 ] 
>>>{15}))?$/;
>>>    print "recdata is now \"$recdata\"\n";
>>>    ($MsgContSize, $DataOffset, $NumRecips) = ($1+0, $2+0, $3+0);
> 
> 
> Try changing that last line to
> 
> ($MsgContSize, $DataOffset, $NumRecips) = ($1, $2, $3);
> $MsgContSize =~ /^\D+//;
> $DataOffset =~ /^\D+//;
> $NumRecips =~ /^\D+//;
> $MsgContSize = $MsgContSize + 0;
> $DataOffset = $DataOffset + 0;
> $NumRecips = $NumRecips + 0;
> 
> and let me know what happens.

This:

[root@im MailScanner]# service MailScanner restart
Shutting down MailScanner daemons:
         MailScanner:                                      [FAILED]
         incoming postfix:                                 [  OK  ]
         outgoing postfix:                                 [  OK  ]
Starting MailScanner daemons:
         incoming postfix:                                 [  OK  ]
         outgoing postfix:                                 [  OK  ]
         MailScanner:       In Debugging mode, not forking...
Can't call method "DropFromBatch" on unblessed reference at
/usr/lib/MailScanner/MailScanner/Postfix.pm line 335.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From a.peacock at CHIME.UCL.AC.UK  Tue Dec  6 09:08:54 2005
From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock)
Date: Thu Jan 12 21:31:24 2006
Subject: Whitelisting using 70_sare_whitelist_rcvd.cf
Message-ID: <mailman.17610.1137101484.24926.mailscanner@lists.mailscanner.info>

Hi,

> I'm trying to use the white list .cf file from
> http://www.rulesemporium.com/rules.htm#whitelist, the file being
> 70_sare_whitelist_rcvd.cf. Can I redirect MS to look at these rules
> which contain the follow directives?
> 
> 
> 
> whitelist_from_rcvd
> 
> 
> 
> -Or- is there another way of adding the contents of this file to
> another file? So far today, I have not seen any of these whitelisting
> rules take affect so I believe just by placing the .cf file in
> /path_to_your_cf does not work. Does MS recognize whitelist_from_rcvd
> and what's the best place to put it?

That is a SpamAssassin rule file.  You need to place it in your 
SpamAssassin site rules directory, on my system that is 
/etc/mail/spamassassin.  Just copy it into that directory, you don't 
need to change any other settings.  You will need to restart 
MailScanner so that it rereads the config and rules files.

-- 
Anthony Peacock       
CHIME, Royal Free & University College Medical School
WWW:    http://www.chime.ucl.ac.uk/~rmhiajp/
"Computer  software  consists of  only  two  components: 
ones and zeros, in roughly equal proportions.   All that is
required is to sort them into the correct order."

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dhawal at NETMAGICSOLUTIONS.COM  Tue Dec  6 09:30:07 2005
From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy)
Date: Thu Jan 12 21:31:24 2006
Subject: MailScanner users using Postfix as their MTA: Question
Message-ID: <mailman.17611.1137101484.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "windows-1252" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Jason Williams wrote:
> Greetings everyone!
> 
> As I am getting ready to setup a new MailScanner server for our company, 
> I have toyed with the idea of using a different MTA; specifically, 
> Postfix. My background with MTA^Òs are in Sendmail, Postfix and Exchange. 
> I have had very good success running MailScanner with Sendmail, but I 
> wanted to switch things up a bit and possibly try Postfix here (keeps 
> things fun and interesting, right?)
> 
> Anyway, I was hoping to ask current users of Mailscanner with Postfix, 
> if they could give me their feedback of what they like, dislike etc. Are 
> there any known issues or problems? Any performance hits? Lost mail etc.

MailScanner integrates really well with Postfix (no dual MTA setup), the 
backend MAP lookups for postfix are quite simple to use as well (if you 
want to query your exchange server for valid users). Performance is a 
non-issue with a default postfix setup (unless one does something really 
stupid). Except for the duplicate Message-IDs issue (long solved by 
Julian) and a postfix queue structure change (hash_queue_depth was 
dropped for the hold queue), i have yet to come across any show stopper.

The only issue so far with postfix being application of individual 
MailScanner rules in case a mail is sent to more than one recipient. 
Postfix currently cannot split mails into individual recipients with out 
a major performance hit. This behaviour is very specific to storing 
mails in the hold queue and not to final deliveries. However such a 
requirement is quite rare amongst the current postfix + MS users.

Also if you are a mailwatch user, some features are not compatible with 
postfix.

Finally read the wiki for some great information on:
a. Postfix installation / configuration / integration with MS
b. Releasing messages from the quarantine
c. Postfix + MS politics

There are some other requirements if you are administering a postfix + 
MS setup.
a. Replying back to one's own list postings
b. A secret craving for World Domination

- dhawal

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Tue Dec  6 10:44:49 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:24 2006
Subject: MailScanner stoped working after PERL upgrade (I think so)
Message-ID: <mailman.17612.1137101484.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "UTF-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----

On 6 Dec 2005, at 08:44, Boris Jordanov / Ð^ÑоÑ^ÀиÑ^Á Ð^ÙоÑ^Àданов  
wrote:
> Julian Field wrote:
>> Something is very wrong with your system. Here's what I get with your
>> message:
>>
>
> Julian, I've managed to work it out (for the proof of my idea only)
>
> Here is the code, it's not a diff, because it is an ugly PoC. The
> problem _is_ in the splitting. I split it my way (again, I'm not into
> PERL, excuse my code) and it is OK. One problem - you are looking for
> something referenced as $5. With the original code and my split MS  
> says
> - corrupted and moves the message to the corrupted directory. If I  
> force:
> $message->{PostfixQmgrOpts} = $5+0;
>
> everything goes OK and the message is delivered.
>
> Can you fix it guys? Please? :) TIA

How about this:

     # Provides Message content size, data offset and recipient count
     ($rectype, $recdata) = ReadRecord($RQf);
     #print "1st $rectype is \"$recdata\"\n";
     MailScanner::Log::WarnLog("Syntax error in Postfix queue file,  
didn't " .
                               "start with a C record") unless  
$rectype eq 'C';
     #$recdata =~ /^([0-9 ]{15}) ([0-9 ]{15}) ([0-9 ]{15})( ([0-9 ] 
{15}))?$/;
     #($MsgContSize, $DataOffset, $NumRecips) = ($1+0, $2+0, $3+0);

     my @numbers = split " ", $recdata;
     ($MsgContSize, $DataOffset, $NumRecips) =
       ($numbers[0]+0, $numbers[1]+0, $numbers[2]+0);

     # If $5 is set then we have a new data structure in the file
     $MailScanner::Postfix::DataStructure = 0;
     #if ($5 ne "") {
     #  $MailScanner::Postfix::DataStructure = 1;
     #  $message->{PostfixQmgrOpts} = $5+0;
     #}

     if (defined $numbers[3]) {
       $MailScanner::Postfix::DataStructure = 1;
       $message->{PostfixQmgrOpts} = $numbers[3]+0;
     }

     #$MsgContSize =~ s/^\s*//;
     #$DataOffset  =~ s/^\s*//;
     #$NumRecips   =~ s/^\s*//;
     #print STDERR "MsgContSize=$MsgContSize DataOffset=$DataOffset  
NumRecips=$NumRecips\n";
     push @{$message->{metadata}}, "$rectype$recdata";

That works okay for me. Please give it a try.
- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBQ5Vro/w32o+k+q+hAQHRJgf+Pdxrl2VABjOs7eeisIK+wPQXkpqD6Evd
LbX/E9Dpsw7ZZIK9qTMwz+mHz7kii8WNT1n/0pMPFYxVeOSlIME5aFoLEGovMLb6
S13g+VtNibGHROyjVlQyH/cjVfpD+VlYCS1DQhFarYOFaF9Z60RHT5WXeZK11Men
CaVywJmsshB4MKuuou/q7nI5CLS4nGGeH98aBHg7vD88kCoS2L1VpDn/lIXtPNwz
9oc1HwVdkFLvWerDE2UJY3cYsw3AaYaUtdKgGOpXZFelR6UMTi8RE8tvI+19mYqB
jYVPoZLsmuiL3XviRNy/XcGOkBQz9lJbpWUl13fmCuPd6QeM7634Gg==
=hl7p
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Tue Dec  6 11:12:58 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:24 2006
Subject: MailScanner users using Postfix as their MTA: Question
Message-ID: <mailman.17613.1137101484.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 06/12/05, Dhawal Doshy <dhawal@netmagicsolutions.com> wrote:
(snip)
>
> Also if you are a mailwatch user, some features are not compatible with
> postfix.

What else apart from the mailq thing? That's all I can remember of the
top of my cold-swollen (yes, the really bad cold I'm having is
probably reducing the oxygenation(sp?) of my brain:) head.

(snip)
> a. Replying back to one's own list postings
It's a state of mind....

> b. A secret craving for World Domination
That isn't a secret... any more;).
>
> - dhawal
>

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dhawal at NETMAGICSOLUTIONS.COM  Tue Dec  6 11:25:12 2005
From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy)
Date: Thu Jan 12 21:31:24 2006
Subject: MailScanner users using Postfix as their MTA: Question
Message-ID: <mailman.17614.1137101484.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Glenn Steen wrote:
> On 06/12/05, Dhawal Doshy <dhawal@netmagicsolutions.com> wrote:
> (snip)
> 
>>Also if you are a mailwatch user, some features are not compatible with
>>postfix.
> 
> What else apart from the mailq thing? That's all I can remember of the
> top of my cold-swollen (yes, the really bad cold I'm having is
> probably reducing the oxygenation(sp?) of my brain:) head.

Enhanced reporting of MTA deliveries/rejections (aka Sendmail Relay Log 
watcher). I am trying to do this for postfix using sec (simple event 
correlation engine), more details later on the mailwatch list.

>>b. A secret craving for World Domination
> 
> That isn't a secret... any more;).

OOPS..

- dhawal

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From boris.jordanov at GMAIL.COM  Tue Dec  6 11:33:57 2005
From: boris.jordanov at GMAIL.COM ([UTF-8] Boris Jordanov / Бори� Йорданов)
Date: Thu Jan 12 21:31:24 2006
Subject: MailScanner stoped working after PERL upgrade (I think so)
Message-ID: <mailman.17615.1137101484.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "UTF-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:

> 
> That works okay for me. Please give it a try.

Well, one message passed with success :) Let see what will hapend over time.

What was wrong with the spilt? Is it because of PERL changed?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From drew at THEMARSHALLS.CO.UK  Tue Dec  6 11:44:11 2005
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:31:24 2006
Subject: MailScanner users using Postfix as their MTA:
Message-ID: <mailman.17616.1137101484.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On Tue, December 6, 2005 11:25, Dhawal Doshy wrote:
>>>Also if you are a mailwatch user, some features are not compatible with
>>>postfix.
>>
>> What else apart from the mailq thing? That's all I can remember of the
>> top of my cold-swollen (yes, the really bad cold I'm having is
>> probably reducing the oxygenation(sp?) of my brain:) head.
>
> Enhanced reporting of MTA deliveries/rejections (aka Sendmail Relay Log
> watcher). I am trying to do this for postfix using sec (simple event
> correlation engine), more details later on the mailwatch list.

Is this looking for enhanced status codes? If so, don't forget this is
coming with Postfix 2.3 along with DSN (Watch out for privacy with that
one http://www.postfix.org/DSN_README.html)

>
>>>b. A secret craving for World Domination
>>
>> That isn't a secret... any more;).
>
> OOPS..

Better add inability to keep secrets to the list!


-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From rgreen at TRAYERPRODUCTS.COM  Tue Dec  6 12:10:39 2005
From: rgreen at TRAYERPRODUCTS.COM (Rodney Green)
Date: Thu Jan 12 21:31:24 2006
Subject: Log Analysis
Message-ID: <mailman.17617.1137101484.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hello,

Are there any log file analysis programs for MailScanner other than 
MailWatch? I've never been able to get MailWatch to work.

Thanks,
Rod

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mark at PRESLING.COM  Tue Dec  6 12:27:20 2005
From: mark at PRESLING.COM (Mark Presling)
Date: Thu Jan 12 21:31:24 2006
Subject: Log Analysis
Message-ID: <mailman.17618.1137101484.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

MailWatch is fantastic! I really recommend that you spend the time to 
get it going because it really does give you a lot of information and 
the ability to mine for info that you want.

There were a few steps to get it going, but if you follow every step in 
the documentation carefully it works. And again, it's well worth the effort.

Just my 2c.

Mark

Rodney Green wrote:

> Hello,
>
> Are there any log file analysis programs for MailScanner other than 
> MailWatch? I've never been able to get MailWatch to work.
>
> Thanks,
> Rod
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, Text/X-VCARD (charset: UTF-8 "Internet-standard Unicode") ]
    [ (Name: "mark.vcf")  9 lines. ]
    [ Unable to print this part. ]


From maillists at CONACTIVE.COM  Tue Dec  6 12:31:23 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:24 2006
Subject: Whitelisting using 70_sare_whitelist_rcvd.cf
Message-ID: <mailman.17619.1137101484.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Anthony Peacock wrote on         Tue, 6 Dec 2005 09:08:54 -0000:

> That is a SpamAssassin rule file.

one addition: which means that if you want to use it in MailScanner 
instead of SA you have to use different syntax.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Tue Dec  6 12:31:24 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:24 2006
Subject: Not seeing any viruses being detected in my logs.
Message-ID: <mailman.17620.1137101484.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Michael S. wrote on         Mon, 5 Dec 2005 21:08:38 -0500:

> We are getting lots of messages from admin@cia.gov which does contain an 
> attachment but MS is simply saying the scored high and that it got deleted. 
> Well, what about the attachment that comes with that file? I should be 
> seeing F-Secure scanning it, detecting it, reporting the name of the virus 
> followed by either a removal and delete or a delivery to the user. I'm not 
> seeing any of this anymore.

If the stuff is caught as spam there won't be any virus checking.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dhawal at NETMAGICSOLUTIONS.COM  Tue Dec  6 12:34:06 2005
From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy)
Date: Thu Jan 12 21:31:24 2006
Subject: Log Analysis
Message-ID: <mailman.17621.1137101484.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Rodney Green wrote:
> Hello,
> 
> Are there any log file analysis programs for MailScanner other than 
> MailWatch? I've never been able to get MailWatch to work.

http://www2.logwatch.org:8080/ has some hooks for mailscanner (though 
not perfect). The author (not logwatch, but the mailscanner hook 
contributer) should be lurking around somewhere on this list..

Though i'd suggest giving mailwatch another try, take help from the 
mailwatch-users list if required.

- dhawal

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From support-lists at PETDOCTORS.CO.UK  Tue Dec  6 13:49:24 2005
From: support-lists at PETDOCTORS.CO.UK (Nigel kendrick)
Date: Thu Jan 12 21:31:24 2006
Subject: 4.48 and spamassassin warnings
Message-ID: <mailman.17622.1137101484.24926.mailscanner@lists.mailscanner.info>

I've just got around to installing rulesdujour and as it runs it does a
spamassassin --lint to check the config. The results of this test gave
warnings about scores being assigned to undefined rules and this stopped
rulesdujour from doing its stuff. 

Upon checking I found the offending lines in the new mailscanner.cf file
installed with version 4.48. My first worry is that this problem has been
stopping spamassassin from working correctly with MailScanner?

Strangely enough I have gone around and installed rulesdujour on 4
(supposedly) identical systems and only two threw up this error.

Is any action needed on this?

Here are the lines - I have commented them out as necessary on my servers:

# =============== Change SpamAssassin Rules scores ===============

# To Change a SpamAssassin rule Score simply add an uncommented 
# line similar to:
# score SUBJ_ILLEGAL_CHARS 2.1

score   VIRUS_WARNING15   0
score   VIRUS_WARNING28   0
score   VIRUS_WARNING33   0
score   VIRUS_WARNING62   0
score   VIRUS_WARNING66   0
score   VIRUS_WARNING226  0
score   VIRUS_WARNING250  0
score   VIRUS_WARNING300  0
score   VIRUS_WARNING326  0
score   VIRUS_WARNING339  0
score   VIRUS_WARNING340  0

I also don't know if this is related to MailScanner's new install but on TWO
(again) of the systems, 'bogus-virus-warnings.cf' threw up --lint errors and
the file turned out to comprise html from the download site containing a
'forbidden' message referring to the fact that I had downloaded the rule too
many times in the day - as it happens I don't recall installing this rule,
so is it installed by MailScanner? In the end I just deleted the file and
let rulesdujour pick it up again.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From andrea.bazzanini at PREMIEREGLOBAL.IT  Tue Dec  6 13:41:02 2005
From: andrea.bazzanini at PREMIEREGLOBAL.IT (Andrea Bazzanini - ITEXMIL1)
Date: Thu Jan 12 21:31:24 2006
Subject: Store & forward email
Message-ID: <mailman.17623.1137101484.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hello Guys...

I need help for MailScanner :)
I'm using MailScaneer as gateway. All email received from the workd are 
checked by gateway and relayed to exchange. All email created from 
Exchange are send to Mailscanner for checking before send out.

For message coming from world, i need store email localy and send a copy 
to Exchange. For example if i received an email from disney@domain.com 
for maruscya@mydomain.it, this email must be store maruscya box on linux 
and forwared to maruscya@mydomain.it on exchange server.

The user maruscya will download message from exchange not from linux.

My next idea will be install apache on Linux and browse email from web 
interface if exchange is death..


It's possible do my idea with MailScanner ??

FYI: I use Mailscanner with postfix, SpamAssassin, Sophos, ClamAV, FProt

Sorry for my bad english !

Maruscya

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From andrea.bazzanini at PREMIEREGLOBAL.IT  Tue Dec  6 13:56:39 2005
From: andrea.bazzanini at PREMIEREGLOBAL.IT (Andrea Bazzanini - ITEXMIL1)
Date: Thu Jan 12 21:31:24 2006
Subject: Test Message
Message-ID: <mailman.17624.1137101484.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hello !!!

Do you receive my message ?? ?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Tue Dec  6 14:09:10 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:24 2006
Subject: 4.48 and spamassassin warnings
Message-ID: <mailman.17625.1137101484.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----


On 6 Dec 2005, at 13:49, Nigel kendrick wrote:

> I've just got around to installing rulesdujour and as it runs it  
> does a
> spamassassin --lint to check the config. The results of this test gave
> warnings about scores being assigned to undefined rules and this  
> stopped
> rulesdujour from doing its stuff.
>
> Upon checking I found the offending lines in the new mailscanner.cf  
> file
> installed with version 4.48. My first worry is that this problem  
> has been
> stopping spamassassin from working correctly with MailScanner?
>
> Strangely enough I have gone around and installed rulesdujour on 4
> (supposedly) identical systems and only two threw up this error.
>
> Is any action needed on this?
>
> Here are the lines - I have commented them out as necessary on my  
> servers:
>
> # =============== Change SpamAssassin Rules scores ===============
>
> # To Change a SpamAssassin rule Score simply add an uncommented
> # line similar to:
> # score SUBJ_ILLEGAL_CHARS 2.1
>
> score   VIRUS_WARNING15   0
> score   VIRUS_WARNING28   0
> score   VIRUS_WARNING33   0
> score   VIRUS_WARNING62   0

I seem to remember that is the important one, 62.

> score   VIRUS_WARNING66   0
> score   VIRUS_WARNING226  0
> score   VIRUS_WARNING250  0
> score   VIRUS_WARNING300  0
> score   VIRUS_WARNING326  0
> score   VIRUS_WARNING339  0
> score   VIRUS_WARNING340  0
>
> I also don't know if this is related to MailScanner's new install  
> but on TWO
> (again) of the systems, 'bogus-virus-warnings.cf' threw up --lint  
> errors and
> the file turned out to comprise html from the download site  
> containing a
> 'forbidden' message referring to the fact that I had downloaded the  
> rule too
> many times in the day - as it happens I don't recall installing  
> this rule,
> so is it installed by MailScanner? In the end I just deleted the  
> file and
> let rulesdujour pick it up again.

MailScanner doesn't install rules, except its own mailscanner.cf -->  
spam.assassin.prefs.conf file.

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBQ5WbiPw32o+k+q+hAQGEyAgArOJa06fjVpH4j+GgnIkHvGq6CYPyIEiE
ri0KHMXoKohQxZNVJBNgFnKNzKEf0zqe8xg7Cak51i2jseK7ITrjamUF324sS8PM
kLOWd7puG8khFUY5y5D52RbjDFHh7K1qcLaMd/fRF58r7P/olrsdRx1MRwutnU8c
/hijQGJkCIp2sL2ApW458yHa2dREh4eEMsuc018vLhK76ubt8TnQeTpXC7LFmCVy
Ckr6jHyUYcjxc8koi7c+66NhgiewEFcY0NqHmTDG+hgFbK+6feGKpAv48sork+0u
rBKd1cYI9UTh9CjU7hx7g//2/pvixF5fF0eCbn+iDhnfZLwSrGvAjw==
=NU7U
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From andrea.bazzanini at PREMIEREGLOBAL.IT  Tue Dec  6 13:33:55 2005
From: andrea.bazzanini at PREMIEREGLOBAL.IT (Maruscya)
Date: Thu Jan 12 21:31:24 2006
Subject: Store & Forward Email
Message-ID: <mailman.17626.1137101484.24926.mailscanner@lists.mailscanner.info>

Hello Guys...

I need help for MailScanner :)
I'm using MailScaneer as gateway. All email received from the workd are
checked by gateway and relayed to exchange. All email created from Exchange
are send to Mailscanner for checking before send out.

For message coming from world, i need store email localy and send a copy to
Exchange. For example if i received an email from disney@domain.com for
maruscya@mydomain.it, this email must be store maruscya box on linux and
forwared to maruscya@mydomain.it on exchange server.

The user maruscya will download message from exchange not from linux.

My next idea will be install apache on Linux and browse email from web
interface if exchange is death..


It's possible do my idea with MailScanner ??

FYI: I use Mailscanner with postfix, SpamAssassin, Sophos, ClamAV, FProt

Sorry for my bad english !

Maruscya 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From drew at THEMARSHALLS.CO.UK  Tue Dec  6 14:45:17 2005
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:31:24 2006
Subject: Store & Forward Email
Message-ID: <mailman.17627.1137101484.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On Tue, December 6, 2005 13:33, Maruscya wrote:
> Hello Guys...
>
> I need help for MailScanner :)
> I'm using MailScaneer as gateway. All email received from the workd are
> checked by gateway and relayed to exchange. All email created from
> Exchange
> are send to Mailscanner for checking before send out.
>
> For message coming from world, i need store email localy and send a copy
> to
> Exchange. For example if i received an email from disney@domain.com for
> maruscya@mydomain.it, this email must be store maruscya box on linux and
> forwared to maruscya@mydomain.it on exchange server.
>
> The user maruscya will download message from exchange not from linux.
>
> My next idea will be install apache on Linux and browse email from web
> interface if exchange is death..
>
>
> It's possible do my idea with MailScanner ??

Yes :-)
>
> FYI: I use Mailscanner with postfix, SpamAssassin, Sophos, ClamAV, FProt
>
> Sorry for my bad english !

No worries, it's not the worst I have seen.

The obvious move, if you want to be able access the mail via 'webmail'
just in case would be to create two aliases for you users in Postfix's
virtual mail map file and make some corresponding entries in the virtual
mail box map. So what you have is:

virtual-aliases

maruscya@mydomain.it marcuscya@gateway.maydomain.it 
marcuscya@exchange.mydomain.it

virtual-mailbox-maps

marcuscya@gateway.maydomain.it  /path/to/virt/mailboxes/marcuscya/.maildir/

transport-map

exchange.mydomain.it  relay:[ip.add.exchane.box]

postmap all of these files and amend Postfix's main.cf appropriately

I would then use something like Courier to manage the IMAP connection and
set the imap.cf file to delete mail in the inbox over x days old so you
don't have Gb's of mail that you users won't need (Unless you need/ want
to retain an archive).

This will then have all your mail scanned by MailScanner with one copy
dropped into individual gateway mailboxes and to the Exchange box, which
is what I think you want to do?

Drew





-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From lbergman at WTXS.NET  Tue Dec  6 14:52:38 2005
From: lbergman at WTXS.NET (Lewis Bergman)
Date: Thu Jan 12 21:31:24 2006
Subject: Log Analysis
Message-ID: <mailman.17628.1137101484.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Rodney Green wrote:
> Hello,
> 
> Are there any log file analysis programs for MailScanner other than 
> MailWatch? I've never been able to get MailWatch to work.
> 
There are some for sendmail like awstats. I don't know if it would do 
something with mailscanner or not.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From support-lists at PETDOCTORS.CO.UK  Tue Dec  6 14:54:19 2005
From: support-lists at PETDOCTORS.CO.UK (Nigel kendrick)
Date: Thu Jan 12 21:31:24 2006
Subject: 4.48 and spamassassin warnings
Message-ID: <mailman.17629.1137101484.24926.mailscanner@lists.mailscanner.info>

 >MailScanner doesn't install rules, except its own mailscanner.cf -->
spam.assassin.prefs.conf file.

I didn't think so but I thought I'd ask.

To which .cf file (or other part of spamassassin config?) do the
VIRUS_WARNINGS lines refer - maybe I have something missing? I have grepped
all the installed .cf files and cannot find a match.

Thanks

Nigel Kendrick

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From martinh at SOLID-STATE-LOGIC.COM  Tue Dec  6 15:00:54 2005
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:31:24 2006
Subject: 4.48 and spamassassin warnings
Message-ID: <mailman.17630.1137101484.24926.mailscanner@lists.mailscanner.info>

Nigel

The spam.assassin.prefs.conf might have them commented out, but you should
only remove the comments if you are running the bogus_virus_warnings.cf from
rules_du_jour.

I'd check you are running a modern RDJ so that it's picking up the rules
from the correct place.

--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Nigel kendrick
> Sent: 06 December 2005 14:54
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: [MAILSCANNER] 4.48 and spamassassin warnings
> 
>  >MailScanner doesn't install rules, except its own mailscanner.cf -->
> spam.assassin.prefs.conf file.
> 
> I didn't think so but I thought I'd ask.
> 
> To which .cf file (or other part of spamassassin config?) do the
> VIRUS_WARNINGS lines refer - maybe I have something missing? I have
> grepped
> all the installed .cf files and cannot find a match.
> 
> Thanks
> 
> Nigel Kendrick
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ugob at CAMO-ROUTE.COM  Tue Dec  6 14:33:46 2005
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:31:24 2006
Subject: 4.48 and spamassassin warnings
Message-ID: <mailman.17631.1137101484.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Nigel kendrick wrote:
> I've just got around to installing rulesdujour and as it runs it does a
> spamassassin --lint to check the config. The results of this test gave
> warnings about scores being assigned to undefined rules and this stopped
> rulesdujour from doing its stuff. 
> 
> Upon checking I found the offending lines in the new mailscanner.cf file
> installed with version 4.48. My first worry is that this problem has been
> stopping spamassassin from working correctly with MailScanner?
> 
> Strangely enough I have gone around and installed rulesdujour on 4
> (supposedly) identical systems and only two threw up this error.
> 
> Is any action needed on this?
> 
> Here are the lines - I have commented them out as necessary on my servers:
> 
> # =============== Change SpamAssassin Rules scores ===============
> 
> # To Change a SpamAssassin rule Score simply add an uncommented 
> # line similar to:
> # score SUBJ_ILLEGAL_CHARS 2.1
> 
> score   VIRUS_WARNING15   0
> score   VIRUS_WARNING28   0
> score   VIRUS_WARNING33   0
> score   VIRUS_WARNING62   0
> score   VIRUS_WARNING66   0
> score   VIRUS_WARNING226  0
> score   VIRUS_WARNING250  0
> score   VIRUS_WARNING300  0
> score   VIRUS_WARNING326  0
> score   VIRUS_WARNING339  0
> score   VIRUS_WARNING340  0
> 
> I also don't know if this is related to MailScanner's new install but on TWO
> (again) of the systems, 'bogus-virus-warnings.cf' threw up --lint errors and
> the file turned out to comprise html from the download site containing a
> 'forbidden' message referring to the fact that I had downloaded the rule too
> many times in the day - as it happens I don't recall installing this rule,
> so is it installed by MailScanner? In the end I just deleted the file and
> let rulesdujour pick it up again.
> 

Please post the errors.

-- 
Ugo

-> Please don't send a copy of your reply by e-mail.  I read the list.
-> Please avoid top-posting, long signatures and HTML, and cut the 
irrelevant parts in your replies.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From admin at thenamegame.com  Tue Dec  6 15:09:05 2005
From: admin at thenamegame.com (Michael S.)
Date: Thu Jan 12 21:31:24 2006
Subject: Not seeing any viruses being detected in my logs.
Message-ID: <mailman.17632.1137101484.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

That^Òs interesting because this must have changed then. We used to see it
say a message was spam followed by description of the virus found in the
logs and my MailScanner-MRTG script that records the number of occurrences
of spam and viruses is now off because of it.

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Kai Schaetzl
Sent: Tuesday, December 06, 2005 7:31 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Not seeing any viruses being detected in my logs.

Michael S. wrote on         Mon, 5 Dec 2005 21:08:38 -0500:

> We are getting lots of messages from admin@cia.gov which does contain an 
> attachment but MS is simply saying the scored high and that it got
deleted. 
> Well, what about the attachment that comes with that file? I should be 
> seeing F-Secure scanning it, detecting it, reporting the name of the virus

> followed by either a removal and delete or a delivery to the user. I'm not

> seeing any of this anymore.

If the stuff is caught as spam there won't be any virus checking.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jstork at pbco.ca  Tue Dec  6 15:09:10 2005
From: jstork at pbco.ca (Johnny Stork)
Date: Thu Jan 12 21:31:24 2006
Subject: MailScanner ANNOUNCE: 4.48 released -Upgrade didnt work??
Message-ID: <mailman.17633.1137101484.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Argh!!!! How could I be so stupid and miss this. You're right. So now what can I remove/delete from that failed and wrong install so I dont break anything?
 

 


----- Original Message -----
From: Kai Schaetzl 
Sent: Mon Dec 05 2005 18:33:57 GMT-0800 (Pacific Standard Time)
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: MailScanner ANNOUNCE: 4.48 released -Upgrade didnt work??

Johnny Stork wrote on         Mon, 5 Dec 2005 16:47:02 -0800:

> 3: What do I need to do to correctly upgrade to 4.48

I think you downloaded the tar.gz for "other systems" instead of the 
tar.gz for Red Hat. Get the right one. That tar.gz contains an rpm and you 
probably will just want to run rpm -Uvh MailScanner*.rpm, nothing else, as 
Scott suggested. 

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From sailer at BNL.GOV  Tue Dec  6 15:08:03 2005
From: sailer at BNL.GOV (Tim Sailer)
Date: Thu Jan 12 21:31:24 2006
Subject: Log Analysis
Message-ID: <mailman.17634.1137101484.24926.mailscanner@lists.mailscanner.info>

On Tue, Dec 06, 2005 at 07:10:39AM -0500, Rodney Green wrote:
> Hello,
> 
> Are there any log file analysis programs for MailScanner other than 
> MailWatch? I've never been able to get MailWatch to work.

Depending on what you want to do with the log files Vispan will
spit out some stats and graphs.

Tim

-- 
Tim Sailer <sailer@bnl.gov> 
Information and Special Technologies Program
Office of Counterintelligence 
Brookhaven National Laboratory  (631) 344-3001

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Tue Dec  6 15:31:25 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:24 2006
Subject: Test Message
Message-ID: <mailman.17635.1137101484.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

all three, yes :-)

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Tue Dec  6 15:31:25 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:24 2006
Subject: 4.48 and spamassassin warnings
Message-ID: <mailman.17636.1137101484.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Nigel kendrick wrote on         Tue, 6 Dec 2005 13:49:24 -0000:

> score   VIRUS_WARNING15   0

I think you have to enable the SA AutoVirus plugin and I also think these 
rules are not installed by default (that is if not enabled there shouldn't 
be a lint error, because the rules aren't present).

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From drew at THEMARSHALLS.CO.UK  Tue Dec  6 15:35:40 2005
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:31:24 2006
Subject: Other blocked content ruleset
Message-ID: <mailman.17637.1137101484.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On Mon, December 5, 2005 21:29, Drew Marshall wrote:
> Guys
>
> Can you help a poor old soul who cant see the wood for trees any more?
>
> I want to create a ruleset based around this criteria:
>
>  From MailScanner.conf
>
> # *If* "Notify Senders" is set to yes, do you want to notify people
> # who sent you messages containing other blocked content, such as
> # partial messages or messages with external bodies?
> # This can also be the filename of a ruleset.
> Notify Senders Of Other Blocked Content = %rules-dir%/
> blocked.content.rules
>
> What I want to put in the ruleset is:
>
> <Some string that I can't work out>		too small	no
> <Some string that I can't work out>		Default		yes
>
> i.e. I want to *not* send a notification for attachments that are too
> small but I do still want to send notifications for any of the other
> blocked content. As you can see, could some one fill in my blank
> space and stop my maillog filling with 'Syntax error in first field
> in line 3 of ruleset' as my wall can't take my more head bashing!

I really must stop replying to myself!

I still haven't found any answer to this. Anyone got any clues? Julian,
please?

Drew


-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Tue Dec  6 15:42:13 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:24 2006
Subject: Other blocked content ruleset
Message-ID: <mailman.17638.1137101484.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----

Sorry, there aren't any "Notify Senders Of" rules that you can split  
this finely.
You would have to do this with a Custom Function looking at the  
message properties and work out what rules it hit.

On 6 Dec 2005, at 15:35, Drew Marshall wrote:

> On Mon, December 5, 2005 21:29, Drew Marshall wrote:
>> Guys
>>
>> Can you help a poor old soul who cant see the wood for trees any  
>> more?
>>
>> I want to create a ruleset based around this criteria:
>>
>>  From MailScanner.conf
>>
>> # *If* "Notify Senders" is set to yes, do you want to notify people
>> # who sent you messages containing other blocked content, such as
>> # partial messages or messages with external bodies?
>> # This can also be the filename of a ruleset.
>> Notify Senders Of Other Blocked Content = %rules-dir%/
>> blocked.content.rules
>>
>> What I want to put in the ruleset is:
>>
>> <Some string that I can't work out>		too small	no
>> <Some string that I can't work out>		Default		yes
>>
>> i.e. I want to *not* send a notification for attachments that are too
>> small but I do still want to send notifications for any of the other
>> blocked content. As you can see, could some one fill in my blank
>> space and stop my maillog filling with 'Syntax error in first field
>> in line 3 of ruleset' as my wall can't take my more head bashing!
>
> I really must stop replying to myself!
>
> I still haven't found any answer to this. Anyone got any clues?  
> Julian,
> please?
>
> Drew
>
>
> -- 
> In line with our policy, this message has
> been scanned for viruses and dangerous
> content by MailScanner, and is believed to be clean.
> www.themarshalls.co.uk/policy
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBQ5WxWPw32o+k+q+hAQGcqwgAkuhEILbMxytoAQgz5Z0p+Ne/XXIewc8H
yABw3tAPWWw1C0IE6jK1EwQuzMyhCaOEAiNW1uVFm05xr3a8T1IXMU/KZ6mjNgJ2
ATsv12zrvy8ouNVJdMfabknL5b7PCziUpU3pmztnb/0hLcwfNeYTAzFa4Bi7lMC4
ljLhO5jufS50zdH8XnDO2RspAZS/DFVoA3D3uD/YykCuc8RAaNHlXd04awLelpbR
BO2D3xon46DbQZTQsZjeFcQIzeEuAxpqyi9Jemi81hIWkrITe6jsVkltsFDVSXwP
0qhTn+ZqV/I1N3gPw1MLXB/G6NTg8HZOE0KQXLrONrtI/2FxLJd9mA==
=DnJW
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From drew at THEMARSHALLS.CO.UK  Tue Dec  6 15:56:09 2005
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:31:24 2006
Subject: Other blocked content ruleset
Message-ID: <mailman.17639.1137101484.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On Tue, December 6, 2005 15:42, Julian Field wrote:
> Sorry, there aren't any "Notify Senders Of" rules that you can split
> this finely.
> You would have to do this with a Custom Function looking at the
> message properties and work out what rules it hit.

Thanks for the reply Jules (Even if it wasn't the easy reply I would have
liked :-) )

Time to roll my custom function sleeves up...

Drew


-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Tue Dec  6 15:51:52 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:24 2006
Subject: MailScanner stoped working after PERL upgrade (I think so)
Message-ID: <mailman.17640.1137101484.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "UTF-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Boris Jordanov / Ð^ÑоÑ^ÀиÑ^Á Ð^ÙоÑ^Àданов spake the following on 12/5/2005 11:08 PM:
> Julian Field wrote:
> 
>>Something is very wrong with your system. Here's what I get with your
>>message:
>>
>>MsgContSize=635 DataOffset=346 NumRecips=1
>>Content size = 635
>>Data offset  = 346
>>Num Recips   = 1
>>
>>which looks fine to me.
> 
> 
> I see...
> Where should I look, can I test MailTools somehow?
> 
Did your perl upgrade make a new perl directory?
I once did a perl upgrade on an old Redhat 7.3 install and I had 2 perls
afterward, with some of my modules in different spots.
I had to kill the old perl directory, re-install the upgrade, and then
re-install all the needed modules.

-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From rcooper at DWFORD.COM  Tue Dec  6 16:16:37 2005
From: rcooper at DWFORD.COM (Rick Cooper)
Date: Thu Jan 12 21:31:24 2006
Subject: Log Analysis
Message-ID: <mailman.17641.1137101484.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> Behalf Of Mark Presling
> Sent: Tuesday, December 06, 2005 7:27 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Log Analysis
>
>
> MailWatch is fantastic! I really recommend that you spend the time to
> get it going because it really does give you a lot of information and
> the ability to mine for info that you want.
>
> There were a few steps to get it going, but if you follow every step in
> the documentation carefully it works. And again, it's well worth
> the effort.
>

I have never gotten MailWatch working either. Mysql always denies access to
the MailWatch user, even it has full priv to all hosts and all databases. I
can go to the command line and connect to the database with *exactly* the
same parameters that the MailWatch error gets a denied from, so there is
something in the code that is wrong, or it's using the wrong protocol or
something. I have never really bothered to determine what is wrong as I use
this particular MySql host for about 50 databases and ever single
application (third party or mine) can connect the first time every time
except MailWatch. Granted I use mostly php and not perl. Furthermore I
created a php page that displays the user table from MailWatch's mailscanner
database using the exact same host, table, user and password as it set in
MailWatch.pm and it connects and works fine. I can use the MailWatch
information to connect/update/insert/delete data in the mailscanner
database from any application except MailWatch. In fact I can actually use
the MailWatch php frontend and it works fine, except of course there is
nothing being logged but the SA rules import and GeoIp stuff updates fine as
well. I have the latest DBI, MySql 4.1.12, everything else tests fine so I
am at a loss as to what the problem is. Perhaps I will look at it again
today.

And to make it more interesting when you try and stop mailscanner it hangs
and requires a kill command to die.

Rick


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Tue Dec  6 16:03:14 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:25 2006
Subject: Not seeing any viruses being detected in my logs.
Message-ID: <mailman.17642.1137101484.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "windows-1252" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Michael S. spake the following on 12/6/2005 7:09 AM:
> That^Òs interesting because this must have changed then. We used to see it
> say a message was spam followed by description of the virus found in the
> logs and my MailScanner-MRTG script that records the number of occurrences
> of spam and viruses is now off because of it.
> 
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
> Of Kai Schaetzl
> Sent: Tuesday, December 06, 2005 7:31 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Not seeing any viruses being detected in my logs.
> 
> Michael S. wrote on         Mon, 5 Dec 2005 21:08:38 -0500:
> 
> 
>>We are getting lots of messages from admin@cia.gov which does contain an 
>>attachment but MS is simply saying the scored high and that it got
> 
> deleted. 
> 
>>Well, what about the attachment that comes with that file? I should be 
>>seeing F-Secure scanning it, detecting it, reporting the name of the virus
> 
> 
>>followed by either a removal and delete or a delivery to the user. I'm not
> 
> 
>>seeing any of this anymore.
> 
> 
> If the stuff is caught as spam there won't be any virus checking.
> 
> Kai
> 
I think the old trick of adding a forward to the spam actions will kick
in a virus scan;
http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/277.html

I'm sure Julian will add his comment if it doesn't work anymore.


-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From pparsons at COLUMBIAFUELS.COM  Tue Dec  6 16:22:19 2005
From: pparsons at COLUMBIAFUELS.COM (Philip Parsons)
Date: Thu Jan 12 21:31:25 2006
Subject: Log Analysis
Message-ID: <mailman.17643.1137101485.24926.mailscanner@lists.mailscanner.info>

Vispan is good as it can also add rules to your iptables to block ip's
that spam you.. http://www.while.homeunix.net/mailstats/ 

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of Rodney Green
Sent: Tuesday, December 06, 2005 4:11 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Log Analysis

Hello,

Are there any log file analysis programs for MailScanner other than
MailWatch? I've never been able to get MailWatch to work.

Thanks,
Rod

--
This message has been scanned for viruses and dangerous content by
MailScanner, and is believed to be clean.

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From andrea.bazzanini at PREMIEREGLOBAL.IT  Tue Dec  6 16:25:25 2005
From: andrea.bazzanini at PREMIEREGLOBAL.IT (Andrea Bazzanini - ITEXMIL1)
Date: Thu Jan 12 21:31:25 2006
Subject: Store & Forward Email
Message-ID: <mailman.17644.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Drew Marshall wrote:Thanks !!  :)

>virtual-aliases
>
>maruscya@mydomain.it marcuscya@gateway.maydomain.it 
>marcuscya@exchange.mydomain.it
>  
>
I think that all address is writed on one line only !?!?
I search the viartual-alias on configuration parameters, but i can't 
find it... i found only virtual_alias_maps ...


>virtual-mailbox-maps
>
>marcuscya@gateway.maydomain.it  /path/to/virt/mailboxes/marcuscya/.maildir/
>  
>
The same problem.. i found only virtual_mailbox_maps

>transport-map
>
>exchange.mydomain.it  relay:[ip.add.exchane.box]
>  
>
I use domain.example  smtp:[IP] is it ok or i need change into Relay:[ip]?

>I would then use something like Courier to manage the IMAP connection and
>set the imap.cf file to delete mail in the inbox over x days old so you
>don't have Gb's of mail that you users won't need (Unless you need/ want
>to retain an archive).
>  
>
The first step is create a copy :) The second step is store last 30 days !

>This will then have all your mail scanned by MailScanner with one copy
>dropped into individual gateway mailboxes and to the Exchange box, which
>is what I think you want to do?
>  
>
Only one question... I receive email like maruscya@domain.it i must 
forward to exchange the same address. I cannot change domain into 
maruscya@exchange.mydomain.it (my KnowHow on exchange is low at the 
moment) Is it a problem??

Thanks a lot for your help.

Maruscya!!!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Tue Dec  6 16:31:30 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:25 2006
Subject: MailScanner ANNOUNCE: 4.48 released -Upgrade didnt work??
Message-ID: <mailman.17645.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Johnny Stork wrote on         Tue, 6 Dec 2005 07:09:10 -0800:

> So now what can I remove/delete from that failed and 
> wrong install so I dont break anything?

Everything in /op/mailscanner or where it resides. I don't know if it 
installs anything else, f.i. to /etc/mail/spamassassin.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dhawal at NETMAGICSOLUTIONS.COM  Tue Dec  6 16:42:40 2005
From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy)
Date: Thu Jan 12 21:31:25 2006
Subject: Log Analysis
Message-ID: <mailman.17646.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Rick Cooper wrote:
>>-----Original Message-----
>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
>>
>>MailWatch is fantastic! I really recommend that you spend the time to
>>get it going because it really does give you a lot of information and
>>the ability to mine for info that you want.
> 
> I have never gotten MailWatch working either. Mysql always denies access to
> the MailWatch user, even it has full priv to all hosts and all databases. I
[SNIP]

Rick,

The MailWatch.pm file is very finicky about the DBI/DBD version. You 
might want to bring up this issue (if the interest still exists) once 
again on the mailwatch-users lists.

- dhawal

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Tue Dec  6 16:44:41 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:25 2006
Subject: Other blocked content ruleset
Message-ID: <mailman.17647.1137101485.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----


On 6 Dec 2005, at 15:56, Drew Marshall wrote:

> On Tue, December 6, 2005 15:42, Julian Field wrote:
>> Sorry, there aren't any "Notify Senders Of" rules that you can split
>> this finely.
>> You would have to do this with a Custom Function looking at the
>> message properties and work out what rules it hit.
>
> Thanks for the reply Jules (Even if it wasn't the easy reply I  
> would have
> liked :-) )
>
> Time to roll my custom function sleeves up...

To start you off, you want to attach the Custom Function to "Notify  
Senders Of Other Blocked Content". In the $message object, look for  
the string
MailScanner::Config::LanguageValue($message, 'attachmenttoosmall')
in values(%{$message->{otherreports}})
giving you something like this:

my $lookfor = MailScanner::Config::LanguageValue($message,  
'attachmenttoosmall');
foreach my $search (values( %{$message->{otherreports}} )) {
   return 0 if $search =~ /$lookfor/i;
}
return 1;

Contributions for writing the hard bit for you are gratefully  
accepted :-)
- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBQ5W//Pw32o+k+q+hAQGfkggAjVMsXJSU4297RWrCFtvisNnFfRSpoI92
2t5Oj1Ikoci2Svl2f4VToAclJVbQzE0MJoKA6LN0N4WNxFjQ3yat4CiKNgvbz4mS
FWP/HfUHWxEI5mxl+p67qcac7S+waKxDO/EgMzxDDZlAHU/fNhQErmng0CMKjW6+
VTmEgbV+4fm3lncCnOiXokdMQbisLRmF13RukHhA+ROW2mVAQbcI6zE5/KSv2QZN
WvACSDxq9O6wxIcKvQ4nV8koxIIETt7iVwFcZ2B9C1yvlBBlvSW2dV+133d4/Trl
DEBGj1N37Cols7WUy37iNhjcqaHSU5Uim7od4ZwqAhbbOxZz+SoBdg==
=yEDD
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From drew at THEMARSHALLS.CO.UK  Tue Dec  6 17:06:25 2005
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:31:25 2006
Subject: Store & Forward Email
Message-ID: <mailman.17648.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On Tue, December 6, 2005 16:25, Andrea Bazzanini - ITEXMIL1 wrote:
> Drew Marshall wrote:Thanks !!  :)
>
>>virtual-aliases
>>
>>maruscya@mydomain.it marcuscya@gateway.maydomain.it
>>marcuscya@exchange.mydomain.it
>>
>>
> I think that all address is writed on one line only !?!?

Yes, sorry got wrapped by my webmail.

> I search the viartual-alias on configuration parameters, but i can't
> find it... i found only virtual_alias_maps ...

That's the one. Sorry I didn't spell it out very well (As you can all the
file anything you want) but in main.cf the parameter is virtual_alias_maps
= /path/to/virt_alias_maps/file. Likewise for virtual_mailbox_maps.

>
>
>>virtual-mailbox-maps
>>
>>marcuscya@gateway.maydomain.it
>> /path/to/virt/mailboxes/marcuscya/.maildir/
>>
>>
> The same problem.. i found only virtual_mailbox_maps
>
>>transport-map
>>
>>exchange.mydomain.it  relay:[ip.add.exchane.box]
>>
>>
> I use domain.example  smtp:[IP] is it ok or i need change into Relay:[ip]?

No you can use either. relay tells postfix to relay the mail to the IP
address using any transport type, smtp: tells Postfix to relay the message
using smtp to the IP address specified.
>
>>I would then use something like Courier to manage the IMAP connection and
>>set the imap.cf file to delete mail in the inbox over x days old so you
>>don't have Gb's of mail that you users won't need (Unless you need/ want
>>to retain an archive).
>>
>>
> The first step is create a copy :) The second step is store last 30 days !
>
>>This will then have all your mail scanned by MailScanner with one copy
>>dropped into individual gateway mailboxes and to the Exchange box, which
>>is what I think you want to do?
>>
>>
> Only one question... I receive email like maruscya@domain.it i must
> forward to exchange the same address. I cannot change domain into
> maruscya@exchange.mydomain.it (my KnowHow on exchange is low at the
> moment) Is it a problem??

No, I don't think so (Although I have never tried!) just make the alias
maps read:

maruscya@mydomain.it marcuscya@gateway.maydomain.it marcuscy@mydomain.it

make sure you add gateway.mydomain.it as local is main.cf so Postfix knows
to deliver this mail locally.

>
> Thanks a lot for your help.

No worries

Drew


-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From rcooper at DWFORD.COM  Tue Dec  6 17:21:13 2005
From: rcooper at DWFORD.COM (Rick Cooper)
Date: Thu Jan 12 21:31:25 2006
Subject: Log Analysis
Message-ID: <mailman.17649.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> Behalf Of Dhawal Doshy
> Sent: Tuesday, December 06, 2005 11:43 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Log Analysis
>
>
> Rick Cooper wrote:
> >>-----Original Message-----
> >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> >>
> >>MailWatch is fantastic! I really recommend that you spend the time to
> >>get it going because it really does give you a lot of information and
> >>the ability to mine for info that you want.
> >
> > I have never gotten MailWatch working either. Mysql always
> denies access to
> > the MailWatch user, even it has full priv to all hosts and all
> databases. I
> [SNIP]
>
> Rick,
>
> The MailWatch.pm file is very finicky about the DBI/DBD version. You
> might want to bring up this issue (if the interest still exists) once
> again on the mailwatch-users lists.
>
> - dhawal

I don't think so. I hear good things about it but I am really suspect of a
program that cannot do the important, and really most basic, task it needs
to function. The same information from the MailWatch.pm works fine in the
php front end. I personally use DBI:mysql in a couple of perl daemons and I
have never had an issue, have never had to scratch my head and wonder WTF. I
have glanced (glanced) at the code and I don't see any reason this program
should perform differently than any other using the DBI mod. Not worth
digging through trying to come up with the problem.

Rick


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Tue Dec  6 17:31:20 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:25 2006
Subject: Log Analysis
Message-ID: <mailman.17650.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Rick Cooper wrote on         Tue, 6 Dec 2005 11:16:37 -0500:

> I have never gotten MailWatch working either. Mysql always denies access to 
> the MailWatch user, even it has full priv to all hosts and all databases.

Then your Mailwatch simply doesn't use the credentials you *think* it does 
use. If you want to get it running go to the Mailwatch list. Oh, you are not 
talking about the frontend, but Mailwatch.pm, then there's the problem, your 
credentials don't get used or SELinux is in the way if that is enabled.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jaearick at COLBY.EDU  Tue Dec  6 18:32:28 2005
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:31:25 2006
Subject: Convert-BinHex-1.119: old and crusty?
Message-ID: <mailman.17651.1137101485.24926.mailscanner@lists.mailscanner.info>

Gang,
I was attempting to rebuild and reinstall Convert-BinHex-1.119
on a Solaris 9 system running perl 5.8.7.  I got the following:

(15)> perl Makefile.PL
Writing Makefile for Convert::BinHex
(16)> gmake
Manifying blib/man3/Convert::BinHex.3
(17)> gmake test
PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t
t/comp2bin....Can't locate package Exporter for @Checker::ISA at t/comp2bin.t line 3.
Undefined subroutine &main::check called at t/comp2bin.t line 75.
t/comp2bin....dubious
         Test returned status 255 (wstat 65280, 0xff00)
DIED. FAILED tests 1-9
         Failed 9/9 tests, 0.00% okay
Failed Test  Stat Wstat Total Fail  Failed  List of Failed
-------------------------------------------------------------------------------
t/comp2bin.t  255 65280     9   18 200.00%  1-9
Failed 1/1 test scripts, 0.00% okay. 9/9 subtests failed, 0.00% okay.
gmake: *** [test_dynamic] Error 255

I have no clue why this failed.  Ideas?  A check of CPAN shows that
this module has not been updated since 1997 -- it is old and crusty.
The CPAN test info also shows failures noted against Solaris 8.
Julian, maybe this is too old for a modern MailScanner...

Jeff Earickson
Colby College

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From rcooper at DWFORD.COM  Tue Dec  6 18:50:24 2005
From: rcooper at DWFORD.COM (Rick Cooper)
Date: Thu Jan 12 21:31:25 2006
Subject: Log Analysis
Message-ID: <mailman.17652.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> Behalf Of Kai Schaetzl
> Sent: Tuesday, December 06, 2005 12:31 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Log Analysis
>
>
> Rick Cooper wrote on         Tue, 6 Dec 2005 11:16:37 -0500:
>
> > I have never gotten MailWatch working either. Mysql always
> denies access to
> > the MailWatch user, even it has full priv to all hosts and all
> databases.
>
> Then your Mailwatch simply doesn't use the credentials you
> *think* it does
> use. If you want to get it running go to the Mailwatch list. Oh,
> you are not
> talking about the frontend, but Mailwatch.pm, then there's the
> problem, your
> credentials don't get used or SELinux is in the way if that is enabled.
>

No SeLinux, and I have created a MailScanner log line right before the
connect call and it outputs the correct host user database password,
everything. And the MailWatch error returned from mysql has the same
information, sans the password of course. I can copy past the information
from the MailScanner log and connect from the same host, or any other host
that has mysql access to that host. I have tried OLD_PASSWORD format and new
it allways says access denied from user MailWatch@host

Here I just whipped this up and it runs fine, from localhost, from the
actual server host from 127.0.0.1
Obviously I have changed the actual username and password but they are
copy/pased directly from MailWatch and I even called the connect from a sub
as does MailWatch:

#!/usr/bin/perl
use strict;
use DBI;

my ($dbh);
my ($db_host) = '127.0.0.1';
my ($db_name) = 'mailscanner';
my ($db_user) = 'UserName';
my ($db_pass) = 'Password';
my ($dsn) = "DBI:mysql:$db_name:$db_host";
DoSomething();

sub DoSomething{
$dbh = DBI->connect($dsn, $db_user, $db_pass);
   if ($dbh) {
    	print "Connected to $dsn as $db_user with $db_pass\n";
   }else{
            print "FAILED to connect: $dsn as $db_user with $db_pass\n";
   }
}

So somewhere in the MailScanner/MailWatch calls something is being handled
poorly. The only change between this and the MailWatch code is the use of
$dsn and I tried that in MailWatch without luck. I suppose I will look at it
someday

Rick


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Tue Dec  6 19:12:21 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:25 2006
Subject: Convert-BinHex-1.119: old and crusty?
Message-ID: <mailman.17653.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The MIME-tools package uses Convert::BinHex to handle old Mac binaries. 
1.119 is the most recent, but very old, version there is. It should work 
okay, they are both written by the same person.

You could try contacting him at eryq@zeegee.com but I wouldn't hold out 
much hope, he has passed MIME-tools support to others. See 
http://search.cpan.org/~dskoll/ for more info of what modules David 
Skoll supports. He's a busy guy, but I have worked with him a few times 
and he is very good. Phrase your subject line very carefully, in order 
to attract his attention and interest. He doesn't explicitly support 
Convert::BinHex but he may be able to help you out.


Jeff A. Earickson wrote:

> Gang,
> I was attempting to rebuild and reinstall Convert-BinHex-1.119
> on a Solaris 9 system running perl 5.8.7.  I got the following:
>
> (15)> perl Makefile.PL
> Writing Makefile for Convert::BinHex
> (16)> gmake
> Manifying blib/man3/Convert::BinHex.3
> (17)> gmake test
> PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" 
> "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t
> t/comp2bin....Can't locate package Exporter for @Checker::ISA at 
> t/comp2bin.t line 3.
> Undefined subroutine &main::check called at t/comp2bin.t line 75.
> t/comp2bin....dubious
>         Test returned status 255 (wstat 65280, 0xff00)
> DIED. FAILED tests 1-9
>         Failed 9/9 tests, 0.00% okay
> Failed Test  Stat Wstat Total Fail  Failed  List of Failed
> ------------------------------------------------------------------------------- 
>
> t/comp2bin.t  255 65280     9   18 200.00%  1-9
> Failed 1/1 test scripts, 0.00% okay. 9/9 subtests failed, 0.00% okay.
> gmake: *** [test_dynamic] Error 255
>
> I have no clue why this failed.  Ideas?  A check of CPAN shows that
> this module has not been updated since 1997 -- it is old and crusty.
> The CPAN test info also shows failures noted against Solaris 8.
> Julian, maybe this is too old for a modern MailScanner...


- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQA/AwUBQ5XimhH2WUcUFbZUEQLrTwCfc11spsvBGRsP4G+i4/+Dk+uG+lIAn0qq
4+9Rj8ueHZRrnI/3hDF2YwtN
=w+Ke
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dhawal at NETMAGICSOLUTIONS.COM  Tue Dec  6 19:56:36 2005
From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy)
Date: Thu Jan 12 21:31:25 2006
Subject: Log Analysis
Message-ID: <mailman.17654.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "utf-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Rick Cooper writes:
>> -----Original Message-----
>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
>> Behalf Of Dhawal Doshy
>> Sent: Tuesday, December 06, 2005 11:43 AM
>> To: MAILSCANNER@JISCMAIL.AC.UK
>> Subject: Re: Log Analysis 
>>
>> Rick Cooper wrote:
>> >>-----Original Message-----
>> >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
>> >>
>> >>MailWatch is fantastic! I really recommend that you spend the time to
>> >>get it going because it really does give you a lot of information and
>> >>the ability to mine for info that you want.
>> >
>> > I have never gotten MailWatch working either. Mysql always
>> denies access to
>> > the MailWatch user, even it has full priv to all hosts and all
>> databases. I
>> [SNIP] 
>>
>> Rick, 
>>
>> The MailWatch.pm file is very finicky about the DBI/DBD version. You
>> might want to bring up this issue (if the interest still exists) once
>> again on the mailwatch-users lists.
> 
> I don't think so. I hear good things about it but I am really suspect of a
> program that cannot do the important, and really most basic, task it needs
> to function. The same information from the MailWatch.pm works fine in the
> php front end. I personally use DBI:mysql in a couple of perl daemons and I
> have never had an issue, have never had to scratch my head and wonder WTF. I
> have glanced (glanced) at the code and I don't see any reason this program
> should perform differently than any other using the DBI mod. Not worth
> digging through trying to come up with the problem.

The MailWatch front-end uses php to talk to the database and has nothing to 
do with perl.. It is only the MailWatch.pm file that hooks on to mailscanner 
(not mailwatch) and logs to the database. 

Anyways, i have zero benefit from you using mailwatch, though a lot of us do 
and do so quite well. btw a quick check on the mailwatch-users archive 
doesn't show any postings from you, looks like you are complaining about 
mailwatch without asking for any help ever.. 

 - dhawal

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From rgreen at TRAYERPRODUCTS.COM  Tue Dec  6 20:13:55 2005
From: rgreen at TRAYERPRODUCTS.COM (Rodney Green)
Date: Thu Jan 12 21:31:25 2006
Subject: Log Analysis
Message-ID: <mailman.17655.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Thanks everyone. I successfully got Vispan working. The stats it 
provides are good enough for me right now. I just wanted to stats on the 
number of virus infected and spam messages.

Rod

Tim Sailer wrote:
> On Tue, Dec 06, 2005 at 07:10:39AM -0500, Rodney Green wrote:
>   
>> Hello,
>>
>> Are there any log file analysis programs for MailScanner other than 
>> MailWatch? I've never been able to get MailWatch to work.
>>     
>
> Depending on what you want to do with the log files Vispan will
> spit out some stats and graphs.
>
> Tim
>
>   

-- 
Rodney Green
Network/Security Administrator
Trayer Products, Inc.
/rgreen@trayerproducts.com /
/607-734-8124 Ext. 343
Security+ Certified
/
Honor the Fallen <http://www.militarycity.com/valor/honor.html>

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From michele at BLACKNIGHT.IE  Tue Dec  6 20:15:43 2005
From: michele at BLACKNIGHT.IE (Michele Neylon:: Blacknight.ie)
Date: Thu Jan 12 21:31:25 2006
Subject: Log Analysis
Message-ID: <mailman.17656.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Rodney Green wrote:
> Thanks everyone. I successfully got Vispan working. The stats it
> provides are good enough for me right now. I just wanted to stats on the
> number of virus infected and spam messages.
> 
Vispan is very handy, but I'd love to "take it to the next level"...

-- 
Mr Michele Neylon
Blacknight Solutions
Quality Business Hosting & Colocation
http://www.blacknight.ie/
Tel. 1850 927 280
Intl. +353 (0) 59  9183072
Direct Dial: +353 (0)59 9183090
Fax. +353 (0) 59  9164239

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From rcooper at DWFORD.COM  Tue Dec  6 21:11:17 2005
From: rcooper at DWFORD.COM (Rick Cooper)
Date: Thu Jan 12 21:31:25 2006
Subject: Log Analysis
Message-ID: <mailman.17657.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "UTF-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> Behalf Of Dhawal Doshy
> Sent: Tuesday, December 06, 2005 2:57 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Log Analysis
> 
> 
[...]
> The MailWatch front-end uses php to talk to the database and has 
> nothing to 
> do with perl.. It is only the MailWatch.pm file that hooks on to 
> mailscanner 
> (not mailwatch) and logs to the database. 
> 
> Anyways, i have zero benefit from you using mailwatch, though a 
> lot of us do 
> and do so quite well. btw a quick check on the mailwatch-users archive 
> doesn't show any postings from you, looks like you are complaining about 
> mailwatch without asking for any help ever.. 
> 

Yes, the MailWatch front end is php and it uses the same information and it works. That was the point, the problem is in the perl implementation somewhere. I realize that MailWatch.pm is the source of trouble. I can also take the same basic code out of MailWatch and it works fine dumped into another script. I use the DBI mod myself in a couple of perl programs so I don't think that is the issue. I have tried the driver:database:host syntax within MailWatch and that doesn't work either.

No I never asked for help as it wasn't that important to get going, I am sure I can run it down when I get the desire to do so.

I was not complaining, someone gave a response to the OP that they recommended something else because they could never get MailWatch working and someone else responded it's easy, just follow the directions and it works... this is just not true in every instance and that is what prompted my comment.

I have no problem with MailWatch, it looks like a nice package, I just find it odd that it's the only thing dealing with MySql that I have ever had the least issue with. I didn't mean to ruffle anyone's feathers, it started out just a comment, and I added the detail of the things I had done so the thread wouldn't travel down the "try xyz or did you do this" trail.

Sorry,

Rick


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Tue Dec  6 21:31:26 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:25 2006
Subject: Log Analysis
Message-ID: <mailman.17658.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Rick Cooper wrote on         Tue, 6 Dec 2005 13:50:24 -0500:

> So somewhere in the MailScanner/MailWatch calls something is being handled 
> poorly

Frankly, there is something you are doing wrong, whatever it is. Something 
you misread from the install instructions or so, a tiny something you just 
overlook each time you look at it. Hundreds or thousands of admins use it 
without any problems and more or less "at first glance". If you want to get 
it running go to the Mailwatch list.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From kodak at FRONTIERHOMEMORTGAGE.COM  Tue Dec  6 22:21:40 2005
From: kodak at FRONTIERHOMEMORTGAGE.COM (Jason Balicki)
Date: Thu Jan 12 21:31:25 2006
Subject: Log Analysis
Message-ID: <mailman.17659.1137101485.24926.mailscanner@lists.mailscanner.info>

Kai Schaetzl <> wrote:
> Hundreds or thousands of admins use it without any problems

Did you go to Dogbert's school of marketing?

"Between one and three billion people think I'm awesome."

;)

--J(K)

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From eaperezh at GMAIL.COM  Wed Dec  7 03:46:13 2005
From: eaperezh at GMAIL.COM (Erick Perez)
Date: Thu Jan 12 21:31:25 2006
Subject: adding a reject reason to spam messages
Message-ID: <mailman.17660.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Is it a "correct" behavior to return a message to the sender telling that
the email was reject because it appears to come from a spam-listed
source?
can this be implemented with mailscanner? how?

Something like the original message with the following text appended to
the top of the body:
" Your message was reject because your domain (or ip) is listed in one or
more spam-blacklist servers."

Thanks,

--

-------------------------------------------
Erick Perez
Linux User 376588
http://counter.li.org/  (Get counted!!!)
Panama, Republic of Panama

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From pete at ENITECH.COM.AU  Wed Dec  7 04:13:37 2005
From: pete at ENITECH.COM.AU (Peter Russell)
Date: Thu Jan 12 21:31:25 2006
Subject: adding a reject reason to spam messages
Message-ID: <mailman.17661.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Erick Perez wrote:
> Is it a "correct" behavior to return a message to the sender telling 
> that the email was reject because it appears to come from a spam-listed 
> source?
Its a very bad practise.

> can this be implemented with mailscanner? how?
MailScanner does this. But why do you want to?
> 
> Something like the original message with the following text appended to 
> the top of the body:
> " Your message was reject because your domain (or ip) is listed in one 
> or more spam-blacklist servers."

Almost none of the return addresses will be accurate ... for starters 
... in the WIKI there is some good info on this if i remember right with 
a link to site who discuss only this particular part of spam protection.

What is it you want to achieve?
Pete

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From eaperezh at GMAIL.COM  Wed Dec  7 04:28:39 2005
From: eaperezh at GMAIL.COM (Erick Perez)
Date: Thu Jan 12 21:31:25 2006
Subject: adding a reject reason to spam messages
Message-ID: <mailman.17662.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Well, if a legitimate user is sending a mail from an ip block that has
been tagged as spam-generating (like an open-proxy that was later
closed), i wanted to tell the user that his/her email was rejected/tagged
as spam because it appeared in a spam/openproxy database.

I've been in that position several times because one of the internet
providers I use is being constantly entered into spam generating
ip-blocks.

When I was blocked i whised something will bouce back telling me why was
not delivered instead of making me "think" it was delivered.

ok, maybe not the user, but how about a forward to the postmaster of the
offending domain with a copy of the message that triggered the reject?

On 12/6/05, Peter Russell <pete@enitech.com.au> wrote:
      Erick Perez wrote:
      > Is it a "correct" behavior to return a message to the
      sender telling
      > that the email was reject because it appears to come from a
      spam-listed
      > source?
      Its a very bad practise.

      > can this be implemented with mailscanner? how?
      MailScanner does this. But why do you want to?
      >
      > Something like the original message with the following text
      appended to
      > the top of the body:
      > " Your message was reject because your domain (or ip) is
      listed in one
      > or more spam-blacklist servers."

      Almost none of the return addresses will be accurate ... for
      starters
      ... in the WIKI there is some good info on this if i remember
      right with
      a link to site who discuss only this particular part of spam
      protection.

      What is it you want to achieve?
      Pete

      ------------------------ MailScanner list
      ------------------------
      To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
      'leave mailscanner' in the body of the email.
      Before posting, read the Wiki (http://wiki.mailscanner.info/
      ) and
      the archives
      (http://www.jiscmail.ac.uk/lists/mailscanner.html).

      Support MailScanner development - buy the book off the
      website!




--

-------------------------------------------
Erick Perez
Linux User 376588
http://counter.li.org/  (Get counted!!!)
Panama, Republic of Panama

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From eaperezh at GMAIL.COM  Wed Dec  7 04:30:38 2005
From: eaperezh at GMAIL.COM (Erick Perez)
Date: Thu Jan 12 21:31:25 2006
Subject: adding a reject reason to spam messages
Message-ID: <mailman.17663.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

or maybe something like this (extracted from a 421 from aol)

421-:  (DNS:NR)  http://postmaster.info.aol.com/errors/421dnsnr.html 421
SERVICE NOT AVAILABLE (in reply to end of DATA command)


On 12/6/05, Erick Perez <eaperezh@gmail.com> wrote:
      Well, if a legitimate user is sending a mail from an ip block
      that has been tagged as spam-generating (like an open-proxy
      that was later closed), i wanted to tell the user that
      his/her email was rejected/tagged as spam because it appeared
      in a spam/openproxy database.

      I've been in that position several times because one of the
      internet providers I use is being constantly entered into
      spam generating ip-blocks.

      When I was blocked i whised something will bouce back telling
      me why was not delivered instead of making me "think" it was
      delivered.

      ok, maybe not the user, but how about a forward to the
      postmaster of the offending domain with a copy of the message
      that triggered the reject?

      On 12/6/05, Peter Russell <pete@enitech.com.au> wrote:
            Erick Perez wrote:
            > Is it a "correct" behavior to return a message
            to the sender telling
            > that the email was reject because it appears to
            come from a spam-listed
            > source?
            Its a very bad practise.

            > can this be implemented with mailscanner? how?
            MailScanner does this. But why do you want to?
            >
            > Something like the original message with the
            following text appended to
            > the top of the body:
            > " Your message was reject because your domain
            (or ip) is listed in one
            > or more spam-blacklist servers."

            Almost none of the return addresses will be
            accurate ... for starters
            ... in the WIKI there is some good info on this
            if i remember right with
            a link to site who discuss only this particular
            part of spam protection.

            What is it you want to achieve?
            Pete

            ------------------------ MailScanner list
            ------------------------
            To unsubscribe, email jiscmail@jiscmail.ac.uk
            with the words:
            'leave mailscanner' in the body of the email.
            Before posting, read the Wiki (
            http://wiki.mailscanner.info/ ) and
            the archives
            (http://www.jiscmail.ac.uk/lists/mailscanner.html).

            Support MailScanner development - buy the book
            off the website!




--

-------------------------------------------
Erick Perez
Linux User 376588
http://counter.li.org/  (Get counted!!!)
Panama, Republic of Panama




--

-------------------------------------------
Erick Perez
Linux User 376588
http://counter.li.org/  (Get counted!!!)
Panama, Republic of Panama

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From eaperezh at GMAIL.COM  Wed Dec  7 04:34:09 2005
From: eaperezh at GMAIL.COM (Erick Perez)
Date: Thu Jan 12 21:31:25 2006
Subject: Blocking emails that claim to come from our domain
Message-ID: <mailman.17664.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

what about MS and postfix?
where do i implement that?


On 12/4/05, Jim Holland <mailscanner@mango.zw> wrote:
      Hi

      On Sun, 4 Dec 2005, Nigel kendrick wrote:

      > We are seeing a steady stream of emails from
      > adsl-70-248-164-89.dsl.hstntx.swbell.net[numericlinkwarning
      70.248.164.89] that claim to come
      > from an address in our domain (i.e.:
      admin@ourdomainname.com ) and contain
      > the usual stuff about verifying passwords, mail accounts
      being suspended
      > etc. All legitimate users have to login to send mail so
      what's the most
      > effective and simple way to block mail from external
      sources that contain
      > our domain name? At the moment I am just putting the
      subjects in a
      > spamassassin rule but it's a bit of a 'blunt' way of
      trapping them.

      I also used a pretty blunt method as well, noticing that the
      addresses
      involved were:

      administrator@yourdomain
      admin@yourdomain
      adm@yourdomain
      apache@yourdomain
      ftp@yourdomain
      hostmaster@yourdomain
      ident@yourdomain
      info@yourdomain
      mail@yourdomain
      noreply@yourdomain
      operator@yourdomain
      register@yourdomain
      service@yourdomain
      staff@yourdomain
      subs@yourdomain
      support@yourdomain
      system@yourdomain
      update@yourdomain
      validation@yourdomain
      webmaster@yourdomain

      As none of the above addresses were being used for outgoing
      mail, I just
      put lines such as the following for each of the addresses in
      the sendmail
      access file:

      From:admin@mydomain     550 Blocking spoofed address
      admin@mydomain

      I also found a problem with numerous bounces to such
      addresses, so put in
      lines such as the following:

      To:admin@mydomain       550 This address is no longer valid -
      please write to postmaster instead

      It was quick and dirty but stopped large numbers of problem
      messages.

      More elegant solutions will be found in the archives.

      Regards

      Jim Holland
      System Administrator
      MANGO - Zimbabwe's non-profit e-mail service

      ------------------------ MailScanner list
      ------------------------
      To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
      'leave mailscanner' in the body of the email.
      Before posting, read the Wiki (http://wiki.mailscanner.info/)
      and
      the archives
      (http://www.jiscmail.ac.uk/lists/mailscanner.html ).

      Support MailScanner development - buy the book off the
      website!




--

-------------------------------------------
Erick Perez
Linux User 376588
http://counter.li.org/  (Get counted!!!)
Panama, Republic of Panama

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From ugob at CAMO-ROUTE.COM  Wed Dec  7 06:20:32 2005
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:31:25 2006
Subject: DCC version 1.3.24/2.3.24 released
Message-ID: <mailman.17665.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

<from DCC list>

Version 1.3.24 of the DCC source is in
http://www.dcc-servers.net/dcc/source/dcc.tar.Z  and
http://www.rhyolite.com/anti-spam/dcc/source/dcc.tar.Z

     Dccproc starts dccifd after 500 uses at least as fast as 0.1/second.
	With luck SpamAssassin will notice and switch to dccifd.
     Look for libsmutil.a in /usr/lib on Linx for old RedHat
	as suggested by Jason Balicki.
     Fix X-DCC header misplaced by dccproc reported by James McNutt.

/var/dcc/libexec/updatedcc should automagically fetch, build, and install
this version.


Vernon Schryver    vjs@rhyolite.com
_______________________________________________
DCC mailing list      DCC@rhyolite.com
http://www.rhyolite.com/mailman/listinfo/dcc

-- 
Ugo

-> Please don't send a copy of your reply by e-mail.  I read the list.
-> Please avoid top-posting, long signatures and HTML, and cut the 
irrelevant parts in your replies.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From janetbindner at YAHOO.CO.UK  Wed Dec  7 06:38:22 2005
From: janetbindner at YAHOO.CO.UK (Janet Bindner)
Date: Thu Jan 12 21:31:25 2006
Subject: New Release- pscm-1.0.0.2 (postfix 2.2.6, MailScanner: 4.48.4-2,
     Clamav: 0.87.1,SpamAssassin: 3.1.0)
Message-ID: <mailman.17666.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi all,
   Latest PSCM is updated with the following:
    *  Clamav: 0.87.1
    * MailScanner: 4.48.4-2
    * SpamAssassin: 3.1.0
    * Postfix: 2.2.6

PSCM is an RPM package that provides out-of-box easy
installation for a secure smtp mailserver with spam
filtering and virus scanning capabilities.

Cheers!
Janet


		
___________________________________________________________ 
To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre. http://uk.security.yahoo.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From janetbindner at YAHOO.CO.UK  Wed Dec  7 06:45:37 2005
From: janetbindner at YAHOO.CO.UK (Janet Bindner)
Date: Thu Jan 12 21:31:25 2006
Subject: New Release- pscm-1.0.0.2 (postfix 2.2.6, MailScanner: 4.48.4-2,
     Clamav: 0.87.1,SpamAssassin: 3.1.0)
Message-ID: <mailman.17667.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi all,
   Latest PSCM is updated with the following:
    *  Clamav: 0.87.1
    * MailScanner: 4.48.4-2
    * SpamAssassin: 3.1.0
    * Postfix: 2.2.6

http://metawire.org/~pscm/index.html

PSCM is an RPM package that provides out-of-box easy
installation for a secure smtp mailserver with spam
filtering and virus scanning capabilities.

Cheers!
Janet


		
___________________________________________________________ 
Yahoo! Exclusive Xmas Game, help Santa with his celebrity party - http://santas-christmas-party.yahoo.net/

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From boris.jordanov at GMAIL.COM  Wed Dec  7 08:27:10 2005
From: boris.jordanov at GMAIL.COM ([ISO-8859-5] Boris Jordanov / ±ÞàØá ¹ÞàÔÐÝÞÒ)
Date: Thu Jan 12 21:31:25 2006
Subject: MailScanner stoped working after PERL upgrade (I think so)
Message-ID: <mailman.17668.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

2005/12/6, Scott Silva <ssilva@sgvwater.com>:
...
> Did your perl upgrade make a new perl directory?
> I once did a perl upgrade on an old Redhat 7.3 install and I had 2 perls
> afterward, with some of my modules in different spots.
> I had to kill the old perl directory, re-install the upgrade, and then
> re-install all the needed modules.

No, the directory is as it should be. Julian has to confirm it, but it
seems that the PERL update changed the behavior of this line:

$recdata =~ /^([0-9 ]{15}) ([0-9 ]{15}) ([0-9 ]{15})( ([0-9 ]{15}))?$/;

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From drew at THEMARSHALLS.CO.UK  Wed Dec  7 08:31:21 2005
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:31:25 2006
Subject: adding a reject reason to spam messages
Message-ID: <mailman.17669.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On Wed, December 7, 2005 04:30, Erick Perez wrote:
> or maybe something like this (extracted from a 421 from aol)
>
> 421-:  (DNS:NR)  http://postmaster.info.aol.com/errors/421dnsnr.html 421
> SERVICE NOT AVAILABLE (in reply to end of DATA command)

This is different.

You were talking about *rejecting* mail (i.e. your MTA accepting the
message with a 250 code, processing it and then sending the Return-Path:
address a message advising that their message was scored as spam) This *IS
BAD* as Pete mentioned the Return-Path address is usually forged and some
poor innocent victim gets a load of 'We think your message is spam' mails.

What you see above is a bounce message from the MTA generated by the MTA
doing RBL look up at SMTP connection stage (Most MTA's can do this as a
standard feature. Check the docs for your MTA) and the bounce notification
will be generated by the sending MTA which will include the reason and
usually an URL providing the RBL details, which is what you have quoted
from AOL.

MailScanner can do the first option but certainly not be default. Your MTA
can do the second and not normally with any problem.

Drew


-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From David.While at UCE.AC.UK  Wed Dec  7 10:03:25 2005
From: David.While at UCE.AC.UK (David While)
Date: Thu Jan 12 21:31:25 2006
Subject: Log Analysis
Message-ID: <mailman.17670.1137101485.24926.mailscanner@lists.mailscanner.info>

Give me some insight in what you want in "the next level" and I will see
what I can do.

--------------------------------------------
David While BSc CEng MBCS CITP
Department of Computing
University of Central England
Tel: 0121 331 6211
-------------------------------------------- 

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of Michele Neylon:: Blacknight.ie
Sent: 06 December 2005 20:16
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Log Analysis

Rodney Green wrote:
> Thanks everyone. I successfully got Vispan working. The stats it
> provides are good enough for me right now. I just wanted to stats on
the
> number of virus infected and spam messages.
> 
Vispan is very handy, but I'd love to "take it to the next level"...

-- 
Mr Michele Neylon
Blacknight Solutions
Quality Business Hosting & Colocation
http://www.blacknight.ie/
Tel. 1850 927 280
Intl. +353 (0) 59  9183072
Direct Dial: +353 (0)59 9183090
Fax. +353 (0) 59  9164239

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From michele at BLACKNIGHT.IE  Wed Dec  7 10:12:13 2005
From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:31:25 2006
Subject: Log Analysis
Message-ID: <mailman.17671.1137101485.24926.mailscanner@lists.mailscanner.info>

David While <> said on 07 December 2005 10:03:

> Give me some insight in what you want in "the next level" and I will
> see what I can do. 
> 


More details and monthly breakdowns, so that we could see which viruses were
prevalent in each month etc., 
If the stats were in XML or something else it would make it a lot easier to
manipulate them using external software and make prettty graphs :) 

At the moment we get overall trends and "last period", but it's not possible
to see what has happened over a 3 month period or compare one period with
another, as there is no archive more of a cumulative stats.


Michele


Mr Michele Neylon
Blacknight Solutions
Quality Business Hosting & Colocation
http://www.blacknight.ie/
Tel. 1850 927 280
Intl. +353 (0) 59  9183072
UK: 0870 163 0607
Direct Dial: +353 (0)59 9183090
Fax. +353 (0) 59  9164239

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Wed Dec  7 10:13:24 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:25 2006
Subject: Not seeing any viruses being detected in my logs.
Message-ID: <mailman.17672.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 06/12/05, Michael S. <admin@thenamegame.com> wrote:
> That's interesting because this must have changed then. We used to see it
> say a message was spam followed by description of the virus found in the
> logs and my MailScanner-MRTG script that records the number of occurrences
> of spam and viruses is now off because of it.
>
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
> Of Kai Schaetzl
> Sent: Tuesday, December 06, 2005 7:31 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Not seeing any viruses being detected in my logs.
>
> Michael S. wrote on         Mon, 5 Dec 2005 21:08:38 -0500:
>
> > We are getting lots of messages from admin@cia.gov which does contain an
> > attachment but MS is simply saying the scored high and that it got
> deleted.
> > Well, what about the attachment that comes with that file? I should be
> > seeing F-Secure scanning it, detecting it, reporting the name of the virus
>
> > followed by either a removal and delete or a delivery to the user. I'm not
>
> > seeing any of this anymore.
>
> If the stuff is caught as spam there won't be any virus checking.
>
> Kai
>
> --
> Kai Schätzl, Berlin, Germany
> Get your web at Conactive Internet Services: http://www.conactive.com
> IE-Center: http://ie5.de & http://msie.winware.org
>

Hm, do you have the Keep quarantine clean thing set to yes? Or employ
the old "forward spam to /dev/null to get a delivery, hence a virus
check"?

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From G.Pentland at SOTON.AC.UK  Wed Dec  7 10:36:40 2005
From: G.Pentland at SOTON.AC.UK (Pentland G.)
Date: Thu Jan 12 21:31:25 2006
Subject: Log Analysis
Message-ID: <mailman.17673.1137101485.24926.mailscanner@lists.mailscanner.info>

Apologies for not having time to read the entire thread...

I have cron jobs that read yesterday's log file "maillog.0.gz" and email
the results from a series of perl scripts of the form...

<snip>
#!/usr/bin/perl

# Reset counters
$TotalMails   = 0;
$Totalin      = 0;
$TotalViruses = 0;
$TotalSpam    = 0;
$DeliveredSpam = 0;
$DeletedSpam = 0;
$DeletedViruses = 0;
$UserUnknown = 0;
$satimeout = 0;
$MsgsDeletedAtSix         = 0;
$MsgsDeletedAtEight       = 0;
$MsgsDeletedAtTwentyEight = 0;
$MsgsNotDeletedBySpamdump =0;
$UnderFour               = 0;
$FourToEight             = 0;
$EightToTwelve           = 0;
$TwelveToSixteen         = 0;
$SixteenToTwenty         = 0;
$TwentytoTwentyFour      = 0;
$TwentyFourtoTwentyEight = 0;
$OverTwentyEight         = 0;
$TotalBelowEight         = 0;
$TotalAboveEight         = 0;
$TotalBelowSix           = 0;
$TotalSixToEight         = 0;
$TotalEightToTwentyEight = 0;
$TotalAboveTwentyEight   = 0;
$rfcerrors               = 0;

while($_=<STDIN>) {
  chomp;
  if (/sendmail/) {
    $TotalMails += $1 if /nrcpts=(\d+),/;
    $UserUnknown += 1 if /User does not exist at this site/i;
    $rfcerrors += 1 if /address does not conform to RFC 2821 syntax/;
    next;
  }
  if (/mailscanner/i) {
    $TotalViruses += $1 if /Virus Scanning: Found (\d+) viruses/i;
    $TotalSpam    += $1 if /Spam Checks: Found (\d+) spam messages/i;
    $DeliveredSpam += 1 if /actions are deliver/i;
    $DeletedSpam  += 1 if /actions are delete/i;
    $DeletedSpam  += 1 if /Returning action delete/i;
    $DeletedViruses += 1 if /Viruses marked as silent/;
    $satimeout += 1 if /SpamAssassin (timed out)/;
    if (/Returning value (\d+) for (\w+)/) {
        $MsgsDeletedAtSix += 1 if $1 == 6;
        $MsgsDeletedAtEight += 1 if $1 == 8;
        $MsgsDeletedAtTwentyEight += 1 if $1 == 28;
        $MsgsNotDeletedBySpamdump += 1 if $1 == 600;
    }

  $TotalBelowSix            += 1 if /score\=(\d+)/ && $1 < 6;
  $TotalSixToEight          += 1 if /score\=(\d+)/ && 6 <= $1 && $1 < 8;
  $TotalEightToTwentyEight  += 1 if /score\=(\d+)/ && 8 <= $1 && $1 <
28;
  $TotalAboveTwentyEight    += 1 if /score\=(\d+)/ && 28 <= $1;
  }
}

$Totalin = $MsgsDeletedAtSix + $MsgsDeletedAtEight +
$MsgsDeletedAtTwentyEight + $MsgsNotDeletedBySpamdump;

print "Main Totals\n\n";
print "Total Mails
$TotalMails\n";
print " Total inbound from the outside world
$Totalin\n";
print "Total Viruses
$TotalViruses\n";
print "Total Spam
$TotalSpam\n";
print "Rejected mail for unknown recipients
$UserUnknown\n";
print "Rejected as not to RFC 2821 syntax
$rfcerrors\n";
print "Auto-Deleted Spam
$DeletedSpam\n";
print "Silently Deleted Viruses
$DeletedViruses\n";
print "SpamAssassin Timeouts
$satimeout\n";
print "\n";
print "Number of lookups for users that have set SpamDump at 6
$MsgsDeletedAtSix\n";
print "Number of lookups for users that have set SpamDump at 8
$MsgsDeletedAtEight\n";
print "Number of lookups for users that have set SpamDump at 28
$MsgsDeletedAtTwentyEight\n";
print "Number of lookups for users that have set SpamDump off
$MsgsNotDeletedBySpamdump\n";
print "\n\n";
print "SpamAssassin Score Distribution\n\n";
print "Messages Below 6            $TotalBelowSix\n";
print "Messages of 6 -> Below 8    $TotalSixToEight\n";
print "Messages of 8 -> Below 28   $TotalEightToTwentyEight\n";
print "Messages 28 or Above        $TotalAboveTwentyEight\n";
</snip>

This is one of 7 scripts and the resultant emails are collated by
management into their spreadsheets, everyone seems happy with type of
setup although I am trying to get enough money to buy a database server
(or steal some space on the corporate one) to run Mailwatch:-)

Hope that is of some use,

Gary

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Wed Dec  7 10:38:31 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:25 2006
Subject: MailScanner stoped working after PERL upgrade (I think so)
Message-ID: <mailman.17674.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "UTF-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----

On 7 Dec 2005, at 08:27, Boris Jordanov / Ð^ÑоÑ^ÀиÑ^Á Ð^ÙоÑ^Àданов  
wrote:
> 2005/12/6, Scott Silva <ssilva@sgvwater.com>:
> ...
>> Did your perl upgrade make a new perl directory?
>> I once did a perl upgrade on an old Redhat 7.3 install and I had 2  
>> perls
>> afterward, with some of my modules in different spots.
>> I had to kill the old perl directory, re-install the upgrade, and  
>> then
>> re-install all the needed modules.
>
> No, the directory is as it should be. Julian has to confirm it, but it
> seems that the PERL update changed the behavior of this line:
>
> $recdata =~ /^([0-9 ]{15}) ([0-9 ]{15}) ([0-9 ]{15})( ([0-9 ]{15}))? 
> $/;

Can you please confirm that my last suggested chunk of code does  
indeed work? I want to merge it into the main code base.
- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBQ5a7qfw32o+k+q+hAQF7jQf/YkSMsKf0x92HuxQaRo3tx/pM4w63+Lxg
oFRAKTuCiwqODsdr6wSqI+Z/uhffnqY6kK5QejcGxt1uacdNNdwoZMtwIFYtPXMe
qKOyhPlYKyDyRoxErnwLLVRpzxjTQa5JSofgkeJdCgPWlfuuw3/Gzq94NgPyzLnM
qWWvAJ2Gsmwew4AQrx10HCeKU2m/RBUq97rxJywLTuChZl4cztPtJ1lmdRE+YVO8
Hmyjdf1O3BKiTx4tp3y8qb0oGGhj4bnfYpJEMgiFbn8AMzGfmmzSvadr0z0oYBtN
RVvZFhZhrrP04wvmjjfOl2Kmj5xa5RzjkBZMzmaXfKAdDSUYAMxF7Q==
=s/Bw
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Wed Dec  7 10:43:18 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:25 2006
Subject: Blocking emails that claim to come from our domain
Message-ID: <mailman.17675.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 07/12/05, Erick Perez <eaperezh@gmail.com> wrote:
> what about MS and postfix?
> where do i implement that?
>
I'm at home on sick-leave (hopfully, just today....), so this is
entirely from memory (and that is a bit flaky at best:-)...
As said, I apply a restriktion on helo and on senders so this might
look something like (in main.cf "#" inserted to show where the lines
are (wrapping))
#
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname,
reject_non_fqdn_hostname, check_helo_access
hash:/path/to/access_map/file
#
smtpd_helo_restrictions = permit_mynetworks,  check_sender_access
hash:/path/to/access_map/file
#
And in the map file, you have a line rejecting your own domain... something like
yourdomain.tld REJECT You are not me...

Then couple that with the recipient maps check (for valid recipients),
and then you can only receive mail from non-spoofing senders to valid
recipients (that part is described well in the MailScanner wiki). You
can, of course, couple these restrictions with any restrictions you
feel are necessary ("man 5 postconf" is a good place to see exactly
what settings you have available)

.... Or did I missunderstand your question?

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Wed Dec  7 11:14:31 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:25 2006
Subject: Log Analysis
Message-ID: <mailman.17676.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 06/12/05, Rick Cooper <rcooper@dwford.com> wrote:
> > -----Original Message-----
> > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> > Behalf Of Dhawal Doshy
> > Sent: Tuesday, December 06, 2005 2:57 PM
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: Re: Log Analysis
> >
> >
> [...]
> > The MailWatch front-end uses php to talk to the database and has
> > nothing to
> > do with perl.. It is only the MailWatch.pm file that hooks on to
> > mailscanner
> > (not mailwatch) and logs to the database.
> >
> > Anyways, i have zero benefit from you using mailwatch, though a
> > lot of us do
> > and do so quite well. btw a quick check on the mailwatch-users archive
> > doesn't show any postings from you, looks like you are complaining about
> > mailwatch without asking for any help ever..
> >
>
> Yes, the MailWatch front end is php and it uses the same information and it works. That was the point, the problem is in the perl implementation somewhere. I realize that MailWatch.pm is the source of trouble. I can also take the same basic code out of MailWatch and it works fine dumped into another script. I use the DBI mod myself in a couple of perl programs so I don't think that is the issue. I have tried the driver:database:host syntax within MailWatch and that doesn't work either.
>
> No I never asked for help as it wasn't that important to get going, I am sure I can run it down when I get the desire to do so.
>
> I was not complaining, someone gave a response to the OP that they recommended something else because they could never get MailWatch working and someone else responded it's easy, just follow the directions and it works... this is just not true in every instance and that is what prompted my comment.
>
> I have no problem with MailWatch, it looks like a nice package, I just find it odd that it's the only thing dealing with MySql that I have ever had the least issue with. I didn't mean to ruffle anyone's feathers, it started out just a comment, and I added the detail of the things I had done so the thread wouldn't travel down the "try xyz or did you do this" trail.
>
> Sorry,
>
> Rick
>

Don't be (sorry), I can well relate to this not meaning that much to you.
Still, there are reason we who actually run MW are a bit fanatical about it:-):
- MailWatch is a _very_ handy tool
- It has a huge "PHB charming effect"
- It has a large amount of convenience functions, both for users and admins
- <insert favourite hype... I've got a bad cold and can't think straight....:-)>

So recommending it isn't all about it being easy to set up, it's about
it actually adding value to the whole system... Oh well, now *I* sound
likea sales rep....

Your problem _is_ strange though, and it would certainly benefit the
MW community to try penetrate it, and possibly benefit you too....:-).
I assume you've checked the DBI trace and couldn't find anything in there?
What version(s) of DBI/DBD-mysql and MW did you try? The
"finicky-ness" about DBD-mysql should have gone away with MW 1.x ....
Also.... what users have you tried as? The same as you run the MTA as?

If you'd rather not pursue this, then just say so and I'll shut up...
Otherwise, let's take it over to the MW list...:-)

Cheers
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Wed Dec  7 11:31:21 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:25 2006
Subject: Not seeing any viruses being detected in my logs.
Message-ID: <mailman.17677.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Glenn Steen wrote on         Wed, 7 Dec 2005 11:13:24 +0100:

> Hm, do you have the Keep quarantine clean thing set to yes?

Keep Spam And MCP Archive Clean = no

Is that what you mean? It's off by default. I think this didn't exist when 
I installed MS the first time. Might have been added later and I left it 
at the default setting.





Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Wed Dec  7 11:31:21 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:25 2006
Subject: adding a reject reason to spam messages
Message-ID: <mailman.17678.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Erick Perez wrote on         Tue, 6 Dec 2005 23:28:39 -0500:

> Well, if a legitimate user is sending a mail from an ip block that has been 
> tagged as spam-generating (like an open-proxy that was later closed), i 
> wanted to tell the user that his/her email was rejected/tagged as spam 
> because it appeared in a spam/openproxy database.

That is already done if you added the RBL to your MTA configuration with the 
syntax recommended by the RBL.
If you do this on MTA level it's ok, because you bounce it right of to the 
spammer who will probably not forward it to the real destination. However, if 
you reject it with Mailscanner after accepting you send it off to the innocent 
joejob victim. Which is not acceptable. And if it's not coming from a spammer 
the MTA bounce will go right to the "good" sender and tell them the reason 
already.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From drew at THEMARSHALLS.CO.UK  Wed Dec  7 11:34:09 2005
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:31:25 2006
Subject: Blocking emails that claim to come from our
Message-ID: <mailman.17679.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On Wed, December 7, 2005 10:43, Glenn Steen wrote:
> On 07/12/05, Erick Perez <eaperezh@gmail.com> wrote:
>> what about MS and postfix?
>> where do i implement that?
>>
> I'm at home on sick-leave (hopfully, just today....), so this is
> entirely from memory (and that is a bit flaky at best:-)...

Get well soon!

> As said, I apply a restriktion on helo and on senders so this might
> look something like (in main.cf "#" inserted to show where the lines
> are (wrapping))
> #
> smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname,
> reject_non_fqdn_hostname, check_helo_access
> hash:/path/to/access_map/file
> #
> smtpd_helo_restrictions = permit_mynetworks,  check_sender_access
> hash:/path/to/access_map/file
> #
> And in the map file, you have a line rejecting your own domain...
> something like
> yourdomain.tld REJECT You are not me...
>
> Then couple that with the recipient maps check (for valid recipients),
> and then you can only receive mail from non-spoofing senders to valid
> recipients (that part is described well in the MailScanner wiki). You
> can, of course, couple these restrictions with any restrictions you
> feel are necessary ("man 5 postconf" is a good place to see exactly
> what settings you have available)

The only thing I would add is that sometimes helo rejection can be too
harsh (There are loads of Exchange boxes that have strange AD domains
setup due to AD getting confused over internal and external DNS and end up
heloing with something like exchange.domain.internal which will be
rejected with 'reject_invalid_hostname') so you might chose to add
'warn_if_reject' in front so you just log these and take a view on
rejection based on your hits (Like your best customer won't be rejected
for example!).

Drew


-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Wed Dec  7 11:40:00 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:25 2006
Subject: Not seeing any viruses being detected in my logs.
Message-ID: <mailman.17680.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 07/12/05, Kai Schaetzl <maillists@conactive.com> wrote:
> Glenn Steen wrote on         Wed, 7 Dec 2005 11:13:24 +0100:
>
> > Hm, do you have the Keep quarantine clean thing set to yes?
>
> Keep Spam And MCP Archive Clean = no
>
> Is that what you mean? It's off by default. I think this didn't exist when
> I installed MS the first time. Might have been added later and I left it
> at the default setting.
>

That's the one, yes.

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From rcooper at DWFORD.COM  Wed Dec  7 11:47:00 2005
From: rcooper at DWFORD.COM (Rick Cooper)
Date: Thu Jan 12 21:31:25 2006
Subject: Log Analysis
Message-ID: <mailman.17681.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> Behalf Of Glenn Steen
> Sent: Wednesday, December 07, 2005 6:15 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Log Analysis
>
>
[..]
> Don't be (sorry), I can well relate to this not meaning that much to you.
> Still, there are reason we who actually run MW are a bit
> fanatical about it:-):
> - MailWatch is a _very_ handy tool
> - It has a huge "PHB charming effect"
> - It has a large amount of convenience functions, both for users
> and admins
> - <insert favourite hype... I've got a bad cold and can't think
> straight....:-)>
>
> So recommending it isn't all about it being easy to set up, it's about
> it actually adding value to the whole system... Oh well, now *I* sound
> likea sales rep....
>
> Your problem _is_ strange though, and it would certainly benefit the
> MW community to try penetrate it, and possibly benefit you too....:-).
> I assume you've checked the DBI trace and couldn't find anything in there?
> What version(s) of DBI/DBD-mysql and MW did you try? The
> "finicky-ness" about DBD-mysql should have gone away with MW 1.x ....
> Also.... what users have you tried as? The same as you run the MTA as?
>
> If you'd rather not pursue this, then just say so and I'll shut up...
> Otherwise, let's take it over to the MW list...:-)
>

I promise I will actively look at this as soon as I get some free time. I
never really pursued it because, frankly, I have my own stuff that does all
that I need and is specifically designed to work with the rest of my server
management toos. Yesterday is the most time I have ever spent on it. Before
I try it again I will install the latest Bundle::DBD:mysql and see if that
helps (I think I already have the latest but I will check). I will also make
sure I have the latest MailWatch as it's been awhile since I even tried it.

I never ment to 'dis' MailWatch, and I am aware a lot of admins use it
sucessfully and I should not have enjoined the conversation in the first
place, unless I had something constructive to say.

My Bad

Rick


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Wed Dec  7 11:50:44 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:25 2006
Subject: Blocking emails that claim to come from our
Message-ID: <mailman.17682.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 07/12/05, Drew Marshall <drew@themarshalls.co.uk> wrote:
> On Wed, December 7, 2005 10:43, Glenn Steen wrote:
> > On 07/12/05, Erick Perez <eaperezh@gmail.com> wrote:
> >> what about MS and postfix?
> >> where do i implement that?
> >>
> > I'm at home on sick-leave (hopfully, just today....), so this is
> > entirely from memory (and that is a bit flaky at best:-)...
>
> Get well soon!
>
> > As said, I apply a restriktion on helo and on senders so this might
> > look something like (in main.cf "#" inserted to show where the lines
> > are (wrapping))
> > #
> > smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname,
> > reject_non_fqdn_hostname, check_helo_access
> > hash:/path/to/access_map/file
> > #
> > smtpd_helo_restrictions = permit_mynetworks,  check_sender_access
> > hash:/path/to/access_map/file
> > #
> > And in the map file, you have a line rejecting your own domain...
> > something like
> > yourdomain.tld REJECT You are not me...
> >
> > Then couple that with the recipient maps check (for valid recipients),
> > and then you can only receive mail from non-spoofing senders to valid
> > recipients (that part is described well in the MailScanner wiki). You
> > can, of course, couple these restrictions with any restrictions you
> > feel are necessary ("man 5 postconf" is a good place to see exactly
> > what settings you have available)
>
> The only thing I would add is that sometimes helo rejection can be too
> harsh (There are loads of Exchange boxes that have strange AD domains
> setup due to AD getting confused over internal and external DNS and end up
> heloing with something like exchange.domain.internal which will be
> rejected with 'reject_invalid_hostname') so you might chose to add
> 'warn_if_reject' in front so you just log these and take a view on
> rejection based on your hits (Like your best customer won't be rejected
> for example!).
>
> Drew
>

Ah yes.... "The mighty buck" forcing "shoddy" behaviour onto the world.
Sure, I take a somewhat harsh attitude to this, but really... If we
don't reject them, how will they ever know they're in the wrong?!
Luckily for me, I've got my PHB "onboard"(:-)... He's sensitive to
arguments about standards compliance, for some reason.
Admittedly, the very few rejections from this that "should have gone
through" are from laces that simply don't monitor their systems enough
to ... take the hint.
OTOH, I've had 0 (zero) complaints from users about missing mails,
so.... It all depends on ones situation, I guess.
Most rejections don't come from HELOing with an invalid name though,
but from HELOing with a non-FQDN. Don't have the numbers, since I'm at
home:-).
Anyway, the gist of the matter is the anti-spoof thing.

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dhawal at NETMAGICSOLUTIONS.COM  Wed Dec  7 11:51:23 2005
From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy)
Date: Thu Jan 12 21:31:25 2006
Subject: Blocking emails that claim to come from our
Message-ID: <mailman.17683.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Drew Marshall wrote:
> On Wed, December 7, 2005 10:43, Glenn Steen wrote:
> 
>>On 07/12/05, Erick Perez <eaperezh@gmail.com> wrote:
>>
>>>what about MS and postfix?
>>>where do i implement that?
[SNIP]
> The only thing I would add is that sometimes helo rejection can be too
> harsh (There are loads of Exchange boxes that have strange AD domains
> setup due to AD getting confused over internal and external DNS and end up
> heloing with something like exchange.domain.internal which will be
> rejected with 'reject_invalid_hostname') so you might chose to add
> 'warn_if_reject' in front so you just log these and take a view on
> rejection based on your hits (Like your best customer won't be rejected
> for example!).

minuscule correction

'reject_invalid_hostname' under 'smtpd_helo_restrictions' will simply 
reject the 'helo' if it contains any special / bad characters..

The parameter you are talking about is reject_unknown_hostname, which 
will reject the mail if no valid A/MX record exists for the helo 
hostname and causes quite a few false positives.

see: http://www.postfix.org/uce.html#smtpd_helo_restrictions

- dhawal

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Wed Dec  7 11:55:53 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:25 2006
Subject: Log Analysis
Message-ID: <mailman.17684.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 07/12/05, Rick Cooper <rcooper@dwford.com> wrote:
(snip)
> I never ment to 'dis' MailWatch, and I am aware a lot of admins use it
> sucessfully and I should not have enjoined the conversation in the first
> place, unless I had something constructive to say.
>
> My Bad
>
> Rick

Finding and fixing problems (and you certainly experienced a
problem:-) can never be bad.
Looking forward to be of what assistance I can, when you have the time.

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Wed Dec  7 12:06:55 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:25 2006
Subject: Blocking emails that claim to come from our
Message-ID: <mailman.17685.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 07/12/05, Dhawal Doshy <dhawal@netmagicsolutions.com> wrote:
> Drew Marshall wrote:
> > On Wed, December 7, 2005 10:43, Glenn Steen wrote:
> >
> >>On 07/12/05, Erick Perez <eaperezh@gmail.com> wrote:
> >>
> >>>what about MS and postfix?
> >>>where do i implement that?
> [SNIP]
> > The only thing I would add is that sometimes helo rejection can be too
> > harsh (There are loads of Exchange boxes that have strange AD domains
> > setup due to AD getting confused over internal and external DNS and end up
> > heloing with something like exchange.domain.internal which will be
> > rejected with 'reject_invalid_hostname') so you might chose to add
> > 'warn_if_reject' in front so you just log these and take a view on
> > rejection based on your hits (Like your best customer won't be rejected
> > for example!).
>
> minuscule correction
>
> 'reject_invalid_hostname' under 'smtpd_helo_restrictions' will simply
> reject the 'helo' if it contains any special / bad characters..
>
> The parameter you are talking about is reject_unknown_hostname, which
> will reject the mail if no valid A/MX record exists for the helo
> hostname and causes quite a few false positives.
>
> see: http://www.postfix.org/uce.html#smtpd_helo_restrictions
>
> - dhawal
>
Ah, that explains why the whole thing felt a bit alien.... And with
the amount of hosts _sending_ mail that don't have valid A/MX records,
I'd definitely apply the warn_if_reject to that feature.... AFAICR,
there is no absolute mandate (MUST) in any RFC regarding a sending
host having to even have a DNS record of any kind... I might be
recalling wrong though:-).

Just to clarify further: My suggested restrictions above_will not_
reject a stoopid AD(-dled) M-Sexchange host HELOing with
exchange.domain.internal.since this is a valid domain _string_ ...
Neither of these restrictions perform any form of DNS lookup.
Thank you Dahwal&Drew, for these clarifications/verifications.
I'm off for some nice pain-killers and honeyd tea.... Will hopefully
make head work again:-)

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From samp at ARIAL-CONCEPT.COM  Wed Dec  7 12:08:04 2005
From: samp at ARIAL-CONCEPT.COM (Sam Przyswa)
Date: Thu Jan 12 21:31:25 2006
Subject: adding a reject reason to spam messages
Message-ID: <mailman.17686.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Erick Perez a écrit :

> Well, if a legitimate user is sending a mail from an ip block that has 
> been tagged as spam-generating (like an open-proxy that was later 
> closed), i wanted to tell the user that his/her email was 
> rejected/tagged as spam because it appeared in a spam/openproxy database.
>
> I've been in that position several times because one of the internet 
> providers I use is being constantly entered into spam generating 
> ip-blocks.
>
> When I was blocked i whised something will bouce back telling me why 
> was not delivered instead of making me "think" it was delivered.
>
> ok, maybe not the user, but how about a forward to the postmaster of 
> the offending domain with a copy of the message that triggered the reject?


I have the same problem with a customer of mine, some sender are on 
blacklisted ip bloc or blacklisted ISP mail server, and the mails are 
quietly rejected by MailScanner, but these mails are GOOD and must be 
delivered OR the sender MUST BE notified by the no-delivery and why !

If MailScanner is not able to do that my customer want disabled it and 
prefer to use a Windows anti-spam app on each desktop because it's MORE 
IMPORTANT for my customer, to notify the sender than to think the mail 
was delivered when it's not, 2 days ago he loosed an important mail from 
its lawyer because of that.

Sam.



-- 
Ce message a été vérifié par MailScanner
pour des virus ou des polluriels et rien de
suspect n'a été trouvé.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From boris.jordanov at GMAIL.COM  Wed Dec  7 12:14:22 2005
From: boris.jordanov at GMAIL.COM ([ISO-8859-5] Boris Jordanov / ±ÞàØá ¹ÞàÔÐÝÞÒ)
Date: Thu Jan 12 21:31:25 2006
Subject: MailScanner stoped working after PERL upgrade (I think so)
Message-ID: <mailman.17687.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

2005/12/7, Julian Field <MailScanner@ecs.soton.ac.uk>:

> Can you please confirm that my last suggested chunk of code does
> indeed work? I want to merge it into the main code base.

For the last 24 hours - yes, it works.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Wed Dec  7 12:15:31 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:25 2006
Subject: adding a reject reason to spam messages
Message-ID: <mailman.17688.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 07/12/05, Sam Przyswa <samp@arial-concept.com> wrote:
> Erick Perez a écrit :
>
> > Well, if a legitimate user is sending a mail from an ip block that has
> > been tagged as spam-generating (like an open-proxy that was later
> > closed), i wanted to tell the user that his/her email was
> > rejected/tagged as spam because it appeared in a spam/openproxy database.
> >
> > I've been in that position several times because one of the internet
> > providers I use is being constantly entered into spam generating
> > ip-blocks.
> >
> > When I was blocked i whised something will bouce back telling me why
> > was not delivered instead of making me "think" it was delivered.
> >
> > ok, maybe not the user, but how about a forward to the postmaster of
> > the offending domain with a copy of the message that triggered the reject?
>
>
> I have the same problem with a customer of mine, some sender are on
> blacklisted ip bloc or blacklisted ISP mail server, and the mails are
> quietly rejected by MailScanner, but these mails are GOOD and must be
> delivered OR the sender MUST BE notified by the no-delivery and why !
>
> If MailScanner is not able to do that my customer want disabled it and
> prefer to use a Windows anti-spam app on each desktop because it's MORE
> IMPORTANT for my customer, to notify the sender than to think the mail
> was delivered when it's not, 2 days ago he loosed an important mail from
> its lawyer because of that.
>
> Sam.
>

Yes, and that is exactly why you should be rejecting thos at the MTA,
or only use BKs in SA to score.... And then inform the customer by way
of quarantine report or similar.

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From rgreen at TRAYERPRODUCTS.COM  Wed Dec  7 12:25:02 2005
From: rgreen at TRAYERPRODUCTS.COM (Rodney Green)
Date: Thu Jan 12 21:31:25 2006
Subject: OT: Vispan question
Message-ID: <mailman.17689.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hello,

Can someone please tell me what the "Messages Rejected" number in Vispan
consists of?

Thanks,
Rod
--
Honor the Fallen

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From drew at THEMARSHALLS.CO.UK  Wed Dec  7 12:25:03 2005
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:31:25 2006
Subject: Blocking emails that claim to come from our
Message-ID: <mailman.17690.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On Wed, December 7, 2005 11:51, Dhawal Doshy wrote:
> minuscule correction
>
> 'reject_invalid_hostname' under 'smtpd_helo_restrictions' will simply
> reject the 'helo' if it contains any special / bad characters..
>
> The parameter you are talking about is reject_unknown_hostname, which
> will reject the mail if no valid A/MX record exists for the helo
> hostname and causes quite a few false positives.
>
> see: http://www.postfix.org/uce.html#smtpd_helo_restrictions

Yes, you are right. Sorry that's my fault for not reading (Or is that
thinking!) properly.

It can get slightly more complex than that even as you can reject on
client address using smtpd_client_restrictions (Which is also where you do
the RBL checks, for the record) with reject_unknown_client or more
leniently reject_unknown_reverse_client_hostname (If you are running 2.3)
as that will check on the client not what it helo's as.

One of the beauties of Postfix is the ability to run these restrictions at
various different stages of SMTP conversation, client, helo, sender and
data.


Drew



-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From martinh at SOLID-STATE-LOGIC.COM  Wed Dec  7 12:26:11 2005
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:31:25 2006
Subject: adding a reject reason to spam messages
Message-ID: <mailman.17691.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Sam

The way I handle this...

Is to do ALL the checks in Spamassassin, that way the RBL's don't get
treated as a 100% blacklist. 

Or alter the "Spam Lists To Be Spam" to be more than 1 is you have more than
1 RBL in the Spam List, to each RBL isn't treated as a complete blacklist.

--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Sam Przyswa
> Sent: 07 December 2005 12:08
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: [MAILSCANNER] adding a reject reason to spam messages
> 
> Erick Perez a écrit :
> 
> > Well, if a legitimate user is sending a mail from an ip block that has
> > been tagged as spam-generating (like an open-proxy that was later
> > closed), i wanted to tell the user that his/her email was
> > rejected/tagged as spam because it appeared in a spam/openproxy
> database.
> >
> > I've been in that position several times because one of the internet
> > providers I use is being constantly entered into spam generating
> > ip-blocks.
> >
> > When I was blocked i whised something will bouce back telling me why
> > was not delivered instead of making me "think" it was delivered.
> >
> > ok, maybe not the user, but how about a forward to the postmaster of
> > the offending domain with a copy of the message that triggered the
> reject?
> 
> 
> I have the same problem with a customer of mine, some sender are on
> blacklisted ip bloc or blacklisted ISP mail server, and the mails are
> quietly rejected by MailScanner, but these mails are GOOD and must be
> delivered OR the sender MUST BE notified by the no-delivery and why !
> 
> If MailScanner is not able to do that my customer want disabled it and
> prefer to use a Windows anti-spam app on each desktop because it's MORE
> IMPORTANT for my customer, to notify the sender than to think the mail
> was delivered when it's not, 2 days ago he loosed an important mail from
> its lawyer because of that.
> 
> Sam.
> 
> 
> 
> --
> Ce message a été vérifié par MailScanner
> pour des virus ou des polluriels et rien de
> suspect n'a été trouvé.
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From drew at THEMARSHALLS.CO.UK  Wed Dec  7 12:31:15 2005
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:31:25 2006
Subject: adding a reject reason to spam messages
Message-ID: <mailman.17692.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On Wed, December 7, 2005 12:08, Sam Przyswa wrote:
> I have the same problem with a customer of mine, some sender are on
> blacklisted ip bloc or blacklisted ISP mail server, and the mails are
> quietly rejected by MailScanner, but these mails are GOOD and must be
> delivered OR the sender MUST BE notified by the no-delivery and why !
>
> If MailScanner is not able to do that my customer want disabled it and
> prefer to use a Windows anti-spam app on each desktop because it's MORE
> IMPORTANT for my customer, to notify the sender than to think the mail
> was delivered when it's not, 2 days ago he loosed an important mail from
> its lawyer because of that.

Don't use MailScanner for RBL checks then. Either:

a) Block using RBL's at MTA stage so the sender gets a bounce notifiction
(From their own server)

b) Change the high score Spam settings to just tag and then deliver or
quarantine high scoring spam and put in MailWatch to release legitimate
for the quarantine.

Sending rejection messages is NOT the answer to this and will more than
likely get your client added to an black list themselves.

Drew


-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dhawal at NETMAGICSOLUTIONS.COM  Wed Dec  7 12:32:41 2005
From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy)
Date: Thu Jan 12 21:31:25 2006
Subject: Blocking emails that claim to come from our
Message-ID: <mailman.17693.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Glenn Steen wrote:
> I'm off for some nice pain-killers and honeyd tea.... Will hopefully
> make head work again:-)

Get off the chair and get into the bed for some rest / sleep.

btw, it's honey and not honeyd, which comes from here www.honeyd.org 
(one more reason to let the brain rest) :)

- dhawal

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From samp at ARIAL-CONCEPT.COM  Wed Dec  7 12:34:40 2005
From: samp at ARIAL-CONCEPT.COM (Sam Przyswa)
Date: Thu Jan 12 21:31:25 2006
Subject: adding a reject reason to spam messages
Message-ID: <mailman.17694.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Glenn Steen a écrit :

>On 07/12/05, Sam Przyswa <samp@arial-concept.com> wrote:
>  
>
>>Erick Perez a écrit :
>>
>>    
>>
>>>Well, if a legitimate user is sending a mail from an ip block that has
>>>been tagged as spam-generating (like an open-proxy that was later
>>>closed), i wanted to tell the user that his/her email was
>>>rejected/tagged as spam because it appeared in a spam/openproxy database.
>>>
>>>I've been in that position several times because one of the internet
>>>providers I use is being constantly entered into spam generating
>>>ip-blocks.
>>>
>>>When I was blocked i whised something will bouce back telling me why
>>>was not delivered instead of making me "think" it was delivered.
>>>
>>>ok, maybe not the user, but how about a forward to the postmaster of
>>>the offending domain with a copy of the message that triggered the reject?
>>>      
>>>
>>I have the same problem with a customer of mine, some sender are on
>>blacklisted ip bloc or blacklisted ISP mail server, and the mails are
>>quietly rejected by MailScanner, but these mails are GOOD and must be
>>delivered OR the sender MUST BE notified by the no-delivery and why !
>>
>>If MailScanner is not able to do that my customer want disabled it and
>>prefer to use a Windows anti-spam app on each desktop because it's MORE
>>IMPORTANT for my customer, to notify the sender than to think the mail
>>was delivered when it's not, 2 days ago he loosed an important mail from
>>its lawyer because of that.
>>
>>Sam.
>>
>>    
>>
>
>Yes, and that is exactly why you should be rejecting thos at the MTA,
>  
>

If I have to put all the lists on MTA level (sendmail for this customer) 
and then in MailScanner to _just_ bounce rejected mail to the senders, I 
don't need MailScanner, Sendmail or Postfix is enough but not always 
easy to configure, I use the MailScanner Webmin module to do that in 
remote and it's the right solution for me but...

>or only use BKs in SA to score.... And then inform the customer by way
>of quarantine report or similar.
>  
>

In this case I have to notify ALL the spam to the recipients not very 
practical...

Thanks for your reply.

Sam.



-- 
Ce message a été vérifié par MailScanner
pour des virus ou des polluriels et rien de
suspect n'a été trouvé.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From David.While at UCE.AC.UK  Wed Dec  7 12:38:55 2005
From: David.While at UCE.AC.UK (David While)
Date: Thu Jan 12 21:31:25 2006
Subject: Vispan question
Message-ID: <mailman.17695.1137101485.24926.mailscanner@lists.mailscanner.info>

It looks for the MTA reject message in the log.

--------------------------------------------
David While BSc CEng MBCS CITP
Department of Computing
University of Central England
Tel: 0121 331 6211
--------------------------------------------


________________________________________________________________________________
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of Rodney Green
Sent: 07 December 2005 12:25
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: OT: Vispan question

Hello,

Can someone please tell me what the "Messages Rejected" number in Vispan
consists of?

Thanks,
Rod
--
Honor the Fallen

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From rgreen at TRAYERPRODUCTS.COM  Wed Dec  7 12:43:38 2005
From: rgreen at TRAYERPRODUCTS.COM (Rodney Green)
Date: Thu Jan 12 21:31:25 2006
Subject: Vispan question
Message-ID: <mailman.17696.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Thanks David. Does it look for reject_warning also?

David While wrote:
It looks for the MTA reject message in the log.

--------------------------------------------
David While BSc CEng MBCS CITP
Department of Computing
University of Central England
Tel: 0121 331 6211
--------------------------------------------


________________________________________________________________________________
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]
On Behalf Of Rodney Green
Sent: 07 December 2005 12:25
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: OT: Vispan question

      Hello,

      Can someone please tell me what the "Messages Rejected"
      number in Vispan consists of?

      Thanks,
      Rod
      --
      Honor the Fallen

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


--
Rodney Green Network/Security Administrator
Trayer Products, Inc.
rgreen@trayerproducts.com
607-734-8124 Ext. 343
Security+ Certified

Honor the Fallen

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


    [ Part 2, Image/JPEG  8.8KB. ]
    [ Unable to print this part. ]


From rgreen at TRAYERPRODUCTS.COM  Wed Dec  7 12:54:34 2005
From: rgreen at TRAYERPRODUCTS.COM (Rodney Green)
Date: Thu Jan 12 21:31:25 2006
Subject: Vispan question
Message-ID: <mailman.17697.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I'm using postfix, by the way.

Rodney Green wrote:
> Thanks David. Does it look for reject_warning also?
>
> David While wrote:
>> It looks for the MTA reject message in the log.
>>
>> --------------------------------------------
>> David While BSc CEng MBCS CITP
>> Department of Computing
>> University of Central England
>> Tel: 0121 331 6211
>> --------------------------------------------
>>
>>
>> ------------------------------------------------------------------------
>> *From:* MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] 
>> *On Behalf Of *Rodney Green
>> *Sent:* 07 December 2005 12:25
>> *To:* MAILSCANNER@JISCMAIL.AC.UK
>> *Subject:* OT: Vispan question
>>
>> Hello,
>>
>> Can someone please tell me what the "Messages Rejected" number in 
>> Vispan consists of?
>>
>> Thanks,
>> Rod
>> /--/
>> Honor the Fallen <http://www.militarycity.com/valor/honor.html>
>>
>> -- 
>> This message has been scanned for viruses and
>> dangerous content by *MailScanner* <http://www.mailscanner.info/>**, 
>> and is
>> believed to be clean.
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the Wiki (http://wiki.mailscanner.info/)
>> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> *Support MailScanner development - buy the book off the website!*
>>
>> -- 
>> This message has been scanned for viruses and
>> dangerous content by **MailScanner* <http://www.mailscanner.info/>*, 
>> and is
>> believed to be clean.
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the Wiki (http://wiki.mailscanner.info/)
>> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> *Support MailScanner development - buy the book off the website!*
>> **
> *
> *
> *--
> Rodney Green *
> *Network/Security Administrator
> Trayer Products, Inc.
> /rgreen@trayerproducts.com /
> /607-734-8124 Ext. 343
> Security+ Certified
> /
> Honor the Fallen <http://www.militarycity.com/valor/honor.html>
> *
> *
> -- 
> This message has been scanned for viruses and
> dangerous content by **MailScanner* <http://www.mailscanner.info/>*, 
> and is
> believed to be clean.
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> *Support MailScanner development - buy the book off the website!*
> *

-- 
Rodney Green
Network/Security Administrator
Trayer Products, Inc.
/rgreen@trayerproducts.com /
/607-734-8124 Ext. 343
Security+ Certified
/
Honor the Fallen <http://www.militarycity.com/valor/honor.html>

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From drew at THEMARSHALLS.CO.UK  Wed Dec  7 13:00:03 2005
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:31:25 2006
Subject: Blocking emails that claim to come from our
Message-ID: <mailman.17698.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On Wed, December 7, 2005 12:32, Dhawal Doshy wrote:
> Glenn Steen wrote:
>> I'm off for some nice pain-killers and honeyd tea.... Will hopefully
>> make head work again:-)
>
> Get off the chair and get into the bed for some rest / sleep.

Hear, hear. No prizes for martyrs!

>
> btw, it's honey and not honeyd, which comes from here www.honeyd.org
> (one more reason to let the brain rest) :)

Hmm, a virtual cold remedy that hides the real remedy amongst a virtual
collection of pills, potions and lotions. Designed to occupy the illness'
resources in a non-constructive manner. Interesting... :-)

Drew


-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From amoore at DEKALBMEMORIAL.COM  Wed Dec  7 13:22:29 2005
From: amoore at DEKALBMEMORIAL.COM (Aaron K. Moore)
Date: Thu Jan 12 21:31:25 2006
Subject: Vispan was RE: [MAILSCANNER] Log Analysis
Message-ID: <mailman.17699.1137101485.24926.mailscanner@lists.mailscanner.info>

Is Vispan maintained anymore?  I checked the support forum on there
yesterday, but it looks like there's been very little activity on it
this year.

We've been having problems with it spontaneously clearing it's data.
That wouldn't be bad if I didn't have to then clean out the access file
by hand.

Is there anything out their similar to it that would work with milter?

-- 
Aaron Kent Moore
Information Technology Services
DeKalb Memorial Hospital, Inc.
Auburn, IN

Michele Neylon:: Blacknight.ie wrote:
> Rodney Green wrote:
>> Thanks everyone. I successfully got Vispan working. The stats it
>> provides are good enough for me right now. I just wanted to stats on
>> the number of virus infected and spam messages.
>> 
> Vispan is very handy, but I'd love to "take it to the next level"...

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Wed Dec  7 13:31:29 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:25 2006
Subject: adding a reject reason to spam messages
Message-ID: <mailman.17700.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Sam Przyswa wrote on         Wed, 7 Dec 2005 13:08:04 +0100:

> I have the same problem with a customer of mine, some sender are on 
> blacklisted ip bloc or blacklisted ISP mail server, and the mails are 
> quietly rejected by MailScanner,

Why does Mailscanner *reject* them? You should not do this! Rejection 
after MTA stage should only be used in rare circumstances because there 
are a 1.000 innocent victims for one rejected mail from a legitimate 
sender.

> 2 days ago he loosed an important mail from 
> its lawyer because of
> that.

Why don't you whitelist his lawyer?

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Wed Dec  7 13:31:29 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:25 2006
Subject: Log Analysis
Message-ID: <mailman.17701.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Rick Cooper wrote on         Wed, 7 Dec 2005 06:47:00 -0500:

> Before 
> I try it again I will install the latest Bundle::DBD:mysql and see if that 
> helps (I think I already have the latest but I will check). I will also make 
> sure I have the latest MailWatch as it's been awhile since I even tried it.

Just to clarify, there are certain versions of DBI/DBI where older versions of 
Mailwatch (before 1.00 I think) will not work with partly or at all. These are 
*newer* versions. Latest version of Mailwatch should work well with latest 
versions of DBI/DBI. It also occurs that the version numbering of DBI/DBD rpms 
is quite different across platforms. F.i. the rpms for SuSE will not ever match 
the "bad" numbers since they are numbered completely different.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Wed Dec  7 13:57:20 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:25 2006
Subject: Web site working?
Message-ID: <mailman.17702.1137101485.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----

I'm getting reports from a journalist that although he can traceroute  
to www.mailscanner.info, his web browser cannot connect to it.
Can someone check the website is visible and working please?
- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBQ5bqQ/w32o+k+q+hAQF4WQf/X5Lo5WjulNDTw5EBcM9BGDUde9xcHSm0
oskRqLjhu7YfAat8iDMRkedbsvg3CjG/Ch6NTQ7iJ7bo6mLuqOleGOOdwDxj5+rW
GheJCw0rKVUyzQuXpBhuKrQ/j1CkEGEHXpcQAE/+n1un6uicZLFQspM1KmH5M3UJ
/QNM1njbdExM5xKh2OM5YQrKIfPgLZmZmIvpuMzskUEufMcIcxJTw3Z3pRwKqz/x
+Zu3PX3lf8k7iUZndOV5Yadj07sj0Fzi7X9bfJVHS5E7WShzPWPvqaf0HK8GWREQ
CKa3mTpBKbaCphyTgl2kz/N9FK2ANLKcIr/7cHlY6rl20QCD4I6yog==
=KN44
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From roger at RUDNICK.COM.BR  Wed Dec  7 14:02:23 2005
From: roger at RUDNICK.COM.BR (Roger Jochem)
Date: Thu Jan 12 21:31:25 2006
Subject: Web site working?
Message-ID: <mailman.17703.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Here the site works fine...

----- Original Message ----- 
From: "Julian Field" <MailScanner@ECS.SOTON.AC.UK>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Wednesday, December 07, 2005 11:57 AM
Subject: Web site working?


> -----BEGIN PGP SIGNED MESSAGE-----
> 
> I'm getting reports from a journalist that although he can traceroute  
> to www.mailscanner.info, his web browser cannot connect to it.
> Can someone check the website is visible and working please?
> - -- 
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.0.3 (Build 2932)
> 
> iQEVAwUBQ5bqQ/w32o+k+q+hAQF4WQf/X5Lo5WjulNDTw5EBcM9BGDUde9xcHSm0
> oskRqLjhu7YfAat8iDMRkedbsvg3CjG/Ch6NTQ7iJ7bo6mLuqOleGOOdwDxj5+rW
> GheJCw0rKVUyzQuXpBhuKrQ/j1CkEGEHXpcQAE/+n1un6uicZLFQspM1KmH5M3UJ
> /QNM1njbdExM5xKh2OM5YQrKIfPgLZmZmIvpuMzskUEufMcIcxJTw3Z3pRwKqz/x
> +Zu3PX3lf8k7iUZndOV5Yadj07sj0Fzi7X9bfJVHS5E7WShzPWPvqaf0HK8GWREQ
> CKa3mTpBKbaCphyTgl2kz/N9FK2ANLKcIr/7cHlY6rl20QCD4I6yog==
> =KN44
> -----END PGP SIGNATURE-----
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ryan at MARINOCRANE.COM  Wed Dec  7 14:02:58 2005
From: ryan at MARINOCRANE.COM (Ryan Pitt)
Date: Thu Jan 12 21:31:25 2006
Subject: Web site working?
Message-ID: <mailman.17704.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Working from CT, USA!

Julian Field wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>
>I'm getting reports from a journalist that although he can traceroute  
>to www.mailscanner.info, his web browser cannot connect to it.
>Can someone check the website is visible and working please?
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From wietse at BOUDISQUE.NL  Wed Dec  7 14:01:51 2005
From: wietse at BOUDISQUE.NL (Wietse Muizelaar)
Date: Thu Jan 12 21:31:25 2006
Subject: Web site working?
Message-ID: <mailman.17705.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

<AOL>

Me too

</AOL>

On Wednesday, December 07, 2005 3:02 PM,
Roger Jochem <roger@RUDNICK.COM.BR> wrote:

> Here the site works fine...
> 
> ----- Original Message -----
> From: "Julian Field" <MailScanner@ECS.SOTON.AC.UK>
> To: <MAILSCANNER@JISCMAIL.AC.UK>
> Sent: Wednesday, December 07, 2005 11:57 AM
> Subject: Web site working?
> 
> 
>> -----BEGIN PGP SIGNED MESSAGE-----
>> 
>> I'm getting reports from a journalist that although he can traceroute
>> to www.mailscanner.info, his web browser cannot connect to it.
>> Can someone check the website is visible and working please?
>> - --
>> Julian Field
>> www.MailScanner.info
>> Buy the MailScanner book at www.MailScanner.info/store
>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>> 
>> 
>> -----BEGIN PGP SIGNATURE-----
>> Version: PGP Desktop 9.0.3 (Build 2932)
>> 
>> iQEVAwUBQ5bqQ/w32o+k+q+hAQF4WQf/X5Lo5WjulNDTw5EBcM9BGDUde9xcHSm0
>> oskRqLjhu7YfAat8iDMRkedbsvg3CjG/Ch6NTQ7iJ7bo6mLuqOleGOOdwDxj5+rW
>> GheJCw0rKVUyzQuXpBhuKrQ/j1CkEGEHXpcQAE/+n1un6uicZLFQspM1KmH5M3UJ
>> /QNM1njbdExM5xKh2OM5YQrKIfPgLZmZmIvpuMzskUEufMcIcxJTw3Z3pRwKqz/x
>> +Zu3PX3lf8k7iUZndOV5Yadj07sj0Fzi7X9bfJVHS5E7WShzPWPvqaf0HK8GWREQ
>> CKa3mTpBKbaCphyTgl2kz/N9FK2ANLKcIr/7cHlY6rl20QCD4I6yog==
>> =KN44
>> -----END PGP SIGNATURE-----
>> 
>> --
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>> 
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>> 
>> Support MailScanner development - buy the book off the website!
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!

-- 
Met vriendelijke groet,

Wietse Muizelaar

-------------------------------------------
W.G. Muizelaar
Boudisque Webmaster / ICT
Drieharingstraat 5-31, 3511 BH Utrecht
Telefoon: +31 (0)30 - 2394030
E-mail: wietse@boudisque.nl
Website: www.boudisque.nl
-------------------------------------------

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ewallig at AEROCONTRACTORS.COM  Wed Dec  7 14:07:06 2005
From: ewallig at AEROCONTRACTORS.COM (Ed Wallig)
Date: Thu Jan 12 21:31:25 2006
Subject: Web site working?
Message-ID: <mailman.17706.1137101485.24926.mailscanner@lists.mailscanner.info>

Working fine here as well (NC, US) 

 - Ed

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Julian Field
Sent: Wednesday, December 07, 2005 8:57 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Web site working?

-----BEGIN PGP SIGNED MESSAGE-----

I'm getting reports from a journalist that although he can traceroute to
www.mailscanner.info, his web browser cannot connect to it.
Can someone check the website is visible and working please?
- --
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81
D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBQ5bqQ/w32o+k+q+hAQF4WQf/X5Lo5WjulNDTw5EBcM9BGDUde9xcHSm0
oskRqLjhu7YfAat8iDMRkedbsvg3CjG/Ch6NTQ7iJ7bo6mLuqOleGOOdwDxj5+rW
GheJCw0rKVUyzQuXpBhuKrQ/j1CkEGEHXpcQAE/+n1un6uicZLFQspM1KmH5M3UJ
/QNM1njbdExM5xKh2OM5YQrKIfPgLZmZmIvpuMzskUEufMcIcxJTw3Z3pRwKqz/x
+Zu3PX3lf8k7iUZndOV5Yadj07sj0Fzi7X9bfJVHS5E7WShzPWPvqaf0HK8GWREQ
CKa3mTpBKbaCphyTgl2kz/N9FK2ANLKcIr/7cHlY6rl20QCD4I6yog==
=KN44
-----END PGP SIGNATURE-----

--
This message has been scanned for viruses and dangerous content by
MailScanner, and is believed to be clean.

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, Application/X-PKCS7-SIGNATURE  6.1KB. ]
    [ Unable to print this part. ]


From davidj at synaq.com  Wed Dec  7 14:04:18 2005
From: davidj at synaq.com (David Jacobson)
Date: Thu Jan 12 21:31:25 2006
Subject: Web site working?
Message-ID: <mailman.17707.1137101485.24926.mailscanner@lists.mailscanner.info>

Working From JHB, South Africa! :)

On Wed, 2005-12-07 at 09:02 -0500, Ryan Pitt wrote:
> Working from CT, USA!
> 
> Julian Field wrote:
> 
> >-----BEGIN PGP SIGNED MESSAGE-----
> >
> >I'm getting reports from a journalist that although he can traceroute  
> >to www.mailscanner.info, his web browser cannot connect to it.
> >Can someone check the website is visible and working please?
> >
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
-- 
Regards,

David Jacobson
Technical Director
SYNAQ (Pty) Ltd

Tel:    011 245 5888
Direct: 011 245 5889
Fax:    011 783 9275
Cell:   083 235 0760
Mail:   davidj@synaq.com
Web:    http://www.synaq.com    

Key Fingerprint
8246 FCE1 3C22 7EFB E61B  18DF 6E8B 65E8 BD50 78A1

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, "This is a digitally signed message part"  ]
    [ Application/PGP-SIGNATURE  196bytes. ]
    [ Unable to print this part. ]


From martinh at SOLID-STATE-LOGIC.COM  Wed Dec  7 14:08:26 2005
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:31:25 2006
Subject: Web site working?
Message-ID: <mailman.17708.1137101485.24926.mailscanner@lists.mailscanner.info>

Jules

Another me too, but it to does take a while for the ipv6 to give up before
it tries for a ipv4. This happens (of course) only for the first lookup of
the day.

Could be firewall/content restrictions at his end?

--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Julian Field
> Sent: 07 December 2005 13:57
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: [MAILSCANNER] Web site working?
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> I'm getting reports from a journalist that although he can traceroute
> to www.mailscanner.info, his web browser cannot connect to it.
> Can someone check the website is visible and working please?
> - --
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.0.3 (Build 2932)
> 
> iQEVAwUBQ5bqQ/w32o+k+q+hAQF4WQf/X5Lo5WjulNDTw5EBcM9BGDUde9xcHSm0
> oskRqLjhu7YfAat8iDMRkedbsvg3CjG/Ch6NTQ7iJ7bo6mLuqOleGOOdwDxj5+rW
> GheJCw0rKVUyzQuXpBhuKrQ/j1CkEGEHXpcQAE/+n1un6uicZLFQspM1KmH5M3UJ
> /QNM1njbdExM5xKh2OM5YQrKIfPgLZmZmIvpuMzskUEufMcIcxJTw3Z3pRwKqz/x
> +Zu3PX3lf8k7iUZndOV5Yadj07sj0Fzi7X9bfJVHS5E7WShzPWPvqaf0HK8GWREQ
> CKa3mTpBKbaCphyTgl2kz/N9FK2ANLKcIr/7cHlY6rl20QCD4I6yog==
> =KN44
> -----END PGP SIGNATURE-----
> 
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From rob at THEHOSTMASTERS.COM  Wed Dec  7 14:15:28 2005
From: rob at THEHOSTMASTERS.COM (Rob)
Date: Thu Jan 12 21:31:25 2006
Subject: Web site working?
Message-ID: <mailman.17709.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

From campbell at CNPAPERS.COM  Wed Dec  7 14:17:06 2005
From: campbell at CNPAPERS.COM (Steve Campbell)
Date: Thu Jan 12 21:31:25 2006
Subject: Log Analysis
Message-ID: <mailman.17711.1137101485.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I'm never much help with any problem to which I respond, but I'll throw this 
out anyway. It may be pointing totally in the wrong direction, but take it 
as a long shot suggestion.

I'm not sure how long ago you tried to set MW up for usage, but there was an 
error in the documentation about how to set up the SQL name/password, as I 
recall. This is fixed now (in the docs), so you may want to review the 
current stuff and re-do that part of the database.

MailWatch is well worth the effort.

Steve Campbell
campbell@cnpapers.com
Charleston Newspapers

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From joost at WAVERSVELD.NL  Wed Dec  7 14:21:42 2005
From: joost at WAVERSVELD.NL (Joost Waversveld)
Date: Thu Jan 12 21:31:26 2006
Subject: Web site working?
Message-ID: <mailman.17712.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

 From the netherlands all is working fine!!

> -----BEGIN PGP SIGNED MESSAGE-----
>
> I'm getting reports from a journalist that although he can traceroute
> to www.mailscanner.info, his web browser cannot connect to it.
> Can someone check the website is visible and working please?
> - --
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.0.3 (Build 2932)
>
> iQEVAwUBQ5bqQ/w32o+k+q+hAQF4WQf/X5Lo5WjulNDTw5EBcM9BGDUde9xcHSm0
> oskRqLjhu7YfAat8iDMRkedbsvg3CjG/Ch6NTQ7iJ7bo6mLuqOleGOOdwDxj5+rW
> GheJCw0rKVUyzQuXpBhuKrQ/j1CkEGEHXpcQAE/+n1un6uicZLFQspM1KmH5M3UJ
> /QNM1njbdExM5xKh2OM5YQrKIfPgLZmZmIvpuMzskUEufMcIcxJTw3Z3pRwKqz/x
> +Zu3PX3lf8k7iUZndOV5Yadj07sj0Fzi7X9bfJVHS5E7WShzPWPvqaf0HK8GWREQ
> CKa3mTpBKbaCphyTgl2kz/N9FK2ANLKcIr/7cHlY6rl20QCD4I6yog==
> =KN44
> -----END PGP SIGNATURE-----
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From drew at THEMARSHALLS.CO.UK  Wed Dec  7 14:23:10 2005
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:31:26 2006
Subject: Web site working?
Message-ID: <mailman.17713.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On Wed, December 7, 2005 13:57, Julian Field wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> I'm getting reports from a journalist that although he can traceroute
> to www.mailscanner.info, his web browser cannot connect to it.
> Can someone check the website is visible and working please?

Good for me too in little 'ole SE England (Demon connection)

Drew


-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From csweeney at OSUBUCKS.ORG  Wed Dec  7 14:23:11 2005
From: csweeney at OSUBUCKS.ORG (Chris Sweeney)
Date: Thu Jan 12 21:31:26 2006
Subject: Web site working?
Message-ID: <mailman.17714.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Works fine from Cincinnati Ohio.............



Julian Field wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>
>I'm getting reports from a journalist that although he can traceroute  
>to www.mailscanner.info, his web browser cannot connect to it.
>Can someone check the website is visible and working please?
>- -- 
>Julian Field
>www.MailScanner.info
>Buy the MailScanner book at www.MailScanner.info/store
>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGP Desktop 9.0.3 (Build 2932)
>
>iQEVAwUBQ5bqQ/w32o+k+q+hAQF4WQf/X5Lo5WjulNDTw5EBcM9BGDUde9xcHSm0
>oskRqLjhu7YfAat8iDMRkedbsvg3CjG/Ch6NTQ7iJ7bo6mLuqOleGOOdwDxj5+rW
>GheJCw0rKVUyzQuXpBhuKrQ/j1CkEGEHXpcQAE/+n1un6uicZLFQspM1KmH5M3UJ
>/QNM1njbdExM5xKh2OM5YQrKIfPgLZmZmIvpuMzskUEufMcIcxJTw3Z3pRwKqz/x
>+Zu3PX3lf8k7iUZndOV5Yadj07sj0Fzi7X9bfJVHS5E7WShzPWPvqaf0HK8GWREQ
>CKa3mTpBKbaCphyTgl2kz/N9FK2ANLKcIr/7cHlY6rl20QCD4I6yog==
>=KN44
>-----END PGP SIGNATURE-----
>
>  
>

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From martinh at SOLID-STATE-LOGIC.COM  Wed Dec  7 14:22:53 2005
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:31:26 2006
Subject: Web site working?
Message-ID: <mailman.17715.1137101486.24926.mailscanner@lists.mailscanner.info>

Jules

Looks like apache.org is giving people problems too....
Maybe there's some cruft happening on the old interweb
somewhere......nothing on nanog about it though..

--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Martin Hepworth
> Sent: 07 December 2005 14:08
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: [MAILSCANNER] Web site working?
> 
> Jules
> 
> Another me too, but it to does take a while for the ipv6 to give up before
> it tries for a ipv4. This happens (of course) only for the first lookup of
> the day.
> 
> Could be firewall/content restrictions at his end?
> 
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
> 
> > -----Original Message-----
> > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> > Behalf Of Julian Field
> > Sent: 07 December 2005 13:57
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: [MAILSCANNER] Web site working?
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> >
> > I'm getting reports from a journalist that although he can traceroute
> > to www.mailscanner.info, his web browser cannot connect to it.
> > Can someone check the website is visible and working please?
> > - --
> > Julian Field
> > www.MailScanner.info
> > Buy the MailScanner book at www.MailScanner.info/store
> > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> >
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: PGP Desktop 9.0.3 (Build 2932)
> >
> > iQEVAwUBQ5bqQ/w32o+k+q+hAQF4WQf/X5Lo5WjulNDTw5EBcM9BGDUde9xcHSm0
> > oskRqLjhu7YfAat8iDMRkedbsvg3CjG/Ch6NTQ7iJ7bo6mLuqOleGOOdwDxj5+rW
> > GheJCw0rKVUyzQuXpBhuKrQ/j1CkEGEHXpcQAE/+n1un6uicZLFQspM1KmH5M3UJ
> > /QNM1njbdExM5xKh2OM5YQrKIfPgLZmZmIvpuMzskUEufMcIcxJTw3Z3pRwKqz/x
> > +Zu3PX3lf8k7iUZndOV5Yadj07sj0Fzi7X9bfJVHS5E7WShzPWPvqaf0HK8GWREQ
> > CKa3mTpBKbaCphyTgl2kz/N9FK2ANLKcIr/7cHlY6rl20QCD4I6yog==
> > =KN44
> > -----END PGP SIGNATURE-----
> >
> > --
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean.
> >
> > ------------------------ MailScanner list ------------------------
> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> > Support MailScanner development - buy the book off the website!
> 
> 
> **********************************************************************
> 
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
> 
> This footnote confirms that this email message has been swept
> for the presence of computer viruses and is believed to be clean.
> 
> **********************************************************************
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ewallig at AEROCONTRACTORS.COM  Wed Dec  7 14:29:57 2005
From: ewallig at AEROCONTRACTORS.COM (Ed Wallig)
Date: Thu Jan 12 21:31:26 2006
Subject: New Release- pscm-1.0.0.2 (postfix 2.2.6, MailScanner: 4.48.4-2,
     Clamav: 0.87.1,SpamAssassin: 3.1.0)
Message-ID: <mailman.17716.1137101486.24926.mailscanner@lists.mailscanner.info>

Question - when downloading this file from the link that was sent it reports
a size of 11.3 MB but the downloaded file ends up being only 7.something MB
- anything amiss? 

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Janet Bindner
Sent: Wednesday, December 07, 2005 1:46 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: New Release- pscm-1.0.0.2 (postfix 2.2.6, MailScanner: 4.48.4-2,
Clamav: 0.87.1,SpamAssassin: 3.1.0)

Hi all,
   Latest PSCM is updated with the following:
    *  Clamav: 0.87.1
    * MailScanner: 4.48.4-2
    * SpamAssassin: 3.1.0
    * Postfix: 2.2.6

http://metawire.org/~pscm/index.html

PSCM is an RPM package that provides out-of-box easy installation for a
secure smtp mailserver with spam filtering and virus scanning capabilities.

Cheers!
Janet


		
___________________________________________________________
Yahoo! Exclusive Xmas Game, help Santa with his celebrity party -
http://santas-christmas-party.yahoo.net/

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, Application/X-PKCS7-SIGNATURE  6.1KB. ]
    [ Unable to print this part. ]


From csweeney at OSUBUCKS.ORG  Wed Dec  7 14:28:16 2005
From: csweeney at OSUBUCKS.ORG (Chris Sweeney)
Date: Thu Jan 12 21:31:26 2006
Subject: Web site working?
Message-ID: <mailman.17717.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

The internet traffic report web site is showing abit of slowing down on 
the internet this morning.

Martin Hepworth wrote:

>Jules
>
>Looks like apache.org is giving people problems too....
>Maybe there's some cruft happening on the old interweb
>somewhere......nothing on nanog about it though..
>
>--
>Martin Hepworth 
>Snr Systems Administrator
>Solid State Logic
>Tel: +44 (0)1865 842300
>
>  
>
>>-----Original Message-----
>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
>>Behalf Of Martin Hepworth
>>Sent: 07 December 2005 14:08
>>To: MAILSCANNER@JISCMAIL.AC.UK
>>Subject: Re: [MAILSCANNER] Web site working?
>>
>>Jules
>>
>>Another me too, but it to does take a while for the ipv6 to give up before
>>it tries for a ipv4. This happens (of course) only for the first lookup of
>>the day.
>>
>>Could be firewall/content restrictions at his end?
>>
>>--
>>Martin Hepworth
>>Snr Systems Administrator
>>Solid State Logic
>>Tel: +44 (0)1865 842300
>>
>>    
>>
>>>-----Original Message-----
>>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
>>>Behalf Of Julian Field
>>>Sent: 07 December 2005 13:57
>>>To: MAILSCANNER@JISCMAIL.AC.UK
>>>Subject: [MAILSCANNER] Web site working?
>>>
>>>-----BEGIN PGP SIGNED MESSAGE-----
>>>
>>>I'm getting reports from a journalist that although he can traceroute
>>>to www.mailscanner.info, his web browser cannot connect to it.
>>>Can someone check the website is visible and working please?
>>>- --
>>>Julian Field
>>>www.MailScanner.info
>>>Buy the MailScanner book at www.MailScanner.info/store
>>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>>
>>>
>>>-----BEGIN PGP SIGNATURE-----
>>>Version: PGP Desktop 9.0.3 (Build 2932)
>>>
>>>iQEVAwUBQ5bqQ/w32o+k+q+hAQF4WQf/X5Lo5WjulNDTw5EBcM9BGDUde9xcHSm0
>>>oskRqLjhu7YfAat8iDMRkedbsvg3CjG/Ch6NTQ7iJ7bo6mLuqOleGOOdwDxj5+rW
>>>GheJCw0rKVUyzQuXpBhuKrQ/j1CkEGEHXpcQAE/+n1un6uicZLFQspM1KmH5M3UJ
>>>/QNM1njbdExM5xKh2OM5YQrKIfPgLZmZmIvpuMzskUEufMcIcxJTw3Z3pRwKqz/x
>>>+Zu3PX3lf8k7iUZndOV5Yadj07sj0Fzi7X9bfJVHS5E7WShzPWPvqaf0HK8GWREQ
>>>CKa3mTpBKbaCphyTgl2kz/N9FK2ANLKcIr/7cHlY6rl20QCD4I6yog==
>>>=KN44
>>>-----END PGP SIGNATURE-----
>>>
>>>--
>>>This message has been scanned for viruses and
>>>dangerous content by MailScanner, and is
>>>believed to be clean.
>>>
>>>------------------------ MailScanner list ------------------------
>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>>'leave mailscanner' in the body of the email.
>>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>>Support MailScanner development - buy the book off the website!
>>>      
>>>
>>**********************************************************************
>>
>>This email and any files transmitted with it are confidential and
>>intended solely for the use of the individual or entity to whom they
>>are addressed. If you have received this email in error please notify
>>the system manager.
>>
>>This footnote confirms that this email message has been swept
>>for the presence of computer viruses and is believed to be clean.
>>
>>**********************************************************************
>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>Support MailScanner development - buy the book off the website!
>>    
>>
>
>
>**********************************************************************
>
>This email and any files transmitted with it are confidential and
>intended solely for the use of the individual or entity to whom they
>are addressed. If you have received this email in error please notify
>the system manager.
>
>This footnote confirms that this email message has been swept
>for the presence of computer viruses and is believed to be clean.	
>
>**********************************************************************
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>
>  
>

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dave.list at PIXELHAMMER.COM  Wed Dec  7 14:47:03 2005
From: dave.list at PIXELHAMMER.COM (DAve)
Date: Thu Jan 12 21:31:26 2006
Subject: Web site working?
Message-ID: <mailman.17718.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> I'm getting reports from a journalist that although he can traceroute  
> to www.mailscanner.info, his web browser cannot connect to it.
> Can someone check the website is visible and working please?
> - -- 
> Julian Field

Works from Indiana USA.

DAve

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From eidenschink at WEB.DE  Wed Dec  7 14:51:03 2005
From: eidenschink at WEB.DE (Bernd Eidenschink)
Date: Thu Jan 12 21:31:26 2006
Subject: Web site working?
Message-ID: <mailman.17719.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

> I'm getting reports from a journalist that although he can traceroute
> to www.mailscanner.info, his web browser cannot connect to it.
> Can someone check the website is visible and working please?

...and works from Germany (at least for me...) :-)

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From aslan at AEON.COM.BR  Wed Dec  7 14:50:01 2005
From: aslan at AEON.COM.BR (Aslan Carlos)
Date: Thu Jan 12 21:31:26 2006
Subject: Web site working?
Message-ID: <mailman.17720.1137101486.24926.mailscanner@lists.mailscanner.info>

Hi,
>From Brazil we can connect to www.mailscanner.info 

On Wed, 2005-12-07 at 09:47 -0500, DAve wrote:
> Julian Field wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > 
> > I'm getting reports from a journalist that although he can traceroute  
> > to www.mailscanner.info, his web browser cannot connect to it.
> > Can someone check the website is visible and working please?
> > - -- 
> > Julian Field
> 

> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From rgreen at TRAYERPRODUCTS.COM  Wed Dec  7 15:04:58 2005
From: rgreen at TRAYERPRODUCTS.COM (Rodney Green)
Date: Thu Jan 12 21:31:26 2006
Subject: Web site working?
Message-ID: <mailman.17721.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Wonder if this has anything to do with the problems:

http://www.internettrafficreport.com/history/81.htm


Bernd Eidenschink wrote:

 I'm getting reports from a journalist that although he can traceroute
to www.mailscanner.info, his web browser cannot connect to it.
Can someone check the website is visible and working please?
    

 ...and works from Germany (at least for me...) :-)

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

  


--
Rodney Green Network/Security Administrator
Trayer Products, Inc.
rgreen@trayerproducts.com
607-734-8124 Ext. 343
Security+ Certified

Honor the Fallen

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


    [ Part 2, Image/JPEG  8.8KB. ]
    [ Unable to print this part. ]


From eaperezh at GMAIL.COM  Wed Dec  7 15:28:47 2005
From: eaperezh at GMAIL.COM (Erick Perez)
Date: Thu Jan 12 21:31:26 2006
Subject: adding a reject reason to spam messages
Message-ID: <mailman.17722.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

ok i will then move spam to quarantine and do nothnig at mta, i will test
for a few days them.
the main reason was that if AOL is doing is, then why not me... ;)


On 12/7/05, Kai Schaetzl <maillists@conactive.com> wrote:
      Sam Przyswa wrote on         Wed, 7 Dec 2005 13:08:04 +0100:

      > I have the same problem with a customer of mine, some
      sender are on
      > blacklisted ip bloc or blacklisted ISP mail server, and the
      mails are
      > quietly rejected by MailScanner,

      Why does Mailscanner *reject* them? You should not do this!
      Rejection
      after MTA stage should only be used in rare circumstances
      because there
      are a 1.000 innocent victims for one rejected mail from a
      legitimate
      sender.

      > 2 days ago he loosed an important mail from
      > its lawyer because of
      > that.

      Why don't you whitelist his lawyer?

      Kai

      --
      Kai Schätzl, Berlin, Germany
      Get your web at Conactive Internet Services:
      http://www.conactive.com
      IE-Center: http://ie5.de & http://msie.winware.org

      ------------------------ MailScanner list
      ------------------------
      To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
      'leave mailscanner' in the body of the email.
      Before posting, read the Wiki (
      http://wiki.mailscanner.info/) and
      the archives
      (http://www.jiscmail.ac.uk/lists/mailscanner.html).

      Support MailScanner development - buy the book off the
      website!




--

-------------------------------------------
Erick Perez
Linux User 376588
http://counter.li.org/  (Get counted!!!)
Panama, Republic of Panama

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From michele at BLACKNIGHT.IE  Wed Dec  7 15:50:19 2005
From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:31:26 2006
Subject: Web site working?
Message-ID: <mailman.17723.1137101486.24926.mailscanner@lists.mailscanner.info>

Joost Waversveld <> said on 07 December 2005 14:22:

>  From the netherlands all is working fine!!
> 

The site works. Yay!

*yawn*

/me goes back to registering .eu domains

Mr Michele Neylon
Blacknight Solutions
Quality Business Hosting & Colocation
http://www.blacknight.ie/
Tel. 1850 927 280
Intl. +353 (0) 59  9183072
UK: 0870 163 0607
Direct Dial: +353 (0)59 9183090
Fax. +353 (0) 59  9164239

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From technician at CENPAC.NET.NR  Wed Dec  7 15:53:02 2005
From: technician at CENPAC.NET.NR (Jon Leeman)
Date: Thu Jan 12 21:31:26 2006
Subject: Web site working?
Message-ID: <mailman.17724.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Works fine from Nauru, Central Pacific, at 0351 local [1551 UTC].

Jon

Julian Field wrote:
> I'm getting reports from a journalist that although he can traceroute  
> to www.mailscanner.info, his web browser cannot connect to it.
> Can someone check the website is visible and working please?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jaearick at COLBY.EDU  Wed Dec  7 16:01:41 2005
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:31:26 2006
Subject: spamassassin/dccifd: write(MTA socket,XX): Broken pipe
Message-ID: <mailman.17725.1137101486.24926.mailscanner@lists.mailscanner.info>

At the risk of getting flamed, I'll crosspost to both the MailScanner
and DCC mailing lists...  There has been a thread of discussion on
the DCC list about "spamassassin/dccifd: write(MTA socket,XX): Broken pipe"
and what the dcc_timeout setting should be for SpamAssassin 3.1.
Apparently SA lowered the timeout number from 10 seconds to 5
seconds between SA 3.0.4 and 3.1.   The question is:  how to
make the broken pipe message go away if you are calling DCC from
SpamAssassin?

I added "dcc_timeout 10" to my spam.assassin.prefs.conf in my
MailScanner/etc directory (MS 4.47.4, Solaris 9).  It seems to
have reduced the number of broken pipe messages, but...  When
I ran MailScanner in debug mode, I saw no references to dcc_timeout
in the output.  Did I do the right thing?  Any other MS users
seeing this broken pipe complaint?

Jeff Earickson
Colby College

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From eaperezh at GMAIL.COM  Wed Dec  7 16:23:05 2005
From: eaperezh at GMAIL.COM (Erick Perez)
Date: Thu Jan 12 21:31:26 2006
Subject: Blocking emails that claim to come from our domain
Message-ID: <mailman.17726.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

isnt this supposed to work?

smtpd_client_restrictions = permit_mynetworks, check_client_access
hash:/etc/postfix/mydomain_rules, warn_if_reject
smtpd_helo_restrictions = permit_mynetworks, check_client_access
hash:/etc/postfix/mydomain_rules, warn_if_reject

however in the logs:

Dec  7 11:19:14 mail postfix/smtpd[15886]: 5A89575854F:
client=fpacifico.com[numericlinkwarning 201.226.94.250]
Dec  7 11:19:19 mail postfix/cleanup[15932]: 5A89575854F: hold: header
Received: from erick (fpacifico.com [numericlinkwarning
201.226.94.250])??by mail.flyairpanama.com (mail.flyairpanama.com) with
SMTP id 5A89575854F??for <eaperezh@flyairpanama.com>; Wed,  7 Dec 2005
11:19:04 -0500 (EST) from fpacifico.com[numericlinkwarning
201.226.94.250]; from=<eaperezh@flyairpanama.com>
to=<eaperezh@flyairpanama.com> proto=SMTP helo=<erick>
Dec  7 11:19:23 mail postfix/virtual[15909]: C157E758570:
to=<eaperezh@flyairpanama.com>, relay=virtual, delay=19, status=sent
(delivered to mailbox)

my mydomain_rules:
flyairpanama.com REJECT Rejected. You are not me.




On 12/7/05, Glenn Steen <glenn.steen@gmail.com> wrote:
      On 07/12/05, Erick Perez <eaperezh@gmail.com> wrote:
      > what about MS and postfix?
      > where do i implement that?
      >
      I'm at home on sick-leave (hopfully, just today....), so this
      is
      entirely from memory (and that is a bit flaky at best:-)...
      As said, I apply a restriktion on helo and on senders so this
      might
      look something like (in main.cf "#" inserted to show where
      the lines
      are (wrapping))
      #
      smtpd_helo_restrictions = permit_mynetworks,
      reject_invalid_hostname,
      reject_non_fqdn_hostname, check_helo_access
      hash:/path/to/access_map/file
      #
      smtpd_helo_restrictions =
      permit_mynetworks,  check_sender_access
      hash:/path/to/access_map/file
      #
      And in the map file, you have a line rejecting your own
      domain... something like
      yourdomain.tld REJECT You are not me...

      Then couple that with the recipient maps check (for valid
      recipients),
      and then you can only receive mail from non-spoofing senders
      to valid
      recipients (that part is described well in the MailScanner
      wiki). You
      can, of course, couple these restrictions with any
      restrictions you
      feel are necessary ("man 5 postconf" is a good place to see
      exactly
      what settings you have available)

      .... Or did I missunderstand your question?

      --
      -- Glenn
      email: glenn < dot > steen < at > gmail < dot > com
      work: glenn < dot > steen < at > ap1 < dot > se

      ------------------------ MailScanner list
      ------------------------
      To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
      'leave mailscanner' in the body of the email.
      Before posting, read the Wiki (http://wiki.mailscanner.info/)
      and
      the archives (
      http://www.jiscmail.ac.uk/lists/mailscanner.html).

      Support MailScanner development - buy the book off the
      website!




--

-------------------------------------------
Erick Perez
Linux User 376588
http://counter.li.org/  (Get counted!!!)
Panama, Republic of Panama

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From brad at BECKENHAUER.COM  Wed Dec  7 16:06:28 2005
From: brad at BECKENHAUER.COM (brad@beckenhauer.com)
Date: Thu Jan 12 21:31:26 2006
Subject: Log Analysis
Message-ID: <mailman.17727.1137101486.24926.mailscanner@lists.mailscanner.info>

Using Vispan 2.0.2 & Postfix here.
 
I'll second Michele's comments below.  Currently we can compare the real numbers for Current activity and last period.  After that we have to look at the graph and approximate the previous periods.
 
1) How about a cvs export of the data on the web page, or an option to dump the data to cvs format ( or email the cvs to a designated role in the conf file).
2) I'd like to have the Inbound and Outbound Queue graphs & the  "Mail Pending" fixed for Postfix users ( I manually patch the source to get the graphs going).
3) Option to disable graphing "Rejected" data.   I have periods where the "rejected" is so high that the remaining graph lines get blurred together.

>>> Michele Neylon :: Blacknight Solutions<michele@BLACKNIGHT.IE> 12/7/2005 4:12:13 AM >>>

David While <> said on 07 December 2005 10:03:

> Give me some insight in what you want in "the next level" and I will
> see what I can do. 
> 


More details and monthly breakdowns, so that we could see which viruses were
prevalent in each month etc., 
If the stats were in XML or something else it would make it a lot easier to
manipulate them using external software and make prettty graphs :) 

At the moment we get overall trends and "last period", but it's not possible
to see what has happened over a 3 month period or compare one period with
another, as there is no archive more of a cumulative stats.


Michele


Mr Michele Neylon
Blacknight Solutions
Quality Business Hosting & Colocation
http://www.blacknight.ie/ 
Tel. 1850 927 280
Intl. +353 (0) 59  9183072
UK: 0870 163 0607
Direct Dial: +353 (0)59 9183090
Fax. +353 (0) 59  9164239

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Wed Dec  7 16:31:24 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:26 2006
Subject: Web site working?
Message-ID: <mailman.17728.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote on         Wed, 7 Dec 2005 13:57:20 +0000:

> I'm getting reports from a journalist that although he can traceroute   
> to www.mailscanner.info, his web browser cannot connect to it. 
> Can someone check the website is visible and working please?

works from Berlin.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Wed Dec  7 16:31:24 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:26 2006
Subject: adding a reject reason to spam messages
Message-ID: <mailman.17729.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Erick Perez wrote on         Wed, 7 Dec 2005 10:28:47 -0500:

> ok i will then move spam to quarantine and do nothnig at mta, i will test 
> for a few days them. 
> the main reason was that if AOL is doing is, then why not me...

Erick, you are still a bit confused ;-) Doing at MTA level is the right 
thing, doing it *after* MTA (= with MailScanner) should not be done if you 
can avoid. You can usually change the messages the MTA gives as a reason, 
they just have be one line and not too long.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From chris at TAC.ESI.NET  Wed Dec  7 16:27:54 2005
From: chris at TAC.ESI.NET (Chris Hammond)
Date: Thu Jan 12 21:31:26 2006
Subject: Blocking emails that claim to come from our domain
Message-ID: <mailman.17730.1137101486.24926.mailscanner@lists.mailscanner.info>

Add this line to your main.cf

check_helo_access hash:/etc/postfix/helo_checks

Add this to /etc/postfix as helo_checks and edit to your specifics and postmap the file.

# This file has to be "compiled" with "postmap"

# Reject anybody that HELO's as being in our own domain(s)
# (Note that if you followed the order suggested in the main.cf
# examples, above, that machines in mynetworks will be okay.)

your.domain.com                     REJECT Internal domain being spoofed.

# Somebody HELO'ing with our IP address?
xxx.xxx.xxx.xxx                  REJECT You are not xxx.xxx.xxx.xxx

# Somebody HELO'ing as "localhost?"  Impossible, we're "localhost"
localhost                       REJECT You are not localhost

Chris

 
>>> eaperezh@GMAIL.COM 12/07/05 11:23 am >>> 
isnt this supposed to work?

smtpd_client_restrictions = permit_mynetworks, check_client_access
hash:/etc/postfix/mydomain_rules, warn_if_reject
smtpd_helo_restrictions = permit_mynetworks, check_client_access
hash:/etc/postfix/mydomain_rules, warn_if_reject

however in the logs:

Dec  7 11:19:14 mail postfix/smtpd[15886]: 5A89575854F: client=fpacifico.com
[201.226.94.250]
Dec  7 11:19:19 mail postfix/cleanup[15932]: 5A89575854F: hold: header
Received: from erick (fpacifico.com [201.226.94.250])??by
mail.flyairpanama.com (mail.flyairpanama.com) with SMTP id 5A89575854F??for
<eaperezh@flyairpanama.com>; Wed,  7 Dec 2005 11:19:04 - 0500 (EST) from
fpacifico.com[201.226.94.250]; from=<eaperezh@flyairpanama.com> to=<
eaperezh@flyairpanama.com> proto=SMTP helo=<erick>
Dec  7 11:19:23 mail postfix/virtual[15909]: C157E758570: to=<
eaperezh@flyairpanama.com>, relay=virtual, delay=19, status=sent (delivered
to mailbox)

my mydomain_rules:
flyairpanama.com REJECT Rejected. You are not me.




On 12/7/05, Glenn Steen <glenn.steen@gmail.com> wrote:
>
> On 07/12/05, Erick Perez <eaperezh@gmail.com> wrote:
> > what about MS and postfix?
> > where do i implement that?
> >
> I'm at home on sick- leave (hopfully, just today....), so this is
> entirely from memory (and that is a bit flaky at best:- )...
> As said, I apply a restriktion on helo and on senders so this might
> look something like (in main.cf "#" inserted to show where the lines
> are (wrapping))
> #
> smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname,
> reject_non_fqdn_hostname, check_helo_access
> hash:/path/to/access_map/file
> #
> smtpd_helo_restrictions = permit_mynetworks,  check_sender_access
> hash:/path/to/access_map/file
> #
> And in the map file, you have a line rejecting your own domain...
> something like
> yourdomain.tld REJECT You are not me...
>
> Then couple that with the recipient maps check (for valid recipients),
> and then you can only receive mail from non- spoofing senders to valid
> recipients (that part is described well in the MailScanner wiki). You
> can, of course, couple these restrictions with any restrictions you
> feel are necessary ("man 5 postconf" is a good place to see exactly
> what settings you have available)
>
> .... Or did I missunderstand your question?
>
> --
> --  Glenn
> email: glenn < dot > steen < at > gmail < dot > com
> work: glenn < dot > steen < at > ap1 < dot > se
>
> ------------------------  MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development -  buy the book off the website!
>



--

-------------------------------------------
Erick Perez
Linux User 376588
http://counter.li.org/  (Get counted!!!)
Panama, Republic of Panama

------------------------  MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development -  buy the book off the website!

--  
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From drew at THEMARSHALLS.CO.UK  Wed Dec  7 16:39:43 2005
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:31:26 2006
Subject: Blocking emails that claim to come from our
Message-ID: <mailman.17731.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On Wed, December 7, 2005 16:23, Erick Perez wrote:
> isnt this supposed to work?
>
> smtpd_client_restrictions = permit_mynetworks, check_client_access
> hash:/etc/postfix/mydomain_rules, warn_if_reject
> smtpd_helo_restrictions = permit_mynetworks, check_client_access
> hash:/etc/postfix/mydomain_rules, warn_if_reject

The warn_if_reject is in the wrong place. It should look like:

smtpd_client_restrictions = permit_mynetworks,  warn_if_reject
check_client_access hash:/etc/postfix/mydomain_rules

Don't forget to postmap the mydomain_rules file

Drew


-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Wed Dec  7 16:34:31 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:26 2006
Subject: Log Analysis
Message-ID: <mailman.17732.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Pentland G. spake the following on 12/7/2005 2:36 AM:
> Apologies for not having time to read the entire thread...
> 
> I have cron jobs that read yesterday's log file "maillog.0.gz" and email
> the results from a series of perl scripts of the form...
> 
> <snip>
> #!/usr/bin/perl
> 
> # Reset counters
> $TotalMails   = 0;
> $Totalin      = 0;
> $TotalViruses = 0;
> $TotalSpam    = 0;
> $DeliveredSpam = 0;
> $DeletedSpam = 0;
> $DeletedViruses = 0;
> $UserUnknown = 0;
> $satimeout = 0;
> $MsgsDeletedAtSix         = 0;
> $MsgsDeletedAtEight       = 0;
> $MsgsDeletedAtTwentyEight = 0;
> $MsgsNotDeletedBySpamdump =0;
> $UnderFour               = 0;
> $FourToEight             = 0;
> $EightToTwelve           = 0;
> $TwelveToSixteen         = 0;
> $SixteenToTwenty         = 0;
> $TwentytoTwentyFour      = 0;
> $TwentyFourtoTwentyEight = 0;
> $OverTwentyEight         = 0;
> $TotalBelowEight         = 0;
> $TotalAboveEight         = 0;
> $TotalBelowSix           = 0;
> $TotalSixToEight         = 0;
> $TotalEightToTwentyEight = 0;
> $TotalAboveTwentyEight   = 0;
> $rfcerrors               = 0;
> 
> while($_=<STDIN>) {
>   chomp;
>   if (/sendmail/) {
>     $TotalMails += $1 if /nrcpts=(\d+),/;
>     $UserUnknown += 1 if /User does not exist at this site/i;
>     $rfcerrors += 1 if /address does not conform to RFC 2821 syntax/;
>     next;
>   }
>   if (/mailscanner/i) {
>     $TotalViruses += $1 if /Virus Scanning: Found (\d+) viruses/i;
>     $TotalSpam    += $1 if /Spam Checks: Found (\d+) spam messages/i;
>     $DeliveredSpam += 1 if /actions are deliver/i;
>     $DeletedSpam  += 1 if /actions are delete/i;
>     $DeletedSpam  += 1 if /Returning action delete/i;
>     $DeletedViruses += 1 if /Viruses marked as silent/;
>     $satimeout += 1 if /SpamAssassin (timed out)/;
>     if (/Returning value (\d+) for (\w+)/) {
>         $MsgsDeletedAtSix += 1 if $1 == 6;
>         $MsgsDeletedAtEight += 1 if $1 == 8;
>         $MsgsDeletedAtTwentyEight += 1 if $1 == 28;
>         $MsgsNotDeletedBySpamdump += 1 if $1 == 600;
>     }
> 
>   $TotalBelowSix            += 1 if /score\=(\d+)/ && $1 < 6;
>   $TotalSixToEight          += 1 if /score\=(\d+)/ && 6 <= $1 && $1 < 8;
>   $TotalEightToTwentyEight  += 1 if /score\=(\d+)/ && 8 <= $1 && $1 <
> 28;
>   $TotalAboveTwentyEight    += 1 if /score\=(\d+)/ && 28 <= $1;
>   }
> }
> 
> $Totalin = $MsgsDeletedAtSix + $MsgsDeletedAtEight +
> $MsgsDeletedAtTwentyEight + $MsgsNotDeletedBySpamdump;
> 
> print "Main Totals\n\n";
> print "Total Mails
> $TotalMails\n";
> print " Total inbound from the outside world
> $Totalin\n";
> print "Total Viruses
> $TotalViruses\n";
> print "Total Spam
> $TotalSpam\n";
> print "Rejected mail for unknown recipients
> $UserUnknown\n";
> print "Rejected as not to RFC 2821 syntax
> $rfcerrors\n";
> print "Auto-Deleted Spam
> $DeletedSpam\n";
> print "Silently Deleted Viruses
> $DeletedViruses\n";
> print "SpamAssassin Timeouts
> $satimeout\n";
> print "\n";
> print "Number of lookups for users that have set SpamDump at 6
> $MsgsDeletedAtSix\n";
> print "Number of lookups for users that have set SpamDump at 8
> $MsgsDeletedAtEight\n";
> print "Number of lookups for users that have set SpamDump at 28
> $MsgsDeletedAtTwentyEight\n";
> print "Number of lookups for users that have set SpamDump off
> $MsgsNotDeletedBySpamdump\n";
> print "\n\n";
> print "SpamAssassin Score Distribution\n\n";
> print "Messages Below 6            $TotalBelowSix\n";
> print "Messages of 6 -> Below 8    $TotalSixToEight\n";
> print "Messages of 8 -> Below 28   $TotalEightToTwentyEight\n";
> print "Messages 28 or Above        $TotalAboveTwentyEight\n";
> </snip>
> 
> This is one of 7 scripts and the resultant emails are collated by
> management into their spreadsheets, everyone seems happy with type of
> setup although I am trying to get enough money to buy a database server
> (or steal some space on the corporate one) to run Mailwatch:-)
> 
> Hope that is of some use,
> 
> Gary
> 
You don't have to buy a database server. The load that MySQL adds to an
existing mail server is minimal, and you can keep the database size
manageable by setting how many days of info to keep.
If you absolutely "need" a separate DB server, go look in the bin for
the systems that were "too slow for Windows XP" and throw a free linux
distro on it. An old PentiumII with 256 Megs of ram and half a dozen
Gigs of hard drive should be more than enough to keep up.


-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From KLekas at FOXRIVER.COM  Wed Dec  7 16:57:48 2005
From: KLekas at FOXRIVER.COM (Kosta Lekas)
Date: Thu Jan 12 21:31:26 2006
Subject: Blocking emails that claim to come from our
Message-ID: <mailman.17733.1137101486.24926.mailscanner@lists.mailscanner.info>

Have you guys heard of Mail::SpamAssassin::Plugin::SPF
http://www.openspf.org/

kosta

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of Drew Marshall
Sent: Wednesday, December 07, 2005 10:40 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Blocking emails that claim to come from our

On Wed, December 7, 2005 16:23, Erick Perez wrote:
> isnt this supposed to work?
>
> smtpd_client_restrictions = permit_mynetworks, check_client_access
> hash:/etc/postfix/mydomain_rules, warn_if_reject
> smtpd_helo_restrictions = permit_mynetworks, check_client_access
> hash:/etc/postfix/mydomain_rules, warn_if_reject

The warn_if_reject is in the wrong place. It should look like:

smtpd_client_restrictions = permit_mynetworks,  warn_if_reject
check_client_access hash:/etc/postfix/mydomain_rules

Don't forget to postmap the mydomain_rules file

Drew


-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From technician at CENPAC.NET.NR  Wed Dec  7 16:59:00 2005
From: technician at CENPAC.NET.NR (Jon Leeman)
Date: Thu Jan 12 21:31:26 2006
Subject: Blocking emails that claim to come from our domain
Message-ID: <mailman.17734.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I just tried,

smtpd_client_restrictions = permit_mynetworks, check_client_access 
hash:/etc/postfix/mydomain_rules
smtpd_helo_restrictions = permit_mynetworks,  check_helo_access 
hash:/etc/postfix/mydomain_rules

(without the warn_if_reject)

and received this from the MX from outside the network,

220 nract1.cenpac.net.nr GATEWAY MX  - We don't authorise this 
mailserver for the transport of unsolicited and/or bulk email.
helo jon.cenpac.net.nr
250 nract1.cenpac.net.nr
mail from:postmaster@cenpac.net.nr
250 Ok
rcpt to:jleeman@cenpac.net.nr
554 <jon.cenpac.net.nr>: Helo command rejected: Rejected. You are not me




Erick Perez wrote:
> isnt this supposed to work?
> 
> smtpd_client_restrictions = permit_mynetworks, check_client_access
> hash:/etc/postfix/mydomain_rules, warn_if_reject
> smtpd_helo_restrictions = permit_mynetworks, check_client_access
> hash:/etc/postfix/mydomain_rules, warn_if_reject
> 
> however in the logs:
> 
> Dec  7 11:19:14 mail postfix/smtpd[15886]: 5A89575854F: client=fpacifico.com
> [201.226.94.250]
> Dec  7 11:19:19 mail postfix/cleanup[15932]: 5A89575854F: hold: header
> Received: from erick (fpacifico.com [201.226.94.250])??by
> mail.flyairpanama.com (mail.flyairpanama.com) with SMTP id 5A89575854F??for
> <eaperezh@flyairpanama.com>; Wed,  7 Dec 2005 11:19:04 -0500 (EST) from
> fpacifico.com[201.226.94.250]; from=<eaperezh@flyairpanama.com> to=<
> eaperezh@flyairpanama.com> proto=SMTP helo=<erick>
> Dec  7 11:19:23 mail postfix/virtual[15909]: C157E758570: to=<
> eaperezh@flyairpanama.com>, relay=virtual, delay=19, status=sent (delivered
> to mailbox)
> 
> my mydomain_rules:
> flyairpanama.com REJECT Rejected. You are not me.
> 
> 
> 
> 
> On 12/7/05, Glenn Steen <glenn.steen@gmail.com> wrote:
> 
>>On 07/12/05, Erick Perez <eaperezh@gmail.com> wrote:
>>
>>>what about MS and postfix?
>>>where do i implement that?
>>>
>>
>>I'm at home on sick-leave (hopfully, just today....), so this is
>>entirely from memory (and that is a bit flaky at best:-)...
>>As said, I apply a restriktion on helo and on senders so this might
>>look something like (in main.cf "#" inserted to show where the lines
>>are (wrapping))
>>#
>>smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname,
>>reject_non_fqdn_hostname, check_helo_access
>>hash:/path/to/access_map/file
>>#
>>smtpd_helo_restrictions = permit_mynetworks,  check_sender_access
>>hash:/path/to/access_map/file
>>#
>>And in the map file, you have a line rejecting your own domain...
>>something like
>>yourdomain.tld REJECT You are not me...
>>
>>Then couple that with the recipient maps check (for valid recipients),
>>and then you can only receive mail from non-spoofing senders to valid
>>recipients (that part is described well in the MailScanner wiki). You
>>can, of course, couple these restrictions with any restrictions you
>>feel are necessary ("man 5 postconf" is a good place to see exactly
>>what settings you have available)
>>
>>.... Or did I missunderstand your question?
>>
>>--
>>-- Glenn
>>email: glenn < dot > steen < at > gmail < dot > com
>>work: glenn < dot > steen < at > ap1 < dot > se
>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>Support MailScanner development - buy the book off the website!
>>
> 
> 
> 
> 
> --
> 
> -------------------------------------------
> Erick Perez
> Linux User 376588
> http://counter.li.org/  (Get counted!!!)
> Panama, Republic of Panama
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Wed Dec  7 16:43:26 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:26 2006
Subject: adding a reject reason to spam messages
Message-ID: <mailman.17735.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Erick Perez spake the following on 12/7/2005 7:28 AM:
> ok i will then move spam to quarantine and do nothnig at mta, i will
> test for a few days them.
> the main reason was that if AOL is doing is, then why not me... ;)
If AOL is doing it is a good reason to NOT do it. They seem to be one of
the 800 pound gorillas of the internet world that does what they please
and only care about their $25 dollar monthly contributors.

The biggest offenders to our mail system are AOL and Hotmail. But that
doesn't mean I would reject them, just in case my bosses sister
( brother, mistress, whatever) is using one of them.
-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From drew at THEMARSHALLS.CO.UK  Wed Dec  7 17:07:01 2005
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:31:26 2006
Subject: Blocking emails that claim to come from our
Message-ID: <mailman.17736.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On Wed, December 7, 2005 16:57, Kosta Lekas wrote:
> Have you guys heard of Mail::SpamAssassin::Plugin::SPF
> http://www.openspf.org/

Yes but it's not that reliable ATM. Postfix can reject at SMTP based on
SPF but it's too draconian (More than rejecting based on clients with
invalid MX/ A records).

Drew


-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From drew at THEMARSHALLS.CO.UK  Wed Dec  7 17:10:03 2005
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:31:26 2006
Subject: Blocking emails that claim to come from our
Message-ID: <mailman.17737.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On Wed, December 7, 2005 16:59, Jon Leeman wrote:
> I just tried,
>
> smtpd_client_restrictions = permit_mynetworks, check_client_access
> hash:/etc/postfix/mydomain_rules
> smtpd_helo_restrictions = permit_mynetworks,  check_helo_access
> hash:/etc/postfix/mydomain_rules
>
> (without the warn_if_reject)
>
> and received this from the MX from outside the network,
>
> 220 nract1.cenpac.net.nr GATEWAY MX  - We don't authorise this
> mailserver for the transport of unsolicited and/or bulk email.
> helo jon.cenpac.net.nr
> 250 nract1.cenpac.net.nr
> mail from:postmaster@cenpac.net.nr
> 250 Ok
> rcpt to:jleeman@cenpac.net.nr
> 554 <jon.cenpac.net.nr>: Helo command rejected: Rejected. You are not me
>>
>> my mydomain_rules:
>> flyairpanama.com REJECT Rejected. You are not me.

Could you post the logs from this.

Thanks

Drew


-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mkettler at EVI-INC.COM  Wed Dec  7 17:20:58 2005
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:31:26 2006
Subject: adding a reject reason to spam messages
Message-ID: <mailman.17738.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Erick Perez wrote:
> Well, if a legitimate user is sending a mail from an ip block that has
> been tagged as spam-generating (like an open-proxy that was later
> closed), i wanted to tell the user that his/her email was
> rejected/tagged as spam because it appeared in a spam/openproxy database.
> 
> I've been in that position several times because one of the internet
> providers I use is being constantly entered into spam generating ip-blocks.
> 
> When I was blocked i whised something will bouce back telling me why was
> not delivered instead of making me "think" it was delivered.
> 
> ok, maybe not the user, but how about a forward to the postmaster of the
> offending domain with a copy of the message that triggered the reject?


Question: how do you know WHO to send the message to? How do you know the
appropriate postmaster for the IP address?

You certainly can't trust the From: Return-Path, or any other claimed email
address in the message. In the case of real spam these are forged.

This is why auto-bouncing spam notices is bad, real spam causes you to send
piles of mis-directed and completely useless notices to innocent third parties
who had their email address forged by a spammer.

I for one immediately blacklist sites that send such messages to my network. I
figure that any such server could at any moment flood my server with a large
deluge from a spam run.

A knowing spammer can intentionally abuse such a system as a method of DDoS
attack, using your server, and many others, as a flood-generating relay to shut
down networks.


Unfortunately, hand-reporting is the only way to go. This can't be done
automatically without creating an abusable flood-bot.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Wed Dec  7 17:07:42 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:26 2006
Subject: Log Analysis
Message-ID: <mailman.17739.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

David While spake the following on 12/7/2005 2:03 AM:
> Give me some insight in what you want in "the next level" and I will see
> what I can do.
> 

Maybe getting the config page to either work or go away.

Mine shows clamav from 6 versions back, and MailScanner from 10 versions
back. It doesn't even attempt to guess at McAfee.


-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From technician at CENPAC.NET.NR  Wed Dec  7 17:28:31 2005
From: technician at CENPAC.NET.NR (Jon Leeman)
Date: Thu Jan 12 21:31:26 2006
Subject: Blocking emails that claim to come from our
Message-ID: <mailman.17740.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Drew Marshall wrote:
> On Wed, December 7, 2005 16:59, Jon Leeman wrote:
> 
>>I just tried,
>>
>>smtpd_client_restrictions = permit_mynetworks, check_client_access
>>hash:/etc/postfix/mydomain_rules
>>smtpd_helo_restrictions = permit_mynetworks,  check_helo_access
>>hash:/etc/postfix/mydomain_rules
>>
>>(without the warn_if_reject)
>>
>>and received this from the MX from outside the network,
>>
>>220 nract1.cenpac.net.nr GATEWAY MX  - We don't authorise this
>>mailserver for the transport of unsolicited and/or bulk email.
>>helo jon.cenpac.net.nr
>>250 nract1.cenpac.net.nr
>>mail from:postmaster@cenpac.net.nr
>>250 Ok
>>rcpt to:jleeman@cenpac.net.nr
>>554 <jon.cenpac.net.nr>: Helo command rejected: Rejected. You are not me
>>
>>>my mydomain_rules:
>>>flyairpanama.com REJECT Rejected. You are not me.
> 
> 
> Could you post the logs from this.

 From /var/mail/info [Mandrake 10.0]

Dec  8 05:12:09 nract1 postfix/smtpd[6820]: NOQUEUE: reject: RCPT from 
unknown[203.98.227.11]: 554 <jon.cenpac.net.nr>: Helo command rejected: 
Rejected.  You are not me.; from=<postmaster@cenpac.net.nr> 
to=<jleeman@cenpac.net.nr> proto=SMTP helo=<jon.cenpac.net.nr>

Regards,

Jon

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From rgreen at TRAYERPRODUCTS.COM  Wed Dec  7 17:37:21 2005
From: rgreen at TRAYERPRODUCTS.COM (Rodney Green)
Date: Thu Jan 12 21:31:26 2006
Subject: vispan logrotate
Message-ID: <mailman.17741.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hello,

How does Vispan handle log rotation? When my maillog file is rotated by 
logrotate and maillog is an empty file will the stats get all messed up 
because of that?

Thanks,
Rod

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Wed Dec  7 17:22:18 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:26 2006
Subject: Web site working?
Message-ID: <mailman.17742.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Rodney Green spake the following on 12/7/2005 7:04 AM:
> Wonder if this has anything to do with the problems:
> 
> http://www.internettrafficreport.com/history/81.htm
> 

Somebody tripped over the power cord! ;)


-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ugob at CAMO-ROUTE.COM  Wed Dec  7 17:52:56 2005
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:31:26 2006
Subject: vispan logrotate
Message-ID: <mailman.17743.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Rodney Green wrote:
> Hello,
> 
> How does Vispan handle log rotation? When my maillog file is rotated by 
> logrotate and maillog is an empty file will the stats get all messed up 
> because of that?
> 
> Thanks,
> Rod
> 

I use logrotate and didn't have any problems with Vispan stats.  Vispan 
checks your logs every 10 minutes, so at worse you'll loose a few 
minutes of stats, but I think it should look more like a few seconds.

Regards,

-- 
Ugo

-> Please don't send a copy of your reply by e-mail.  I read the list.
-> Please avoid top-posting, long signatures and HTML, and cut the 
irrelevant parts in your replies.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ugob at CAMO-ROUTE.COM  Wed Dec  7 17:54:22 2005
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:31:26 2006
Subject: spamassassin/dccifd: write(MTA socket,XX): Broken pipe
Message-ID: <mailman.17744.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Jeff A. Earickson wrote:
> At the risk of getting flamed, I'll crosspost to both the MailScanner
> and DCC mailing lists...  

<I don't know how to manage cross-post, should I cross-post too?>


> There has been a thread of discussion on
> the DCC list about "spamassassin/dccifd: write(MTA socket,XX): Broken pipe"
> and what the dcc_timeout setting should be for SpamAssassin 3.1.
> Apparently SA lowered the timeout number from 10 seconds to 5
> seconds between SA 3.0.4 and 3.1.   The question is:  how to
> make the broken pipe message go away if you are calling DCC from
> SpamAssassin?
> 
> I added "dcc_timeout 10" to my spam.assassin.prefs.conf in my
> MailScanner/etc directory (MS 4.47.4, Solaris 9).  It seems to
> have reduced the number of broken pipe messages, but... 

Same here.

> When
> I ran MailScanner in debug mode, I saw no references to dcc_timeout
> in the output.  Did I do the right thing?  Any other MS users
> seeing this broken pipe complaint?
>

Why would you see a reference to dcc_timeout?


> Jeff Earickson
> Colby College
> 



-- 
Ugo

-> Please don't send a copy of your reply by e-mail.  I read the list.
-> Please avoid top-posting, long signatures and HTML, and cut the 
irrelevant parts in your replies.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Wed Dec  7 17:52:30 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:26 2006
Subject: vispan logrotate
Message-ID: <mailman.17745.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Rodney Green spake the following on 12/7/2005 9:37 AM:
> Hello,
> 
> How does Vispan handle log rotation? When my maillog file is rotated by
> logrotate and maillog is an empty file will the stats get all messed up
> because of that?
> 
> Thanks,
> Rod
> 
I think Vispan reads the logs every x minutes, and then keeps its own
data file.


-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From rgreen at TRAYERPRODUCTS.COM  Wed Dec  7 18:15:15 2005
From: rgreen at TRAYERPRODUCTS.COM (Rodney Green)
Date: Thu Jan 12 21:31:26 2006
Subject: vispan logrotate
Message-ID: <mailman.17746.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Ugo Bellavance wrote:
> Rodney Green wrote:
>> Hello,
>>
>> How does Vispan handle log rotation? When my maillog file is rotated 
>> by logrotate and maillog is an empty file will the stats get all 
>> messed up because of that?
>>
>> Thanks,
>> Rod
>>
>
> I use logrotate and didn't have any problems with Vispan stats.  
> Vispan checks your logs every 10 minutes, so at worse you'll loose a 
> few minutes of stats, but I think it should look more like a few seconds.
>
> Regards,
>


Thanks Ugo. I'll continue using logrotate as it is.

Rod



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jakari at BLUEAVIAN.COM  Wed Dec  7 18:46:21 2005
From: jakari at BLUEAVIAN.COM (Jameel Akari)
Date: Thu Jan 12 21:31:26 2006
Subject: Blocking emails that claim to come from our
Message-ID: <mailman.17747.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

>>>smtpd_client_restrictions = permit_mynetworks, check_client_access
>>>hash:/etc/postfix/mydomain_rules
>>>smtpd_helo_restrictions = permit_mynetworks,  check_helo_access
>>>hash:/etc/postfix/mydomain_rules

Does anyone know if there's a sendmail equivalent to this?

--
Jameel Akari

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Wed Dec  7 18:50:01 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:26 2006
Subject: adding a reject reason to spam messages
Message-ID: <mailman.17748.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Kai Schaetzl wrote:

>Sam Przyswa wrote on         Wed, 7 Dec 2005 13:08:04 +0100:
>
>  
>
>>I have the same problem with a customer of mine, some sender are on 
>>blacklisted ip bloc or blacklisted ISP mail server, and the mails are 
>>quietly rejected by MailScanner,
>>    
>>
>
>Why does Mailscanner *reject* them? You should not do this! Rejection 
>after MTA stage should only be used in rare circumstances because there 
>are a 1.000 innocent victims for one rejected mail from a legitimate 
>sender.
>  
>
By default it doesn't do this and you have to work quite hard to do it. 
But you can use it for particular domains fairly easily, so you can 
bounce stuff back to your business partners or major customers so that 
nothing gets lost. I don't like it, but lots of people have 
pointy-haired bosses who won't use a product that can't do this, no 
matter what you tell them.

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From michele at BLACKNIGHT.IE  Wed Dec  7 18:57:00 2005
From: michele at BLACKNIGHT.IE (Michele Neylon:: Blacknight.ie)
Date: Thu Jan 12 21:31:26 2006
Subject: adding a reject reason to spam messages
Message-ID: <mailman.17749.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:
> By default it doesn't do this and you have to work quite hard to do it.
> But you can use it for particular domains fairly easily, so you can
> bounce stuff back to your business partners or major customers so that
> nothing gets lost. I don't like it, but lots of people have
> pointy-haired bosses who won't use a product that can't do this, no
> matter what you tell them.
> 

Cow pokes! Every home shoud have one :)

-- 
Mr Michele Neylon
Blacknight Solutions
Quality Business Hosting & Colocation
http://www.blacknight.ie/
Tel. 1850 927 280
Intl. +353 (0) 59  9183072
Direct Dial: +353 (0)59 9183090
Fax. +353 (0) 59  9164239

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Denis.Beauchemin at USHERBROOKE.CA  Wed Dec  7 19:28:47 2005
From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin)
Date: Thu Jan 12 21:31:26 2006
Subject: OT: smtp load balancer???
Message-ID: <mailman.17750.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hello,

I am considering adding an SMTP load balancer in front of my MS servers.

Any suggestions?

Thanks!

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045



------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, "S/MIME Cryptographic Signature"  ]
    [ Application/X-PKCS7-SIGNATURE  4.4KB. ]
    [ Unable to print this part. ]


From rcooper at DWFORD.COM  Wed Dec  7 19:32:06 2005
From: rcooper at DWFORD.COM (Rick Cooper)
Date: Thu Jan 12 21:31:26 2006
Subject: Log Analysis
Message-ID: <mailman.17751.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> Behalf Of Steve Campbell
> Sent: Wednesday, December 07, 2005 9:17 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Log Analysis
>
>
> I'm never much help with any problem to which I respond, but I'll
> throw this
> out anyway. It may be pointing totally in the wrong direction,
> but take it
> as a long shot suggestion.
>
> I'm not sure how long ago you tried to set MW up for usage, but
> there was an
> error in the documentation about how to set up the SQL
> name/password, as I
> recall. This is fixed now (in the docs), so you may want to review the
> current stuff and re-do that part of the database.
>
> MailWatch is well worth the effort.
>
I have to honestly say I don't remember when I tried it but I know it's been
a long time (6 - 12 months?). I plan to download the latest version
today/tonight and try it from scratch. Hopefully the docs point out if you
need to use the new password protocol or the old when creating the user, if
not I will just add OLD_PASSWORD() to it as that should work in either case.

Rick


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From joshua.hirsh at PARTNERSOLUTIONS.CA  Wed Dec  7 19:45:27 2005
From: joshua.hirsh at PARTNERSOLUTIONS.CA (Joshua Hirsh)
Date: Thu Jan 12 21:31:26 2006
Subject: smtp load balancer???
Message-ID: <mailman.17752.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

> I am considering adding an SMTP load balancer in front of my 
> MS servers.
> 
> Any suggestions?


Hi Denis,

 Have you tried setting up multiple A records for one MX, instead of two equal value records? 


For example:

usherbrooke.ca.	IN	MX	5 smtpe1.usherbrooke.ca.
smtpe1		IN	A	132.210.244.90
smtpe1		IN	A	132.210.244.91


 It might be cheaper instead of buying a device to actually balance it out, but I don't have any data on how well this balances out the requests as compared to how you have it setup now (two equal value MX records).


 Regards,

-Joshua

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From campbell at CNPAPERS.COM  Wed Dec  7 19:48:49 2005
From: campbell at CNPAPERS.COM (Steve Campbell)
Date: Thu Jan 12 21:31:26 2006
Subject: Log Analysis
Message-ID: <mailman.17753.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Rick,

This particular problem to which I am referring was a typo in the 
documentation which showed the command to add the user to the database. I 
used the errant one and ended up with a different username/password than the 
one I entered. So I just configured the scripts to use the wrong one and 
never looked back. This was before the OLD_PASSWORD problem existed. But if 
I hadn't queried the database, I would have ended up like you describe for 
yourself, and may have just given up.

Steve

----- Original Message ----- 
From: "Rick Cooper" <rcooper@DWFORD.COM>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Wednesday, December 07, 2005 2:32 PM
Subject: Re: Log Analysis


>> -----Original Message-----
>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
>> Behalf Of Steve Campbell
>> Sent: Wednesday, December 07, 2005 9:17 AM
>> To: MAILSCANNER@JISCMAIL.AC.UK
>> Subject: Re: Log Analysis
>>
>>
>> I'm never much help with any problem to which I respond, but I'll
>> throw this
>> out anyway. It may be pointing totally in the wrong direction,
>> but take it
>> as a long shot suggestion.
>>
>> I'm not sure how long ago you tried to set MW up for usage, but
>> there was an
>> error in the documentation about how to set up the SQL
>> name/password, as I
>> recall. This is fixed now (in the docs), so you may want to review the
>> current stuff and re-do that part of the database.
>>
>> MailWatch is well worth the effort.
>>
> I have to honestly say I don't remember when I tried it but I know it's 
> been
> a long time (6 - 12 months?). I plan to download the latest version
> today/tonight and try it from scratch. Hopefully the docs point out if you
> need to use the new password protocol or the old when creating the user, 
> if
> not I will just add OLD_PASSWORD() to it as that should work in either 
> case.
>
> Rick
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From cconn at ABACOM.COM  Wed Dec  7 20:03:40 2005
From: cconn at ABACOM.COM (Chris Conn)
Date: Thu Jan 12 21:31:26 2006
Subject: smtp load balancer???
Message-ID: <mailman.17754.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Joshua Hirsh wrote:
>>I am considering adding an SMTP load balancer in front of my 
>>MS servers.
>>
>>Any suggestions?
> 
> 
> 
> Hi Denis,
> 
>  Have you tried setting up multiple A records for one MX, instead of two equal value records? 
> 
> 
> For example:
> 
> usherbrooke.ca.	IN	MX	5 smtpe1.usherbrooke.ca.
> smtpe1		IN	A	132.210.244.90
> smtpe1		IN	A	132.210.244.91
> 
> 
>  It might be cheaper instead of buying a device to actually balance it out, but I don't have any data on how well this balances out the requests as compared to how you have it setup now (two equal value MX records).

If you go the DNS route, reduce your TTL to a small value (ie 5 or zero).

If you are using Cisco, SLB is a simple and effective way to go.  Provides 
health-checking too.

Chris Conn
ABACOM

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dave.list at PIXELHAMMER.COM  Wed Dec  7 20:04:43 2005
From: dave.list at PIXELHAMMER.COM (DAve)
Date: Thu Jan 12 21:31:26 2006
Subject: smtp load balancer???
Message-ID: <mailman.17755.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Joshua Hirsh wrote:
>>I am considering adding an SMTP load balancer in front of my 
>>MS servers.
>>
>>Any suggestions?
> 
> 
> 
> Hi Denis,
> 
>  Have you tried setting up multiple A records for one MX, instead of two equal value records? 
> 
> 
> For example:
> 
> usherbrooke.ca.	IN	MX	5 smtpe1.usherbrooke.ca.
> smtpe1		IN	A	132.210.244.90
> smtpe1		IN	A	132.210.244.91
> 
> 
>  It might be cheaper instead of buying a device to actually balance it out, but I don't have any data on how well this balances out the requests as compared to how you have it setup now (two equal value MX records).
> 
> 
>  Regards,
> 
> -Joshua

Depends, we currently use that method and I am looking for a load 
balancer because of the problems we are encountering.

The issue is that when a toaster goes down or needs to be taken off 
line, simply removing it from DNS is not enough. Those %#$^& windows 
machines refuse to update their DNS when it expires. If I have a HD fail 
and want to take a server off line for repair, my windows clients begin 
to fail connections. The current solution is for me to drive to the NOC 
(50 miles) at 3am and do the work. If the work cannot be completed by 
7am, we tell our dialup clients to reboot their PC, and our commercial 
clients to flush their DNS cache when they call, which they will.

I have a toaster removed from DNS now for over two weeks awaiting an OS 
upgrade, and it is still handling thousands of messages a day. A good 
load balancer will solve that problem.

DAve

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From cconn at ABACOM.COM  Wed Dec  7 20:11:36 2005
From: cconn at ABACOM.COM (Chris Conn)
Date: Thu Jan 12 21:31:26 2006
Subject: smtp load balancer???
Message-ID: <mailman.17756.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

> I have a toaster removed from DNS now for over two weeks awaiting an OS 
> upgrade, and it is still handling thousands of messages a day. A good 
> load balancer will solve that problem.

So will reducing the record's TTL to a small value.  For instance, your 
domain "pixelhammer.com" has a MX with priority of 1 called 
"avhost.tls.net".  The TTL for that hostname is 24 hours....

Set it to a number of seconds instead of a number of hours and you no longer 
need worry, except for the odd broken DNS implementation, which should be rare.

BIND is your friend:

avhost      5       IN      A       65.196.224.20
avhost	    5       IN      A       65.196.224.81

gives you a 5 second TTL on both records.  Remove one, reload DNS, and 5 
seconds later it never existed.

Chris

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mkettler at EVI-INC.COM  Wed Dec  7 20:19:57 2005
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:31:26 2006
Subject: smtp load balancer???
Message-ID: <mailman.17757.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Chris Conn wrote:
> Set it to a number of seconds instead of a number of hours and you no
> longer need worry, except for the odd broken DNS implementation, which
> should be rare.

Since when is Microsoft rare?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From cconn at ABACOM.COM  Wed Dec  7 20:23:35 2005
From: cconn at ABACOM.COM (Chris Conn)
Date: Thu Jan 12 21:31:26 2006
Subject: smtp load balancer???
Message-ID: <mailman.17758.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Matt Kettler wrote:
> Chris Conn wrote:
> 
>>Set it to a number of seconds instead of a number of hours and you no
>>longer need worry, except for the odd broken DNS implementation, which
>>should be rare.
> 
> 
> Since when is Microsoft rare?

=)  MS in this respect is not broken; it will follow the TTL.  At least my 
workstation.

Chris

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From lbergman at WTXS.NET  Wed Dec  7 20:23:34 2005
From: lbergman at WTXS.NET (Lewis Bergman)
Date: Thu Jan 12 21:31:26 2006
Subject: smtp load balancer???
Message-ID: <mailman.17759.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

DAve wrote:
> Joshua Hirsh wrote:
> 
>>> I am considering adding an SMTP load balancer in front of my MS servers.
>>>
>>> Any suggestions?
We are using Extreme Networks for this. Can be found used for a 
reasonable price. We got ours from netwq.com I think.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Wed Dec  7 20:28:33 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:26 2006
Subject: Blocking emails that claim to come from our domain
Message-ID: <mailman.17760.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 07/12/05, Erick Perez <eaperezh@gmail.com> wrote:
> isnt this supposed to work?
>
>  smtpd_client_restrictions = permit_mynetworks, check_client_access
> hash:/etc/postfix/mydomain_rules, warn_if_reject
>  smtpd_helo_restrictions = permit_mynetworks, check_client_access
> hash:/etc/postfix/mydomain_rules, warn_if_reject
>
>  however in the logs:
>
>  Dec  7 11:19:14 mail postfix/smtpd[15886]: 5A89575854F:
> client=fpacifico.com[201.226.94.250]
>  Dec  7 11:19:19 mail postfix/cleanup[15932]: 5A89575854F: hold: header
> Received: from erick (fpacifico.com [201.226.94.250])??by
> mail.flyairpanama.com (mail.flyairpanama.com) with SMTP id 5A89575854F??for
> <eaperezh@flyairpanama.com>; Wed,  7 Dec 2005 11:19:04 -0500 (EST) from
> fpacifico.com[201.226.94.250]; from=<eaperezh@flyairpanama.com>
> to=<eaperezh@flyairpanama.com> proto=SMTP helo=<erick>
>  Dec  7 11:19:23 mail postfix/virtual[15909]: C157E758570:
> to=<eaperezh@flyairpanama.com>, relay=virtual, delay=19, status=sent
> (delivered to mailbox)
>
>  my mydomain_rules:
>  flyairpanama.com REJECT Rejected. You are not me.
>
>
Hm, I suppose you'll be fine "baking them all together" like that....
Don't know why you have double check_client_access entries though....
Perhaps one was supposed to be a check_sender_access?
Amd you postmapped the file? And didn't use a trusted client to test
(this need be from a host outside of $mynetworks)?

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Wed Dec  7 20:28:33 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:26 2006
Subject: Blocking emails that claim to come from our domain
Message-ID: <mailman.17761.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 07/12/05, Erick Perez <eaperezh@gmail.com> wrote:
> isnt this supposed to work?
>
>  smtpd_client_restrictions = permit_mynetworks, check_client_access
> hash:/etc/postfix/mydomain_rules, warn_if_reject
>  smtpd_helo_restrictions = permit_mynetworks, check_client_access
> hash:/etc/postfix/mydomain_rules, warn_if_reject
>
>  however in the logs:
>
>  Dec  7 11:19:14 mail postfix/smtpd[15886]: 5A89575854F:
> client=fpacifico.com[201.226.94.250]
>  Dec  7 11:19:19 mail postfix/cleanup[15932]: 5A89575854F: hold: header
> Received: from erick (fpacifico.com [201.226.94.250])??by
> mail.flyairpanama.com (mail.flyairpanama.com) with SMTP id 5A89575854F??for
> <eaperezh@flyairpanama.com>; Wed,  7 Dec 2005 11:19:04 -0500 (EST) from
> fpacifico.com[201.226.94.250]; from=<eaperezh@flyairpanama.com>
> to=<eaperezh@flyairpanama.com> proto=SMTP helo=<erick>
>  Dec  7 11:19:23 mail postfix/virtual[15909]: C157E758570:
> to=<eaperezh@flyairpanama.com>, relay=virtual, delay=19, status=sent
> (delivered to mailbox)
>
>  my mydomain_rules:
>  flyairpanama.com REJECT Rejected. You are not me.
>
>
Hm, I suppose you'll be fine "baking them all together" like that....
Don't know why you have double check_client_access entries though....
Perhaps one was supposed to be a check_sender_access?
Amd you postmapped the file? And didn't use a trusted client to test
(this need be from a host outside of $mynetworks)?

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mike at TC3NET.COM  Wed Dec  7 20:29:23 2005
From: mike at TC3NET.COM (Michael Baird)
Date: Thu Jan 12 21:31:26 2006
Subject: smtp load balancer???
Message-ID: <mailman.17762.1137101486.24926.mailscanner@lists.mailscanner.info>

> Joshua Hirsh wrote:
> >>I am considering adding an SMTP load balancer in front of my 
> >>MS servers.
> >>
> >>Any suggestions?
> >
I purchased some Alteon's on Ebay a while back, they work well, and are
easy to work with and configure.

Regards
Michael Baird
>  
> > 
> > 
> > Hi Denis,
> > 
> >  Have you tried setting up multiple A records for one MX, instead of two equal value records? 
> > 
> > 
> > For example:
> > 
> > usherbrooke.ca.	IN	MX	5 smtpe1.usherbrooke.ca.
> > smtpe1		IN	A	132.210.244.90
> > smtpe1		IN	A	132.210.244.91
> > 
> > 
> >  It might be cheaper instead of buying a device to actually balance it out, but I don't have any data on how well this balances out the requests as compared to how you have it setup now (two equal value MX records).
> > 
> > 
> >  Regards,
> > 
> > -Joshua
> 
> Depends, we currently use that method and I am looking for a load 
> balancer because of the problems we are encountering.
> 
> The issue is that when a toaster goes down or needs to be taken off 
> line, simply removing it from DNS is not enough. Those %#$^& windows 
> machines refuse to update their DNS when it expires. If I have a HD fail 
> and want to take a server off line for repair, my windows clients begin 
> to fail connections. The current solution is for me to drive to the NOC 
> (50 miles) at 3am and do the work. If the work cannot be completed by 
> 7am, we tell our dialup clients to reboot their PC, and our commercial 
> clients to flush their DNS cache when they call, which they will.
> 
> I have a toaster removed from DNS now for over two weeks awaiting an OS 
> upgrade, and it is still handling thousands of messages a day. A good 
> load balancer will solve that problem.
> 
> DAve
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Wed Dec  7 20:31:20 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:26 2006
Subject: Blocking emails that claim to come from our
Message-ID: <mailman.17763.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Jameel Akari wrote on         Wed, 7 Dec 2005 13:46:21 -0500:

> Does anyone know if there's a sendmail equivalent to this?

To exactly what? (I did't follow the to and fro of postfix config in this 
thread ;-)

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Wed Dec  7 20:31:20 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:26 2006
Subject: adding a reject reason to spam messages
Message-ID: <mailman.17764.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote on         Wed, 7 Dec 2005 18:50:01 +0000:

> By default it doesn't do this and you have to work quite hard to do it. 
> But you can use it for particular domains fairly easily, so you can 
> bounce stuff back to your business partners or major customers so that 
> nothing gets lost.

I know it doesn't do this by default. I think restricting it to certain 
sender domains is a good idea. Might be worth adding an example so people 
can easily use it. Otherwise they might just go the easy route and reject 
to everyone.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dave.list at PIXELHAMMER.COM  Wed Dec  7 20:34:11 2005
From: dave.list at PIXELHAMMER.COM (DAve)
Date: Thu Jan 12 21:31:26 2006
Subject: smtp load balancer???
Message-ID: <mailman.17765.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Chris Conn wrote:
>> I have a toaster removed from DNS now for over two weeks awaiting an 
>> OS upgrade, and it is still handling thousands of messages a day. A 
>> good load balancer will solve that problem.
> 
> 
> So will reducing the record's TTL to a small value.  For instance, your 
> domain "pixelhammer.com" has a MX with priority of 1 called 
> "avhost.tls.net".  The TTL for that hostname is 24 hours....
> 
> Set it to a number of seconds instead of a number of hours and you no 
> longer need worry, except for the odd broken DNS implementation, which 
> should be rare.

Windows?

> 
> BIND is your friend:
> 
> avhost      5       IN      A       65.196.224.20
> avhost        5       IN      A       65.196.224.81
> 
> gives you a 5 second TTL on both records.  Remove one, reload DNS, and 5 
> seconds later it never existed.

Been there, done that. My FreeBSD machines worked fine, my Macs worked 
fine, my clients with Windows 2003 server continued to cache the record. 
Two weeks ago I changed the IP on ecluster4.tls.net from 65.196.224.134 
to 65.196.224.135, yet I still have traffic. This is not supposed to be 
so, I have had plenty of people tell me is not so, yet I have traffic. 
When I call a client and have them go to their office server and run 
"ipconfig /flushdns" everything works again.

DAve

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mkettler at EVI-INC.COM  Wed Dec  7 20:35:27 2005
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:31:26 2006
Subject: smtp load balancer???
Message-ID: <mailman.17766.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Chris Conn wrote:
 > =)  MS in this respect is not broken; it will follow the TTL.  At least
> my workstation.

See "DAve" <dave.list@PIXELHAMMER.COM>'s post just a few posts before mine at
15:04:43 -0500.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dave.list at PIXELHAMMER.COM  Wed Dec  7 20:36:06 2005
From: dave.list at PIXELHAMMER.COM (DAve)
Date: Thu Jan 12 21:31:26 2006
Subject: smtp load balancer???
Message-ID: <mailman.17767.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Lewis Bergman wrote:
> DAve wrote:
> 
>> Joshua Hirsh wrote:
>>
>>>> I am considering adding an SMTP load balancer in front of my MS 
>>>> servers.
>>>>
>>>> Any suggestions?
> 
> We are using Extreme Networks for this. Can be found used for a 
> reasonable price. We got ours from netwq.com I think.

Interested in your opinion of using it in front of MailScanner boxes. I 
have narrowed my choices down to either the product from Coyote Point or 
Big5.

DAve

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Denis.Beauchemin at USHERBROOKE.CA  Wed Dec  7 20:35:55 2005
From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin)
Date: Thu Jan 12 21:31:26 2006
Subject: smtp load balancer???
Message-ID: <mailman.17768.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Joshua Hirsh wrote:

>>I am considering adding an SMTP load balancer in front of my 
>>MS servers.
>>
>>Any suggestions?
>>    
>>
>
>
>Hi Denis,
>
> Have you tried setting up multiple A records for one MX, instead of two equal value records? 
>
>
>For example:
>
>usherbrooke.ca.	IN	MX	5 smtpe1.usherbrooke.ca.
>smtpe1		IN	A	132.210.244.90
>smtpe1		IN	A	132.210.244.91
>
>
> It might be cheaper instead of buying a device to actually balance it out, but I don't have any data on how well this balances out the requests as compared to how you have it setup now (two equal value MX records).
>
>
> 
>

Joshua,

Haven't tried this. But my problem would probably not be solved because 
my Windows clients don't care about DNS too much... when they get an IP 
for some name, they stick to it, even if it doesn't answer.  This makes 
it hard to take the server offline for upgrade.

Besides I would like to support secured/authentified SMTP connections in 
the future.  I believe I need a sole entry point to house the SSL 
certificate.

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Denis.Beauchemin at USHERBROOKE.CA  Wed Dec  7 20:37:38 2005
From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin)
Date: Thu Jan 12 21:31:26 2006
Subject: smtp load balancer???
Message-ID: <mailman.17769.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Chris Conn wrote:

> Joshua Hirsh wrote:
>
>>> I am considering adding an SMTP load balancer in front of my MS 
>>> servers.
>>>
>>> Any suggestions?
>>
>>
>>
>>
>> Hi Denis,
>>
>>  Have you tried setting up multiple A records for one MX, instead of 
>> two equal value records?
>>
>> For example:
>>
>> usherbrooke.ca.    IN    MX    5 smtpe1.usherbrooke.ca.
>> smtpe1        IN    A    132.210.244.90
>> smtpe1        IN    A    132.210.244.91
>>
>>
>>  It might be cheaper instead of buying a device to actually balance 
>> it out, but I don't have any data on how well this balances out the 
>> requests as compared to how you have it setup now (two equal value MX 
>> records).
>
>
> If you go the DNS route, reduce your TTL to a small value (ie 5 or zero).
>
> If you are using Cisco, SLB is a simple and effective way to go.  
> Provides health-checking too.
>

Chris,

I've been told (and have verified it on many occasions) that big ISPs 
don't care about the TTL we define for our DNS entries.  They will 
override our TTL with their default value which could be as high as many 
days...

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Wed Dec  7 20:39:23 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:26 2006
Subject: Blocking emails that claim to come from our
Message-ID: <mailman.17770.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 07/12/05, Jon Leeman <technician@cenpac.net.nr> wrote:
> Drew Marshall wrote:
> > On Wed, December 7, 2005 16:59, Jon Leeman wrote:
> >
> >>I just tried,
> >>
> >>smtpd_client_restrictions = permit_mynetworks, check_client_access
> >>hash:/etc/postfix/mydomain_rules
> >>smtpd_helo_restrictions = permit_mynetworks,  check_helo_access
> >>hash:/etc/postfix/mydomain_rules
> >>
> >>(without the warn_if_reject)
> >>
> >>and received this from the MX from outside the network,
> >>
> >>220 nract1.cenpac.net.nr GATEWAY MX  - We don't authorise this
> >>mailserver for the transport of unsolicited and/or bulk email.
> >>helo jon.cenpac.net.nr
> >>250 nract1.cenpac.net.nr
> >>mail from:postmaster@cenpac.net.nr
> >>250 Ok
> >>rcpt to:jleeman@cenpac.net.nr
> >>554 <jon.cenpac.net.nr>: Helo command rejected: Rejected. You are not me
> >>
> >>>my mydomain_rules:
> >>>flyairpanama.com REJECT Rejected. You are not me.
> >
> >
> > Could you post the logs from this.
>
>  From /var/mail/info [Mandrake 10.0]
>
> Dec  8 05:12:09 nract1 postfix/smtpd[6820]: NOQUEUE: reject: RCPT from
> unknown[203.98.227.11]: 554 <jon.cenpac.net.nr>: Helo command rejected:
> Rejected.  You are not me.; from=<postmaster@cenpac.net.nr>
> to=<jleeman@cenpac.net.nr> proto=SMTP helo=<jon.cenpac.net.nr>
>
> Regards,
>
> Jon
>
Excellent, this nicely demonstrates that your postfix (like most, I'd
imagine) is setup to delay any rejections happening at HELO, MAIL
FROM:.... and RCPT TO: to after the first RCPT TO:, since there are
MTAs out there that will not honour a reject code prior to that.
Perfect. Thanks.

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From cconn at ABACOM.COM  Wed Dec  7 20:40:05 2005
From: cconn at ABACOM.COM (Chris Conn)
Date: Thu Jan 12 21:31:26 2006
Subject: smtp load balancer???
Message-ID: <mailman.17771.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

>> avhost      5       IN      A       65.196.224.20
>> avhost        5       IN      A       65.196.224.81
>>
>> gives you a 5 second TTL on both records.  Remove one, reload DNS, and 
>> 5 seconds later it never existed.
> 
> 
> Been there, done that. My FreeBSD machines worked fine, my Macs worked 
> fine, my clients with Windows 2003 server continued to cache the record. 
> Two weeks ago I changed the IP on ecluster4.tls.net from 65.196.224.134 
> to 65.196.224.135, yet I still have traffic. This is not supposed to be 
> so, I have had plenty of people tell me is not so, yet I have traffic. 
> When I call a client and have them go to their office server and run 
> "ipconfig /flushdns" everything works again.
> 
> DAve

Hmm, that's too bad.  My Windows DNS server does not behave like that.  My 
other UNIX servers are fine too, and to my knowledge I have not found a MS 
client that would override the record TTL.

It does not really matter since I do not rely on this method, however my 
experience differs from yours it seems when it comes to DNS ttls.

How did you declare the record and the TTL in the DNS?

Chris

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Wed Dec  7 20:43:23 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:26 2006
Subject: Blocking emails that claim to come from our
Message-ID: <mailman.17772.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 07/12/05, Kai Schaetzl <maillists@conactive.com> wrote:
> Jameel Akari wrote on         Wed, 7 Dec 2005 13:46:21 -0500:
>
> > Does anyone know if there's a sendmail equivalent to this?
>
> To exactly what? (I did't follow the to and fro of postfix config in this
> thread ;-)
>
> Kai
>
> --
> Kai Schätzl, Berlin, Germany
> Get your web at Conactive Internet Services: http://www.conactive.com
>

Yeah, as Kai implies, you probably need be more specific Jameel. I
suspect the answer will differ a bit depending on the feature:-)...
And most of us postfixing types aren't that big on sendmailing (any
more:-).

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From cconn at ABACOM.COM  Wed Dec  7 20:48:18 2005
From: cconn at ABACOM.COM (Chris Conn)
Date: Thu Jan 12 21:31:26 2006
Subject: smtp load balancer???
Message-ID: <mailman.17773.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

> 
> Chris,
> 
> I've been told (and have verified it on many occasions) that big ISPs 
> don't care about the TTL we define for our DNS entries.  They will 
> override our TTL with their default value which could be as high as many 
> days...

Remember I am suggesting SLB over DNS...

but,

I am curious on verifying your claim as well as the other gentleman.  Are 
you defining the TTL on a per-record basis?  How are you doing this?

Currently your TTL for record smtpe1.usherbrooke.ca is 1 day...how do you go 
about overriding this?

I do not believe that any ISP is "overriding" TTLs.  I would believe 
non-compliant DNS servers perhaps.   But my testing locally here of 
temporarily disabling my secondary DNS record for my MX shows that Microsoft 
clients are flawlessly balancing to the remaining host.

Your mileage may vary, but it works here.  Again I repeat that I do not 
depend on this to spread load however, SLB does that nicely for me.

Chris

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From sean at NISD.NET  Wed Dec  7 20:49:13 2005
From: sean at NISD.NET (Sean Embry)
Date: Thu Jan 12 21:31:26 2006
Subject: smtp load balancer???
Message-ID: <mailman.17774.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

snip
> The issue is that when a toaster goes down or needs to be taken off
> line, simply removing it from DNS is not enough. Those %#$^& windows
> machines refuse to update their DNS when it expires. If I have a HD
fail
> and want to take a server off line for repair, my windows clients begin
> to fail connections. The current solution is for me to drive to the NOC
> (50 miles) at 3am and do the work. If the work cannot be completed by
> 7am, we tell our dialup clients to reboot their PC, and our commercial
> clients to flush their DNS cache when they call, which they will.
>
> I have a toaster removed from DNS now for over two weeks awaiting an OS
> upgrade, and it is still handling thousands of messages a day. A good
> load balancer will solve that problem.
snip
 
On the sick server, alias in a reserve IP address (so you can still get
to it remotely),
remove the old IP address, reboot if you have to. (I'm not a windows
guy.)
 
On a working server, add the sick machine's IP address as an alias to the
nic.
 
If the sick server has crashed and isn't on line, just add it's IP to
another server and kill the port on the down server.
 
Using Cisco switches, you may have to flush the arp cache. On some of my
switches using fault flexable service
provision, I use a five second arp cache timeout. The Network guys hate
that, they say it adds a lot of load to the switch.
 
 
Sean Embry
Systems/Database Administrator
NISD.NET - 165.111.0.0/16
(210) 397-8790

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From eaperezh at GMAIL.COM  Wed Dec  7 20:57:47 2005
From: eaperezh at GMAIL.COM (Erick Perez)
Date: Thu Jan 12 21:31:26 2006
Subject: Blocking emails that claim to come from our domain
Message-ID: <mailman.17775.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

it worked now.
reject invalids helo
but does not reject if the mail from: comes from a user@domain

example:

Dec  7 15:54:36 mail postfix/smtpd[23352]: 4F39275854F:
client=unknown[numericlinkwarning 200.46.223.90]
Dec  7 15:54:42 mail postfix/cleanup[23355]: 4F39275854F: hold: header
Received: from testing (unknown [numericlinkwarning 200.46.223.90])??by
mail.flyairpanama.com (mail.flyairpanama.com) with SMTP id
4F39275854F??for <eaperezh@flyairpanama.com>; Wed,  7 Dec 2005 15:54:26
-0500 (EST) from unknown[numericlinkwarning 200.46.223.90];
from=<eaperezh@flyairpanama.com> to=<eaperezh@flyairpanama.com>
proto=SMTP helo=<testing>
Dec  7 15:54:45 mail postfix/virtual[23364]: C600B75855E:
to=<eaperezh@flyairpanama.com>, relay=virtual, delay=19, status=sent
(delivered to mailbox)

this was a
helo testing
mail from: eaperezh at flyairpanama dot com
rcpt to: eaperezh at flyairpanama dot com

all being done from and untrusted network.


On 12/7/05, Glenn Steen <glenn.steen@gmail.com> wrote:
      On 07/12/05, Erick Perez <eaperezh@gmail.com> wrote:
      > isnt this supposed to work?
      >
      >  smtpd_client_restrictions = permit_mynetworks,
      check_client_access
      > hash:/etc/postfix/mydomain_rules, warn_if_reject
      >  smtpd_helo_restrictions = permit_mynetworks,
      check_client_access
      > hash:/etc/postfix/mydomain_rules, warn_if_reject
      >
      >  however in the logs:
      >
      >  Dec  7 11:19:14 mail postfix/smtpd[15886]: 5A89575854F:
      > client=fpacifico.com[numericlinkwarning 201.226.94.250]
      >  Dec  7 11:19:19 mail postfix/cleanup[15932]: 5A89575854F:
      hold: header
      > Received: from erick (fpacifico.com [numericlinkwarning
      201.226.94.250])??by
      > mail.flyairpanama.com ( mail.flyairpanama.com) with SMTP id
      5A89575854F??for
      > <eaperezh@flyairpanama.com>; Wed,  7 Dec 2005 11:19:04
      -0500 (EST) from
      > fpacifico.com[numericlinkwarning 201.226.94.250];
      from=<eaperezh@flyairpanama.com>
      > to=<eaperezh@flyairpanama.com> proto=SMTP helo=<erick>
      >  Dec  7 11:19:23 mail postfix/virtual[15909]: C157E758570:
      > to=<eaperezh@flyairpanama.com>, relay=virtual, delay=19,
      status=sent
      > (delivered to mailbox)
      >
      >  my mydomain_rules:
      >  flyairpanama.com REJECT Rejected. You are not me.
      >
      >
      Hm, I suppose you'll be fine "baking them all together" like
      that....
      Don't know why you have double check_client_access entries
      though....
      Perhaps one was supposed to be a check_sender_access?
      Amd you postmapped the file? And didn't use a trusted client
      to test
      (this need be from a host outside of $mynetworks)?

      --
      -- Glenn
      email: glenn < dot > steen < at > gmail < dot > com
      work: glenn < dot > steen < at > ap1 < dot > se

      ------------------------ MailScanner list
      ------------------------
      To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
      'leave mailscanner' in the body of the email.
      Before posting, read the Wiki (
      http://wiki.mailscanner.info/) and
      the archives
      (http://www.jiscmail.ac.uk/lists/mailscanner.html).

      Support MailScanner development - buy the book off the
      website!




--

-------------------------------------------
Erick Perez
Linux User 376588
http://counter.li.org/  (Get counted!!!)
Panama, Republic of Panama

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From Denis.Beauchemin at USHERBROOKE.CA  Wed Dec  7 21:00:12 2005
From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin)
Date: Thu Jan 12 21:31:26 2006
Subject: smtp load balancer???
Message-ID: <mailman.17776.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Chris Conn wrote:

>>
>> Chris,
>>
>> I've been told (and have verified it on many occasions) that big ISPs 
>> don't care about the TTL we define for our DNS entries.  They will 
>> override our TTL with their default value which could be as high as 
>> many days...
>
>
> Remember I am suggesting SLB over DNS...
>
> but,
>
> I am curious on verifying your claim as well as the other gentleman.  
> Are you defining the TTL on a per-record basis?  How are you doing this?
>
> Currently your TTL for record smtpe1.usherbrooke.ca is 1 day...how do 
> you go about overriding this?
>
> I do not believe that any ISP is "overriding" TTLs.  I would believe 
> non-compliant DNS servers perhaps.   But my testing locally here of 
> temporarily disabling my secondary DNS record for my MX shows that 
> Microsoft clients are flawlessly balancing to the remaining host.
>
> Your mileage may vary, but it works here.  Again I repeat that I do 
> not depend on this to spread load however, SLB does that nicely for me.
>

Chris,

I don't know exactly how they do it (the network guys).  I know that 
when moving anything important we keep the old and new IP for at least 1 
week, even if the TTL for that host has been lowered significantly (yes, 
it applies only to that host).

And our Windows clients have to have their DNS cache flushed AFTER the 
Windows servers have done it, otherwise they get the old IP back...

Maybe we just have things misconfigured, but I have no control over them 
(other teams).

Local ISPs that seem to override our TTL are videotron and sympatico.  
Two biggies!

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jakari at BLUEAVIAN.COM  Wed Dec  7 21:07:57 2005
From: jakari at BLUEAVIAN.COM (Jameel Akari)
Date: Thu Jan 12 21:31:26 2006
Subject: Blocking emails that claim to come from our
Message-ID: <mailman.17777.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

> On 07/12/05, Kai Schaetzl <maillists@conactive.com> wrote:
>> Jameel Akari wrote on         Wed, 7 Dec 2005 13:46:21 -0500:
>>
>> > Does anyone know if there's a sendmail equivalent to this?
>>
>> To exactly what? (I did't follow the to and fro of postfix config in

> Yeah, as Kai implies, you probably need be more specific Jameel. I

The ability to block inbound mail pretending to be From:*.mydomain.com
that doesn't actually come from one of my own servers.

I'm sure there's something obvious I'm missing, but it's been one of those
days...

-- 
Jameel Akari

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From lbergman at WTXS.NET  Wed Dec  7 21:09:54 2005
From: lbergman at WTXS.NET (Lewis Bergman)
Date: Thu Jan 12 21:31:26 2006
Subject: smtp load balancer???
Message-ID: <mailman.17778.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

DAve wrote:
> Lewis Bergman wrote:
> 
>> DAve wrote:
>>
>>> Joshua Hirsh wrote:
>>>
>>>>> I am considering adding an SMTP load balancer in front of my MS 
>>>>> servers.
>>>>>
>>>>> Any suggestions?
>>
>>
>> We are using Extreme Networks for this. Can be found used for a 
>> reasonable price. We got ours from netwq.com I think.
> 
> 
> Interested in your opinion of using it in front of MailScanner boxes. I 
> have narrowed my choices down to either the product from Coyote Point or 
> Big5.
It works just like most load balancers I have seen. It has knowledge of 
several protocols. You put the servers you wish to LB in a vlan, assign 
a weight, a protocol, and enable it. The weight can adjust the load 
between servers so you can send server a twice as much as server b and 
server c 3 times as much a. The protocol gives it what to check so that 
it knows when to remove one of the servers from the pool and when to 
reinstate it. You can also assign a specific command response if you 
want to test something not already integrated.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From cconn at ABACOM.COM  Wed Dec  7 21:18:09 2005
From: cconn at ABACOM.COM (Chris Conn)
Date: Thu Jan 12 21:31:26 2006
Subject: smtp load balancer???
Message-ID: <mailman.17779.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

> I don't know exactly how they do it (the network guys).  I know that 
> when moving anything important we keep the old and new IP for at least 1 
> week, even if the TTL for that host has been lowered significantly (yes, 
> it applies only to that host).
> 
> And our Windows clients have to have their DNS cache flushed AFTER the 
> Windows servers have done it, otherwise they get the old IP back...
> 
> Maybe we just have things misconfigured, but I have no control over them 
> (other teams).
> 
> Local ISPs that seem to override our TTL are videotron and sympatico.  
> Two biggies!
> 
> Denis
> 

Denis,

I just tested 24.200.241.37 (one of VTLs DNS servers used for cable access) 
and it behaves correctly for our TTL setting of 5 seconds.  If I remove the 
record completely, 5 seconds later it is no longer shown when I query the mx 
record for our domain.

Pity you are not involved in the actual configuration.  In any case, the DNS 
TTL can be useful, yet it is not the method we rely on for other reasons. 
But we do have it configured, just because we can.

I am quite sure that Bell and VTL do not override the TTLs because there is 
no real reason to do so, and second it would be a pain for them to do so.

Good luck with your balancing solution, and don't forget to look at SLB.

Chris

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ewallig at AEROCONTRACTORS.COM  Wed Dec  7 21:22:20 2005
From: ewallig at AEROCONTRACTORS.COM (Ed Wallig)
Date: Thu Jan 12 21:31:26 2006
Subject: Outgoing mail getting blocked
Message-ID: <mailman.17780.1137101486.24926.mailscanner@lists.mailscanner.info>

Hi,
 
Using MailScanner and ClamAV - I sometimes need to send zipped
executables to my remote locations for software patches, etc (no FTP).
MailScanner is catching the exe file in the zip file and kicking it back.
Granted, I can change the extension to .xyz or something like that before
zipping it but I'd like to write a rule that allows these files from my
domain if it comes from my internal mail server - is that possible? If
so, can someone provide an example?
 
If its not possible, is there another alternative that leaves the
extension scanning functionality in place but allows outbound delivery
for certain files?
 
 
Thanks,
 
 - Ed Wallig

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


    [ Part 2, Application/X-PKCS7-SIGNATURE  6.1KB. ]
    [ Unable to print this part. ]


From jaearick at COLBY.EDU  Wed Dec  7 21:23:25 2005
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:31:26 2006
Subject: 4.48.4 buglet in Message.pm
Message-ID: <mailman.17781.1137101486.24926.mailscanner@lists.mailscanner.info>

Julian,

I upgraded to 4.48.4 and noticed that some syslogging ends
with a trailing " is " with no reason given, looks like
a bug in Message.pm, maybe lines 463, 486, or 576.  See
the attached output, third line.

Jeff Earickson
Colby College

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!
    [ Part 2, ""  Text/PLAIN (Name: "xxx")  36 lines. ]
    [ Unable to print this part. ]


From Denis.Beauchemin at USHERBROOKE.CA  Wed Dec  7 21:22:55 2005
From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin)
Date: Thu Jan 12 21:31:26 2006
Subject: Blocking emails that claim to come from our domain
Message-ID: <mailman.17782.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Erick Perez wrote:

> it worked now.
> reject invalids helo
> but does not reject if the mail from: comes from a user@domain
>
> example:
>
> Dec  7 15:54:36 mail postfix/smtpd[23352]: 4F39275854F: 
> client=unknown[200.46.223.90 <http://200.46.223.90>]
> Dec  7 15:54:42 mail postfix/cleanup[23355]: 4F39275854F: hold: header 
> Received: from testing (unknown [200.46.223.90 
> <http://200.46.223.90>])??by mail.flyairpanama.com 
> <http://mail.flyairpanama.com> (mail.flyairpanama.com 
> <http://mail.flyairpanama.com>) with SMTP id 4F39275854F??for 
> <eaperezh@flyairpanama.com <mailto:eaperezh@flyairpanama.com>>; Wed,  
> 7 Dec 2005 15:54:26 -0500 (EST) from unknown[200.46.223.90 
> <http://200.46.223.90>]; from=<eaperezh@flyairpanama.com 
> <mailto:eaperezh@flyairpanama.com>> to=<eaperezh@flyairpanama.com 
> <mailto:eaperezh@flyairpanama.com>> proto=SMTP helo=<testing>
> Dec  7 15:54:45 mail postfix/virtual[23364]: C600B75855E: 
> to=<eaperezh@flyairpanama.com <mailto:eaperezh@flyairpanama.com>>, 
> relay=virtual, delay=19, status=sent (delivered to mailbox)
>
> this was a
> helo testing
> mail from: eaperezh at flyairpanama dot com
> rcpt to: eaperezh at flyairpanama dot com
>
> all being done from and untrusted network.
>
>
> On 12/7/05, *Glenn Steen* <glenn.steen@gmail.com 
> <mailto:glenn.steen@gmail.com>> wrote:
>
>     On 07/12/05, Erick Perez <eaperezh@gmail.com
>     <mailto:eaperezh@gmail.com>> wrote:
>     > isnt this supposed to work?
>     >
>     >  smtpd_client_restrictions = permit_mynetworks, check_client_access
>     > hash:/etc/postfix/mydomain_rules, warn_if_reject
>     >  smtpd_helo_restrictions = permit_mynetworks, check_client_access
>     > hash:/etc/postfix/mydomain_rules, warn_if_reject
>     >
>     >  however in the logs:
>     >
>     >  Dec  7 11:19:14 mail postfix/smtpd[15886]: 5A89575854F:
>     > client=fpacifico.com[201.226.94.250 <http://201.226.94.250>]
>     >  Dec  7 11:19:19 mail postfix/cleanup[15932]: 5A89575854F: hold:
>     header
>     > Received: from erick (fpacifico.com <http://fpacifico.com>
>     [201.226.94.250 <http://201.226.94.250>])??by
>     > mail.flyairpanama.com <http://mail.flyairpanama.com> (
>     mail.flyairpanama.com <http://mail.flyairpanama.com>) with SMTP id
>     5A89575854F??for
>     > <eaperezh@flyairpanama.com <mailto:eaperezh@flyairpanama.com>>;
>     Wed,  7 Dec 2005 11:19:04 -0500 (EST) from
>     > fpacifico.com[ 201.226.94.250 <http://201.226.94.250>];
>     from=<eaperezh@flyairpanama.com <mailto:eaperezh@flyairpanama.com>>
>     > to=<eaperezh@flyairpanama.com
>     <mailto:eaperezh@flyairpanama.com>> proto=SMTP helo=<erick>
>     >  Dec  7 11:19:23 mail postfix/virtual[15909]: C157E758570:
>     > to=<eaperezh@flyairpanama.com
>     <mailto:eaperezh@flyairpanama.com>>, relay=virtual, delay=19,
>     status=sent
>     > (delivered to mailbox)
>     >
>     >  my mydomain_rules:
>     >  flyairpanama.com <http://flyairpanama.com> REJECT Rejected. You
>     are not me.
>     >
>     >
>     Hm, I suppose you'll be fine "baking them all together" like that....
>     Don't know why you have double check_client_access entries though....
>     Perhaps one was supposed to be a check_sender_access?
>     Amd you postmapped the file? And didn't use a trusted client to test
>     (this need be from a host outside of $mynetworks)?
>
>
Erick,

Maybe you could use http://smtpd.develooper.com/ ?

They seem to have plugins for many things.

Haven't tried it!

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jaearick at COLBY.EDU  Wed Dec  7 21:57:45 2005
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:31:26 2006
Subject: 4.48.4 buglet in Message.pm
Message-ID: <mailman.17783.1137101486.24926.mailscanner@lists.mailscanner.info>

Hmmm, I looked back thru my syslogs from previous days and 4.47.4
had this "feature" as well.  I would guess that maybe SpamAssassin
times out of otherwise doesn't get its $ReportText turned in and
MailScanner proceeds without the information.

Jeff Earickson

On Wed, 7 Dec 2005, Jeff A. Earickson wrote:

> Date: Wed, 7 Dec 2005 16:23:25 -0500
> From: Jeff A. Earickson <jaearick@colby.edu>
> Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: 4.48.4 buglet in Message.pm
> 
> Julian,
>
> I upgraded to 4.48.4 and noticed that some syslogging ends
> with a trailing " is " with no reason given, looks like
> a bug in Message.pm, maybe lines 463, 486, or 576.  See
> the attached output, third line.
>
> Jeff Earickson
> Colby College
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From pete at ENITECH.COM.AU  Wed Dec  7 22:08:17 2005
From: pete at ENITECH.COM.AU (Peter Russell)
Date: Thu Jan 12 21:31:26 2006
Subject: Web site working?
Message-ID: <mailman.17784.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Fine From Melbourne Australia
:)

Kai Schaetzl wrote:
> Julian Field wrote on         Wed, 7 Dec 2005 13:57:20 +0000:
> 
> 
>>I'm getting reports from a journalist that although he can traceroute   
>>to www.mailscanner.info, his web browser cannot connect to it. 
>>Can someone check the website is visible and working please?
> 
> 
> works from Berlin.
> 
> Kai
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From campbell at CNPAPERS.COM  Wed Dec  7 22:08:35 2005
From: campbell at CNPAPERS.COM (Steve Campbell)
Date: Thu Jan 12 21:31:27 2006
Subject: Blocking emails that claim to come from our domain
Message-ID: <mailman.17785.1137101486.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Obviously, blocking at the MTA would be so much better than most solutions 
in MS/SA. Depending on how the IPs for your mailbox servers, gateways, and 
email senders are set up, you might use a simple combination rule such as 
the following:

From:    XX.YY.ZZ and From: *@your.domain     yes

in your whitelist rules.

If you have a block of IPs, you can use the above type of designation. If 
you have varied IPs that aren't consecutive, you will need more rules, and 
if you have multiple gateways sending to mailbox servers, each will need a 
slightly different IP designation rule.

This only works if you know which IPs will be sending for your domain. It is 
up to the rest of your MS/SA configuration to block the other trash, as this 
will have to test the other stuff claiming to be your domain's mail through 
normal checking. In other words mail not coming from your IPs but claiming 
to be from your domain is reduced to just normal MS/SA checked mail.

You can't just whitelist your domain by domain name, and you can't guarantee 
that mail from one of your gateway IPs started from that gateway, so you 
have to block this at each entry point mail can enter your email system.

Might not be the best solution, but it works pretty well here as our IPs are 
all controlled to some degree.

Steve Campbell
campbell@cnpapers.com
Charleston Newspapers

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Wed Dec  7 22:08:44 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:27 2006
Subject: Outgoing mail getting blocked
Message-ID: <mailman.17786.1137101487.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Ed Wallig spake the following on 12/7/2005 1:22 PM:
> Hi,
>  
> Using MailScanner and ClamAV - I sometimes need to send zipped
> executables to my remote locations for software patches, etc (no FTP).
> MailScanner is catching the exe file in the zip file and kicking it
> back. Granted, I can change the extension to .xyz or something like that
> before zipping it but I'd like to write a rule that allows these files
> from my domain if it comes from my internal mail server - is that
> possible? If so, can someone provide an example?
>  
> If its not possible, is there another alternative that leaves the
> extension scanning functionality in place but allows outbound delivery
> for certain files?
>  
>  
> Thanks,
>  
>  - Ed Wallig
Ed,
Look for this in MailScanner.conf;

# The maximum depth to which zip archives will be unpacked, to allow for
# checking filenames and filetypes within zip archives.
#
# Note: This setting does *not* affect virus scanning in archives at all.
#
# To disable this feature set this to 0.
# A common useful setting is this option = 0, and Allow Password-Protected
# Archives = no. That block password-protected archives but does not do
# any filename/filetype checks on the files within the archive.
# This can also be the filename of a ruleset.
Maximum Archive Depth = 0



-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From taz at TAZ-MANIA.COM  Wed Dec  7 22:25:55 2005
From: taz at TAZ-MANIA.COM (Dennis Willson)
Date: Thu Jan 12 21:31:27 2006
Subject: smtp load balancer???
Message-ID: <mailman.17787.1137101487.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

If you're considering Big5, then I assume you're not buying used machines. If you're not the original buyer, then if you want a 
service contract it costs several thousand dollars (I forget the exact amount) to have each one "re-certified" before you can then 
shell out the money on the service contract. While for the Alteons we bought, we just paid the normal service contract fee and we 
where there.

Just some things to think about.

DAve wrote:
> Lewis Bergman wrote:
> 
>> DAve wrote:
>>
>>> Joshua Hirsh wrote:
>>>
>>>>> I am considering adding an SMTP load balancer in front of my MS 
>>>>> servers.
>>>>>
>>>>> Any suggestions?
>>
>>
>> We are using Extreme Networks for this. Can be found used for a 
>> reasonable price. We got ours from netwq.com I think.
> 
> 
> Interested in your opinion of using it in front of MailScanner boxes. I 
> have narrowed my choices down to either the product from Coyote Point or 
> Big5.
> 
> DAve
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Wed Dec  7 22:29:04 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:27 2006
Subject: Blocking emails that claim to come from our
Message-ID: <mailman.17788.1137101487.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 07/12/05, Jameel Akari <jakari@blueavian.com> wrote:
> > On 07/12/05, Kai Schaetzl <maillists@conactive.com> wrote:
> >> Jameel Akari wrote on         Wed, 7 Dec 2005 13:46:21 -0500:
> >>
> >> > Does anyone know if there's a sendmail equivalent to this?
> >>
> >> To exactly what? (I did't follow the to and fro of postfix config in
>
> > Yeah, as Kai implies, you probably need be more specific Jameel. I
>
> The ability to block inbound mail pretending to be From:*.mydomain.com
> that doesn't actually come from one of my own servers.
>
> I'm sure there's something obvious I'm missing, but it's been one of those
> days...
>
> --
> Jameel Akari
>

I might be completely wrong, but .... Wasn't this very type of feature
covered some weeks back? I have a distinct feeling I've seen some
sendmail.mc hack about this (why not search the list archives:-). You
looked at the sendmail site, I presume? Unfortunately, it's been years
since I termed myself anything of a guru on sendmail:-)... So can't
really help you.

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From taz at TAZ-MANIA.COM  Wed Dec  7 22:29:26 2005
From: taz at TAZ-MANIA.COM (Dennis Willson)
Date: Thu Jan 12 21:31:27 2006
Subject: smtp load balancer???
Message-ID: <mailman.17789.1137101487.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Chris Conn wrote:
>>> avhost      5       IN      A       65.196.224.20
>>> avhost        5       IN      A       65.196.224.81
>>>
>>> gives you a 5 second TTL on both records.  Remove one, reload DNS, 
>>> and 5 seconds later it never existed.
>>
>>
>>
>> Been there, done that. My FreeBSD machines worked fine, my Macs worked 
>> fine, my clients with Windows 2003 server continued to cache the 
>> record. Two weeks ago I changed the IP on ecluster4.tls.net from 
>> 65.196.224.134 to 65.196.224.135, yet I still have traffic. This is 
>> not supposed to be so, I have had plenty of people tell me is not so, 
>> yet I have traffic. When I call a client and have them go to their 
>> office server and run "ipconfig /flushdns" everything works again.
>>
>> DAve
> 
> 
> Hmm, that's too bad.  My Windows DNS server does not behave like that.  
> My other UNIX servers are fine too, and to my knowledge I have not found 
> a MS client that would override the record TTL.
> 
He's talking about a Windows workstation resolver, not the DNS server. "ipconfig /flushdns" only
clears the local workstation resolver cache. I have seen this too even when the primary DNS server was also Microsoft.


> It does not really matter since I do not rely on this method, however my 
> experience differs from yours it seems when it comes to DNS ttls.
> 
> How did you declare the record and the TTL in the DNS?
> 
> Chris
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From brent.addis at PRONET.CO.NZ  Wed Dec  7 22:32:18 2005
From: brent.addis at PRONET.CO.NZ (Brent Addis)
Date: Thu Jan 12 21:31:27 2006
Subject: OT: smtp load balancer???
Message-ID: <mailman.17790.1137101487.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]



Denis Beauchemin wrote:

> Hello,
>
> I am considering adding an SMTP load balancer in front of my MS servers.
>
> Any suggestions?
>
> Thanks!
>
> Denis
>
Seen ultramonkey?. Its opensource and runs on beige boxes without paying 
megabucks for alternatives.

www.ultramonkey.org

I've used it previously for load balancing proxy servers which worked 
really well.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, Text/X-VCARD (charset: UTF-8 "Internet-standard Unicode") ]
    [ (Name: "brent.addis.vcf")  13 lines. ]
    [ Unable to print this part. ]


From carl at dpiwe.tas.gov.au  Wed Dec  7 22:34:38 2005
From: carl at dpiwe.tas.gov.au (Carl Lewis)
Date: Thu Jan 12 21:31:27 2006
Subject: smtp load balancer???
Message-ID: <mailman.17791.1137101487.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Chris Conn wrote:
>>> avhost      5       IN      A       65.196.224.20
>>> avhost        5       IN      A       65.196.224.81
>>>
>>> gives you a 5 second TTL on both records.  Remove one, reload DNS, 
>>> and 5 seconds later it never existed.
>>
>>
>> Been there, done that. My FreeBSD machines worked fine, my Macs worked 
>> fine, my clients with Windows 2003 server continued to cache the 
>> record. Two weeks ago I changed the IP on ecluster4.tls.net from 
>> 65.196.224.134 to 65.196.224.135, yet I still have traffic. This is 
>> not supposed to be so, I have had plenty of people tell me is not so, 
>> yet I have traffic. When I call a client and have them go to their 
>> office server and run "ipconfig /flushdns" everything works again.
>>
>> DAve
> 
> Hmm, that's too bad.  My Windows DNS server does not behave like that.  
> My other UNIX servers are fine too, and to my knowledge I have not found 
> a MS client that would override the record TTL.
> 
> It does not really matter since I do not rely on this method, however my 
> experience differs from yours it seems when it comes to DNS ttls.
> 
I have to echo the, don't go with DNS for load balancing mail-servers.
There's a surprising amount of broken machines out there.
We moved to a load balancer solution a couple of years ago because of
that problem and the fact that some OS's didn't properly handle multiple
MX records.
I've been using a simple pair of linux boxes with keepalived (as a
"front-end" to IPVS) for load balancing. they have a spread of services
shared between them (SMTP/HTTP/HTTPS/Z39.50) and act as each others hot
spare. They live on the same DMZ VLAN but in different buildings.

The Load balancers handle a lot of traffic 24x7 and hardly break a 
sweat, it really does seem to be a fairly low overhead process.

For mail, the single IP on the load balancer's is distributed to
5 small PC's running sendmail/MailScanner etc. It's brilliant!
I can actually do maintenance/patching/upgrades etc during the
day by simply pulling out a box or two at a time with no need
to post outages or hope no one notices. In  the near future I'll be
able to add in another 2 or 3 boxes and seamlessly handle the forever
increasing flow of mail.

Cheers
Carl.

-- 
Tasmania Together 5 Year Review: Have your say: www.tasmaniatogether.tas.gov.au

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From peter.bonivart at LKPG.VISIT.SE  Wed Dec  7 23:25:54 2005
From: peter.bonivart at LKPG.VISIT.SE (Peter Bonivart)
Date: Thu Jan 12 21:31:27 2006
Subject: spamassassin/dccifd: write(MTA socket,XX): Broken pipe
Message-ID: <mailman.17792.1137101487.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Jeff A. Earickson wrote:
> Apparently SA lowered the timeout number from 10 seconds to 5
> seconds between SA 3.0.4 and 3.1.

Interesting, that must be why I've had so much problems with it since SA 
  3.1. I've noticed that when I run debug it times out a lot but I 
didn't think of the timeout number being changed between versions. I'll 
up mine a bit to see if it starts behaving again.

/Peter

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From nats at SSCRMNL.EDU.PH  Thu Dec  8 00:25:40 2005
From: nats at SSCRMNL.EDU.PH (Jose Nathaniel Nengasca)
Date: Thu Jan 12 21:31:27 2006
Subject: error on install Mail::ClamAV
Message-ID: <mailman.17793.1137101487.24926.mailscanner@lists.mailscanner.info>

Hi,

 

I just install MailScanner and I tried to install clamavmodule via cpan but
I have this errors during installation

 

Running make test

PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e"
"test_harness(0, 'blib/lib', 'blib/arch')" t/*.t

t/Mail-ClamAV....NOK 1#     Failed test (t/Mail-ClamAV.t at line 9)

#     Tried to use 'Mail::ClamAV'.

#     Error:  Had problems bootstrapping Inline module 'Mail::ClamAV'

#

# Can't load
'/root/.cpan/build/Mail-ClamAV-0.17/blib/arch/auto/Mail/ClamAV/ClamAV.so'
for module Mail::ClamAV: libclamav.so.1: cannot open shared object file: No
such file or directory at
/usr/lib/perl5/5.8.5/i386-linux-thread-multi/DynaLoader.pm line 230.

#  at /usr/lib/perl5/site_perl/5.8.5/Inline.pm line 500

#

#

#  at /root/.cpan/build/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line 188

# BEGIN failed--compilation aborted at
/root/.cpan/build/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line 532.

# Compilation failed in require at (eval 1) line 2.

"all" is not defined in %Mail::ClamAV::EXPORT_TAGS at t/Mail-ClamAV.t line
11

Can't continue after import errors at t/Mail-ClamAV.t line 11

# Looks like you planned 10 tests but only ran 1.

t/Mail-ClamAV....dubious

        Test returned status 10 (wstat 2560, 0xa00)

DIED. FAILED tests 1-10

        Failed 10/10 tests, 0.00% okay

Failed Test     Stat Wstat Total Fail  Failed  List of Failed

----------------------------------------------------------------------------
---

t/Mail-ClamAV.t   10  2560    10   19 190.00%  1-10

Failed 1/1 test scripts, 0.00% okay. 10/10 subtests failed, 0.00% okay.

make: *** [test_dynamic] Error 2

  /usr/bin/make test -- NOT OK

Running make install

  make test had returned bad status, won't install without force

 

 

Anyone has an idea how to fix this?

 

 

TIA  

Nats




-- 
All messages that are coming from this domain
is certified to be virus and spam free.  If
ever you have received any virus infected 
content or spam, please report it to the
internet administrator of this domain 
nats@sscrmnl.edu.ph

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From janetbindner at YAHOO.CO.UK  Thu Dec  8 01:04:58 2005
From: janetbindner at YAHOO.CO.UK (Janet Bindner)
Date: Thu Jan 12 21:31:27 2006
Subject: New Release- pscm-1.0.0.2 (postfix 2.2.6, MailScanner: 4.48.4-2,
     Clamav: 0.87.1,SpamAssassin: 3.1.0)
Message-ID: <mailman.17794.1137101487.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Depending on the version (e.g fc2,fc3) you are
refering to, the size should be about 12 MB, shouldn't
be this small.

Janet

--- Ed Wallig <ewallig@AEROCONTRACTORS.COM> wrote:

> Question - when downloading this file from the link
> that was sent it reports
> a size of 11.3 MB but the downloaded file ends up
> being only 7.something MB
> - anything amiss? 
> 
> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
> Of Janet Bindner
> Sent: Wednesday, December 07, 2005 1:46 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: New Release- pscm-1.0.0.2 (postfix 2.2.6,
> MailScanner: 4.48.4-2,
> Clamav: 0.87.1,SpamAssassin: 3.1.0)
> 
> Hi all,
>    Latest PSCM is updated with the following:
>     *  Clamav: 0.87.1
>     * MailScanner: 4.48.4-2
>     * SpamAssassin: 3.1.0
>     * Postfix: 2.2.6
> 
> http://metawire.org/~pscm/index.html
> 
> PSCM is an RPM package that provides out-of-box easy
> installation for a
> secure smtp mailserver with spam filtering and virus
> scanning capabilities.
> 
> Cheers!
> Janet
> 
> 
> 		
>
___________________________________________________________
> Yahoo! Exclusive Xmas Game, help Santa with his
> celebrity party -
> http://santas-christmas-party.yahoo.net/
> 
> ------------------------ MailScanner list
> ------------------------ To
> unsubscribe, email jiscmail@jiscmail.ac.uk with the
> words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki
> (http://wiki.mailscanner.info/) and the
> archives
> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off
> the website!
> 
> ------------------------ MailScanner list
> ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with
> the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki
> (http://wiki.mailscanner.info/) and
> the archives
> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off
> the website!
> 



		
___________________________________________________________ 
NEW Yahoo! Cars - sell your car and browse thousands of new and used cars online! http://uk.cars.yahoo.com/

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From pete at ENITECH.COM.AU  Thu Dec  8 03:14:22 2005
From: pete at ENITECH.COM.AU (Peter Russell)
Date: Thu Jan 12 21:31:27 2006
Subject: (OT) Postfix Virtual
Message-ID: <mailman.17795.1137101487.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

OK, using the regexp in the table has worked fanatastic thanks for all 
the tips and pateince explaining it to me.

I have a perl script that queries Domino LDAP and i modded it to get the 
left and right sides of the table automagically.

Which is greaty cos now regular admins can msake changes to domino and 
MailScanner will honour them :)

Thanks again
Pete



Drew Marshall wrote:
> On Thu, December 1, 2005 13:13, Pete Russell wrote:
> 
>>Thanks for your response, only draw back is that i have half a dozen
>>domains on these machines now, some already virtual and therefore i
>>would have no way of seperating the duplicates?
> 
> 
> No worries but I am confused by your duplicates problem. If the user is
> currently listed in a virtual domain, just remove that domain from the
> virtual list in main.cf and add it to the local domain list, or have I
> totally missed the mark?
> 
> 
>>The 2 new domains in my example, the address books are Lotus Domino on
>>NT4 - so LDAP only, which i currently query with perl to build recipient
>>maps (which cuts 50%+ of mail off at helo :), i also query AD for a
>>couple of domains. I am modifying one of these scripts to build my maps
>>automatically, but i am running behind, at this time i just need to
>>decom one Domino server that currently does the aliasing.
>>
>>I will use Glenn's example /^pete@.*domain1\.tld/ pete1@domain3.tld for
>>the format of the map and make them manually doing view exports from the
>>NAB and mail merge for tomorrow :)
> 
> 
> Good luck! Hope it all goes well.
> 
>>Thanks very much for your advice, much appreciated
> 
> 
> No worries.
> 
> Drew
> 
> 
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jlmiller at MMTNETWORKS.COM.AU  Thu Dec  8 03:59:26 2005
From: jlmiller at MMTNETWORKS.COM.AU (Jon Miller)
Date: Thu Jan 12 21:31:27 2006
Subject: spam mail
Message-ID: <mailman.17796.1137101487.24926.mailscanner@lists.mailscanner.info>

Having issues with ebay spam, is there a way to stop this from coming in, using MailScanner, SA and Sophos Anti-Virus, Postfix on a Debian Server.


Regards,




Jon L. Miller,  ASE, CNS, CLS, MCNE, CCNA
Director/Sr Systems Consultant
MMT Networks Pty Ltd
http://www.mmtnetworks.com.au
Resellers for: Novell Gold Partner, Cisco Partner, Peopletelecom, Westnet, Sophos Anti-Virus, 

"I don't know the key to success, but the key to failure
 is trying to please everybody." -Bill Cosby

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, "HTML"  Text/PLAIN  32 lines. ]
    [ Unable to print this part. ]


From jlmiller at MMTNETWORKS.COM.AU  Thu Dec  8 04:02:56 2005
From: jlmiller at MMTNETWORKS.COM.AU (Jon Miller)
Date: Thu Jan 12 21:31:27 2006
Subject: eBay Spam
Message-ID: <mailman.17797.1137101487.24926.mailscanner@lists.mailscanner.info>

Having issues with ebay spam, is there a way to stop this from coming in, using MailScanner, SA and Sophos Anti-Virus, Postfix on a Debian Server.
Sorry for the last e-mail forgot to include the contents of the header:
Received: from mail.mmtnetworks.com.au
 ([192.168.3.3])
 by mmtnetworks.com.au; Thu, 08 Dec 2005 11:49:50 +0800
Received: from ctrl.test.com (unknown [60.173.82.66])
 by mail.mmtnetworks.com.au (Postfix) with ESMTP id 0C1E315000B
 for <jlmiller@mmtnetworks.com.au>; Thu,  8 Dec 2005 11:50:09 +0800 (WST)
Received: by ctrl.test.com (Postfix, from userid 500)
 id 758C337F508; Thu,  8 Dec 2005 11:19:56 +0800 (CST)
To: jlmiller@mmtnetworks.com.au
Subject: {Dangerous Content?} Your account access will remain limited
From: PayPal <service@paypal.com>
Content-type: text/plain; charset="ISO-8859-1"
Message-Id: <20051208031956.758C337F508@ctrl.test.com>
Date: Thu,  8 Dec 2005 11:19:56 +0800 (CST)
X-mmtnet-MailScanner: Found to be infected
X-mmtnet-MailScanner-SpamCheck: not spam,
 SpamAssassin (Disabled due to 20 consecutive timeouts)
X-MailScanner-From: test@ctrl.test.com

Warning: This message has had one or more attachments removed
Warning: (the entire message).
Warning: Please read the "mmtnet-Attachment-Warning.txt" attachment(s) for more information.

This is a message from the MailScanner E-Mail Virus Protection Service

Regards,

Jon L. Miller,  ASE, CNS, CLS, MCNE, CCNA
Director/Sr Systems Consultant
MMT Networks Pty Ltd
http://www.mmtnetworks.com.au
Resellers for: Novell Gold Partner, Cisco Partner, Peopletelecom, Westnet, Sophos Anti-Virus, 

"I don't know the key to success, but the key to failure
 is trying to please everybody." -Bill Cosby

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, "HTML"  Text/HTML  48 lines. ]
    [ Unable to print this part. ]


From smcguane at MAILSHIELD.COM.AU  Thu Dec  8 04:36:03 2005
From: smcguane at MAILSHIELD.COM.AU (Shaun McGuane)
Date: Thu Jan 12 21:31:27 2006
Subject: Email Notifications
Message-ID: <mailman.17798.1137101487.24926.mailscanner@lists.mailscanner.info>

Heyas,

I have a question or 2 for this list. I hope you guys can help here.

1. Is there a way to change the delivery notifications for blocked content
and other various things to a html notification. I use mailscanner as a
managed service and i would like to be able to notify using html not txt. An
example is the attachment that comes along on an email if something is
blocked. I would prefer it just to send an email to the receipient or the
sender to notify it was blocked for a reason and not the original message be
quarantined or deleted.

2. Are there any people out there that can customise mailscanner and
mailwatch to be able to provide reporting to my customers who use it. I am
willing to pay for this as an addon or someone to program this. I feel that
my customers should get a report each month that has my template of my
business as a design and they can see all the pretty information such as pie
charts and breakdowns for there organisation.

Thanks
I look forward to your replies
Shaun McGuane
MailShield
http://www.mailshield.com.au

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From smcguane at MAILSHIELD.COM.AU  Thu Dec  8 04:47:57 2005
From: smcguane at MAILSHIELD.COM.AU (Shaun McGuane)
Date: Thu Jan 12 21:31:27 2006
Subject: Problems with notifications - can anyone help?
Message-ID: <mailman.17799.1137101487.24926.mailscanner@lists.mailscanner.info>

Ok here are the modifications i have done so far.

Deleted Bad Content Message Report =
%report-dir%/mshield/deleted-content-message.html
Deleted Bad Filename Message Report =
%report-dir%/mshield/deleted-filename-message.html
Deleted Virus Message Report = %report-dir%/mshield/deleted-virus-message.html

Stored Bad Content Message Report = %report-dir%/stored.content.message.txt
Stored Bad Filename Message Report = %report-dir%/stored.filename.message.txt
Stored Virus Message Report = %report-dir%/stored.virus.message.txt

Disinfected Report = %report-dir%/mshield/disinfected-report.html
Inline HTML Warning = %report-dir%/inline.warning.html
Inline Text Warning = %report-dir%/inline.warning.txt
Sender Content Report = %report-dir%/mshield/error-content-notification.html
Sender Error Report = %report-dir%/mshield/error-notification.html
Sender Bad Filename Report =
%report-dir%/mshield/error-filename-notification.html
Sender Virus Report = %report-dir%/mshield/virus-notification.html


Notify Senders = yes
Notify Senders Of Viruses = no
Notify Senders Of Blocked Filenames Or Filetypes = yes
Notify Senders Of Other Blocked Content = yes
Never Notify Senders Of Precedence = list bulk

Warning Is Attachment = no
Attachment Warning Filename = MailShield-Attachment-Warning.txt
Attachment Encoding Charset = ISO-8859-1

Spam Actions = %rules-dir%/spam.action.rules
High Scoring Spam Actions = %rules-dir%/spamhigh.action.rules

Sender Spam Report = %report-dir%/mshield/spam-notification.html
Sender Spam List Report = %report-dir%/mshield/spam-rbl-notification.html
Sender SpamAssassin Report = %report-dir%/mshield/spam-notification.html
Inline Spam Warning = %report-dir%/mshield/inline-spam-warning.html
Recipient Spam Report = %report-dir%/mshield/recipient-spam-report.html
Enable Spam Bounce = %rules-dir%/bounce.rules
Bounce Spam As Attachment = no

Virus Scanners = mcafee clamavmodule bitdefender

Please let me know if there is anything else you require.

Thanks
Shaun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mike at CAMAROSS.NET  Thu Dec  8 05:27:26 2005
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:31:27 2006
Subject: eBay Spam
Message-ID: <mailman.17800.1137101487.24926.mailscanner@lists.mailscanner.info>

MailScanner mailing list <> scribbled on Wednesday, December 07, 2005 10:03
PM:

> Having issues with ebay spam, is there a way to stop this
> from coming in, using MailScanner, SA and Sophos Anti-Virus,
> Postfix on a Debian Server.
> Sorry for the last e-mail forgot to include the contents of
> the header:
> Received: from mail.mmtnetworks.com.au
>  ([192.168.3.3])
>  by mmtnetworks.com.au; Thu, 08 Dec 2005 11:49:50 +0800
> Received: from ctrl.test.com (unknown [60.173.82.66])  by
> mail.mmtnetworks.com.au (Postfix) with ESMTP id 0C1E315000B
> for <jlmiller@mmtnetworks.com.au>; Thu,  8 Dec 2005 11:50:09
> +0800 (WST)
> Received: by ctrl.test.com (Postfix, from userid 500)  id
> 758C337F508; Thu,  8 Dec 2005 11:19:56 +0800 (CST)
> To: jlmiller@mmtnetworks.com.au
> Subject: {Dangerous Content?} Your account access will remain limited
> From: PayPal <service@paypal.com>
> Content-type: text/plain; charset="ISO-8859-1"
> Message-Id: <20051208031956.758C337F508@ctrl.test.com>
> Date: Thu,  8 Dec 2005 11:19:56 +0800 (CST)
> X-mmtnet-MailScanner: Found to be infected
> X-mmtnet-MailScanner-SpamCheck: not spam,  SpamAssassin
> (Disabled due to 20 consecutive timeouts)
> X-MailScanner-From: test@ctrl.test.com
> 
> Warning: This message has had one or more attachments removed
> Warning: (the entire message).
> Warning: Please read the "mmtnet-Attachment-Warning.txt"
> attachment(s) for more information.
> 

Add ClamAV to your mix.  It catches many phishing emails.

Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From taz at TAZ-MANIA.COM  Thu Dec  8 05:28:23 2005
From: taz at TAZ-MANIA.COM (Dennis Willson)
Date: Thu Jan 12 21:31:27 2006
Subject: Email Notifications
Message-ID: <mailman.17801.1137101487.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

If use MailWatch it will send an HTML notification... What it actually 
does is send a nightly email with the list of email that was 
quarantined. It then allows the user to request the email be released to 
them if they really want it. It also allows a user to set their own 
white and black lists.

You should take a look at it.

Shaun McGuane wrote:

>Heyas,
>
>I have a question or 2 for this list. I hope you guys can help here.
>
>1. Is there a way to change the delivery notifications for blocked content
>and other various things to a html notification. I use mailscanner as a
>managed service and i would like to be able to notify using html not txt. An
>example is the attachment that comes along on an email if something is
>blocked. I would prefer it just to send an email to the receipient or the
>sender to notify it was blocked for a reason and not the original message be
>quarantined or deleted.
>
>2. Are there any people out there that can customise mailscanner and
>mailwatch to be able to provide reporting to my customers who use it. I am
>willing to pay for this as an addon or someone to program this. I feel that
>my customers should get a report each month that has my template of my
>business as a design and they can see all the pretty information such as pie
>charts and breakdowns for there organisation.
>
>Thanks
>I look forward to your replies
>Shaun McGuane
>MailShield
>http://www.mailshield.com.au
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>  
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From taz at TAZ-MANIA.COM  Thu Dec  8 05:32:52 2005
From: taz at TAZ-MANIA.COM (Dennis Willson)
Date: Thu Jan 12 21:31:27 2006
Subject: eBay Spam
Message-ID: <mailman.17802.1137101487.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

You may want to debug this:

X-mmtnet-MailScanner-SpamCheck: not spam,  SpamAssassin
> (Disabled due to 20 consecutive timeouts)

If SpamAssassin isn't scanning it, then it will be hard to get it marked as Spam



Mike Kercher wrote:

>MailScanner mailing list <> scribbled on Wednesday, December 07, 2005 10:03
>PM:
>
>  
>
>>Having issues with ebay spam, is there a way to stop this
>>from coming in, using MailScanner, SA and Sophos Anti-Virus,
>>Postfix on a Debian Server.
>>Sorry for the last e-mail forgot to include the contents of
>>the header:
>>Received: from mail.mmtnetworks.com.au
>> ([192.168.3.3])
>> by mmtnetworks.com.au; Thu, 08 Dec 2005 11:49:50 +0800
>>Received: from ctrl.test.com (unknown [60.173.82.66])  by
>>mail.mmtnetworks.com.au (Postfix) with ESMTP id 0C1E315000B
>>for <jlmiller@mmtnetworks.com.au>; Thu,  8 Dec 2005 11:50:09
>>+0800 (WST)
>>Received: by ctrl.test.com (Postfix, from userid 500)  id
>>758C337F508; Thu,  8 Dec 2005 11:19:56 +0800 (CST)
>>To: jlmiller@mmtnetworks.com.au
>>Subject: {Dangerous Content?} Your account access will remain limited
>>From: PayPal <service@paypal.com>
>>Content-type: text/plain; charset="ISO-8859-1"
>>Message-Id: <20051208031956.758C337F508@ctrl.test.com>
>>Date: Thu,  8 Dec 2005 11:19:56 +0800 (CST)
>>X-mmtnet-MailScanner: Found to be infected
>>X-mmtnet-MailScanner-SpamCheck: not spam,  SpamAssassin
>>(Disabled due to 20 consecutive timeouts)
>>X-MailScanner-From: test@ctrl.test.com
>>
>>Warning: This message has had one or more attachments removed
>>Warning: (the entire message).
>>Warning: Please read the "mmtnet-Attachment-Warning.txt"
>>attachment(s) for more information.
>>
>>    
>>
>
>Add ClamAV to your mix.  It catches many phishing emails.
>
>Mike
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>  
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ugob at CAMO-ROUTE.COM  Thu Dec  8 06:30:53 2005
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:31:27 2006
Subject: OT: smtp load balancer???
Message-ID: <mailman.17803.1137101487.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Denis Beauchemin wrote:
> Hello,
> 
> I am considering adding an SMTP load balancer in front of my MS servers.
> 
> Any suggestions?
> 
> Thanks!
> 
> Denis
> 

I'd recommend www.coyotepoint.com.  Pretty nice stuff.  Never tried 
myself, but I think you can get a 30-day trial.

Si tu as besoin d'un revendeur a Montreal, je peux te donner un nom...

-- 
Ugo

-> Please don't send a copy of your reply by e-mail.  I read the list.
-> Please avoid top-posting, long signatures and HTML, and cut the 
irrelevant parts in your replies.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jlmiller at MMTNETWORKS.COM.AU  Thu Dec  8 07:53:50 2005
From: jlmiller at MMTNETWORKS.COM.AU (Jon Miller)
Date: Thu Jan 12 21:31:27 2006
Subject: eBay Spam
Message-ID: <mailman.17804.1137101487.24926.mailscanner@lists.mailscanner.info>

Do I run this in foreground or can I continue to run this in the background (a entry in mailscanner.conf).

Thanks

>>> taz@TAZ-MANIA.COM 1:32:52 pm 8/12/2005 >>>
You may want to debug this:

X-mmtnet-MailScanner-SpamCheck: not spam,  SpamAssassin
> (Disabled due to 20 consecutive timeouts)

If SpamAssassin isn't scanning it, then it will be hard to get it marked as Spam



Mike Kercher wrote:

>MailScanner mailing list <> scribbled on Wednesday, December 07, 2005 10:03
>PM:
>
>  
>
>>Having issues with ebay spam, is there a way to stop this
>>from coming in, using MailScanner, SA and Sophos Anti-Virus,
>>Postfix on a Debian Server.
>>Sorry for the last e-mail forgot to include the contents of
>>the header:
>>Received: from mail.mmtnetworks.com.au
>> ([192.168.3.3])
>> by mmtnetworks.com.au; Thu, 08 Dec 2005 11:49:50 +0800
>>Received: from ctrl.test.com (unknown [60.173.82.66])  by
>>mail.mmtnetworks.com.au (Postfix) with ESMTP id 0C1E315000B
>>for <jlmiller@mmtnetworks.com.au>; Thu,  8 Dec 2005 11:50:09
>>+0800 (WST)
>>Received: by ctrl.test.com (Postfix, from userid 500)  id
>>758C337F508; Thu,  8 Dec 2005 11:19:56 +0800 (CST)
>>To: jlmiller@mmtnetworks.com.au
>>Subject: {Dangerous Content?} Your account access will remain limited
>>From: PayPal <service@paypal.com>
>>Content-type: text/plain; charset="ISO-8859-1"
>>Message-Id: <20051208031956.758C337F508@ctrl.test.com>
>>Date: Thu,  8 Dec 2005 11:19:56 +0800 (CST)
>>X-mmtnet-MailScanner: Found to be infected
>>X-mmtnet-MailScanner-SpamCheck: not spam,  SpamAssassin
>>(Disabled due to 20 consecutive timeouts)
>>X-MailScanner-From: test@ctrl.test.com
>>
>>Warning: This message has had one or more attachments removed
>>Warning: (the entire message).
>>Warning: Please read the "mmtnet-Attachment-Warning.txt"
>>attachment(s) for more information.
>>
>>    
>>
>
>Add ClamAV to your mix.  It catches many phishing emails.
>
>Mike
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>  
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, "HTML"  Text/HTML  69 lines. ]
    [ Unable to print this part. ]


From makkaichung at GMAIL.COM  Thu Dec  8 08:46:26 2005
From: makkaichung at GMAIL.COM (Adrian Mak)
Date: Thu Jan 12 21:31:27 2006
Subject: mailscanner + nod32
Message-ID: <mailman.17805.1137101487.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

nod32 has two version on Linux platform, nod32 for Linux Mail server and
nod32 for Linux File server.
Which one should I use to use in postfix + mailscanner + virus scanning
solution ?


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From makkaichung at GMAIL.COM  Thu Dec  8 10:40:32 2005
From: makkaichung at GMAIL.COM (Adrian Mak)
Date: Thu Jan 12 21:31:27 2006
Subject: cannot install Mail::ClamAV perl module
Message-ID: <mailman.17806.1137101487.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I followed the instructions over here
http://www.sng.ecs.soton.ac.uk/mailscanner/install/ClamAVModule.shtml .
On the step of install Mail::ClamAV module, I got error from perl

cpan> install Mail::ClamAV
Running install for module Mail::ClamAV
Running make for S/SA/SABECK/Mail-ClamAV-0.17.tar.gz
  Is already unwrapped into directory /root/.cpan/build/Mail-ClamAV-0.17
  Has already been processed within this session
Running make test
PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e"
"test_harness(0, 'blib/lib', 'blib/arch')" t/*.t
t/Mail-ClamAV....#     Failed test (t/Mail-ClamAV.t at line 9)
#     Tried to use 'Mail::ClamAV'.
#     Error:  Had problems bootstrapping Inline module 'Mail::ClamAV'
#
# Can't load
'/root/.cpan/build/Mail-ClamAV-0.17/blib/arch/auto/Mail/ClamAV/ClamAV.so'
for module Mail::ClamAV: libclamav.so.1: cannot open shared object file:
No such file or directory at
/usr/lib/perl5/5.8.6/i386-linux-thread-multi/DynaLoader.pm line 230.
#  at /usr/lib/perl5/vendor_perl/5.8.6/Inline.pm line 500
#
#
#  at /root/.cpan/build/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line 188
# BEGIN failed--compilation aborted at
/root/.cpan/build/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line 532.
# Compilation failed in require at (eval 1) line 2.
t/Mail-ClamAV....NOK 1"all" is not defined in %Mail::ClamAV::EXPORT_TAGS
at t/Mail-ClamAV.t line 11
Can't continue after import errors at t/Mail-ClamAV.t line 11
# Looks like you planned 10 tests but only ran 1.
t/Mail-ClamAV....dubious                                                    
        Test returned status 10 (wstat 2560, 0xa00)
DIED. FAILED tests 1-10
        Failed 10/10 tests, 0.00% okay
Failed Test     Stat Wstat Total Fail  Failed  List of Failed
-------------------------------------------------------------------------------
t/Mail-ClamAV.t   10  2560    10   19 190.00%  1-10
Failed 1/1 test scripts, 0.00% okay. 10/10 subtests failed, 0.00% okay.
make: *** [test_dynamic] Error 2
  /usr/bin/make test -- NOT OK
Running make install
  make test had returned bad status, won't install without force


anybody know what's the problem ?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From smf at F2S.COM  Thu Dec  8 11:31:06 2005
From: smf at F2S.COM (Steve Freegard)
Date: Thu Jan 12 21:31:27 2006
Subject: www.mailscanner.info & wiki.mailscanner.info down??
Message-ID: <mailman.17807.1137101487.24926.mailscanner@lists.mailscanner.info>

Hi All,

Just editing the Wiki and it looks like both wiki.mailscanner.info and
www.mailscanner.info have just become unavailable:

root@marvin:~ # traceroute -I www.mailscanner.info
traceroute to www.mailscanner.info (152.78.68.160), 30 hops max, 38 byte
packets
 1  my.router (192.168.47.254)  0.815 ms  3.174 ms  0.547 ms
 2  f2s1-hg3.ilford.broadband.bt.net (217.41.132.74)  10.105 ms  9.849
ms  10.171 ms
 3  217.41.132.34 (217.41.132.34)  10.798 ms 217.41.132.33
(217.41.132.33)  11.895 ms 217.41.132.2 (217.41.132.2)  12.449 ms
 4  217.41.132.106 (217.41.132.106)  11.870 ms  12.385 ms 217.41.132.110
(217.41.132.110)  12.724 ms
 5  i-194-106-33-73.freedom2surf.net (194.106.33.73)  11.841 ms  12.404
ms  12.176 ms
 6  i-194-106-32-12.freedom2surf.net (194.106.32.12)  12.821 ms  13.154
ms  49.155 ms
 7  linx-gw2.ja.net (195.66.226.15)  14.064 ms  14.124 ms  13.999 ms
 8  po2-0.lond-scr3.ja.net (146.97.35.249)  12.779 ms  13.629 ms  12.797
ms
 9  po1-0.lond-scr.ja.net (146.97.33.29)  14.947 ms  13.234 ms  13.295
ms
10  po2-0.cosh-scr.ja.net (146.97.33.42)  14.658 ms  15.536 ms  16.940
ms
11  po0-0.cosham-bar.ja.net (146.97.35.22)  16.101 ms  17.191 ms  15.378
ms
12  146.97.40.2 (146.97.40.2)  14.507 ms  15.765 ms  17.004 ms
13  * * *
14  212.219.151.121 (212.219.151.121)  76.601 ms  17.518 ms  17.180 ms
15  212.219.151.122 (212.219.151.122)  15.709 ms  16.779 ms  17.524 ms
16  212.219.151.114 (212.219.151.114)  18.292 ms  17.028 ms  18.316 ms
17  b54gafwc1n1-ext.net.soton.ac.uk (152.78.0.22)  17.029 ms  17.873 ms
49.948 ms
18  b54gagesw1-fwint.net.soton.ac.uk (152.78.109.14)  18.934 ms  19.629
ms  19.073 ms
19  b54aagesw1-ga.net.soton.ac.uk (152.78.108.61)  20.833 ms  21.168 ms
18.356 ms
20  152.78.108.1 (152.78.108.1)  21.407 ms  19.516 ms  22.035 ms
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

Cheers,
Steve.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From steve.swaney at fsl.com  Thu Dec  8 11:57:38 2005
From: steve.swaney at fsl.com (Stephen Swaney)
Date: Thu Jan 12 21:31:27 2006
Subject: www.mailscanner.info & wiki.mailscanner.info down??
Message-ID: <mailman.17808.1137101487.24926.mailscanner@lists.mailscanner.info>

OK from here which is Washington, DC USA

Steve

Stephen Swaney
Fort Systems Ltd.
stephen.swaney@fsl.com
www.fsl.com

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Steve Freegard
> Sent: Thursday, December 08, 2005 6:31 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: www.mailscanner.info & wiki.mailscanner.info down??
> 
> Hi All,
> 
> Just editing the Wiki and it looks like both wiki.mailscanner.info and
> www.mailscanner.info have just become unavailable:
> 
> root@marvin:~ # traceroute -I www.mailscanner.info
> traceroute to www.mailscanner.info (152.78.68.160), 30 hops max, 38 byte
> packets
>  1  my.router (192.168.47.254)  0.815 ms  3.174 ms  0.547 ms
>  2  f2s1-hg3.ilford.broadband.bt.net (217.41.132.74)  10.105 ms  9.849
> ms  10.171 ms
>  3  217.41.132.34 (217.41.132.34)  10.798 ms 217.41.132.33
> (217.41.132.33)  11.895 ms 217.41.132.2 (217.41.132.2)  12.449 ms
>  4  217.41.132.106 (217.41.132.106)  11.870 ms  12.385 ms 217.41.132.110
> (217.41.132.110)  12.724 ms
>  5  i-194-106-33-73.freedom2surf.net (194.106.33.73)  11.841 ms  12.404
> ms  12.176 ms
>  6  i-194-106-32-12.freedom2surf.net (194.106.32.12)  12.821 ms  13.154
> ms  49.155 ms
>  7  linx-gw2.ja.net (195.66.226.15)  14.064 ms  14.124 ms  13.999 ms
>  8  po2-0.lond-scr3.ja.net (146.97.35.249)  12.779 ms  13.629 ms  12.797
> ms
>  9  po1-0.lond-scr.ja.net (146.97.33.29)  14.947 ms  13.234 ms  13.295
> ms
> 10  po2-0.cosh-scr.ja.net (146.97.33.42)  14.658 ms  15.536 ms  16.940
> ms
> 11  po0-0.cosham-bar.ja.net (146.97.35.22)  16.101 ms  17.191 ms  15.378
> ms
> 12  146.97.40.2 (146.97.40.2)  14.507 ms  15.765 ms  17.004 ms
> 13  * * *
> 14  212.219.151.121 (212.219.151.121)  76.601 ms  17.518 ms  17.180 ms
> 15  212.219.151.122 (212.219.151.122)  15.709 ms  16.779 ms  17.524 ms
> 16  212.219.151.114 (212.219.151.114)  18.292 ms  17.028 ms  18.316 ms
> 17  b54gafwc1n1-ext.net.soton.ac.uk (152.78.0.22)  17.029 ms  17.873 ms
> 49.948 ms
> 18  b54gagesw1-fwint.net.soton.ac.uk (152.78.109.14)  18.934 ms  19.629
> ms  19.073 ms
> 19  b54aagesw1-ga.net.soton.ac.uk (152.78.108.61)  20.833 ms  21.168 ms
> 18.356 ms
> 20  152.78.108.1 (152.78.108.1)  21.407 ms  19.516 ms  22.035 ms
> 21  * * *
> 22  * * *
> 23  * * *
> 24  * * *
> 25  * * *
> 26  * * *
> 27  * * *
> 28  * * *
> 29  * * *
> 30  * * *
> 
> Cheers,
> Steve.
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From smf at F2S.COM  Thu Dec  8 12:04:02 2005
From: smf at F2S.COM (Steve Freegard)
Date: Thu Jan 12 21:31:27 2006
Subject: www.mailscanner.info & wiki.mailscanner.info down??
Message-ID: <mailman.17809.1137101487.24926.mailscanner@lists.mailscanner.info>

Okay - it's working again for me now too! ;-)

On Thu, 2005-12-08 at 06:57 -0500, Stephen Swaney wrote:
> OK from here which is Washington, DC USA
> 
> Steve
> 
> Stephen Swaney
> Fort Systems Ltd.
> stephen.swaney@fsl.com
> www.fsl.com
> 
> > -----Original Message-----
> > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> > Behalf Of Steve Freegard
> > Sent: Thursday, December 08, 2005 6:31 AM
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: www.mailscanner.info & wiki.mailscanner.info down??
> > 
> > Hi All,
> > 
> > Just editing the Wiki and it looks like both wiki.mailscanner.info and
> > www.mailscanner.info have just become unavailable:
> > 
> > root@marvin:~ # traceroute -I www.mailscanner.info
> > traceroute to www.mailscanner.info (152.78.68.160), 30 hops max, 38 byte
> > packets
> >  1  my.router (192.168.47.254)  0.815 ms  3.174 ms  0.547 ms
> >  2  f2s1-hg3.ilford.broadband.bt.net (217.41.132.74)  10.105 ms  9.849
> > ms  10.171 ms
> >  3  217.41.132.34 (217.41.132.34)  10.798 ms 217.41.132.33
> > (217.41.132.33)  11.895 ms 217.41.132.2 (217.41.132.2)  12.449 ms
> >  4  217.41.132.106 (217.41.132.106)  11.870 ms  12.385 ms 217.41.132.110
> > (217.41.132.110)  12.724 ms
> >  5  i-194-106-33-73.freedom2surf.net (194.106.33.73)  11.841 ms  12.404
> > ms  12.176 ms
> >  6  i-194-106-32-12.freedom2surf.net (194.106.32.12)  12.821 ms  13.154
> > ms  49.155 ms
> >  7  linx-gw2.ja.net (195.66.226.15)  14.064 ms  14.124 ms  13.999 ms
> >  8  po2-0.lond-scr3.ja.net (146.97.35.249)  12.779 ms  13.629 ms  12.797
> > ms
> >  9  po1-0.lond-scr.ja.net (146.97.33.29)  14.947 ms  13.234 ms  13.295
> > ms
> > 10  po2-0.cosh-scr.ja.net (146.97.33.42)  14.658 ms  15.536 ms  16.940
> > ms
> > 11  po0-0.cosham-bar.ja.net (146.97.35.22)  16.101 ms  17.191 ms  15.378
> > ms
> > 12  146.97.40.2 (146.97.40.2)  14.507 ms  15.765 ms  17.004 ms
> > 13  * * *
> > 14  212.219.151.121 (212.219.151.121)  76.601 ms  17.518 ms  17.180 ms
> > 15  212.219.151.122 (212.219.151.122)  15.709 ms  16.779 ms  17.524 ms
> > 16  212.219.151.114 (212.219.151.114)  18.292 ms  17.028 ms  18.316 ms
> > 17  b54gafwc1n1-ext.net.soton.ac.uk (152.78.0.22)  17.029 ms  17.873 ms
> > 49.948 ms
> > 18  b54gagesw1-fwint.net.soton.ac.uk (152.78.109.14)  18.934 ms  19.629
> > ms  19.073 ms
> > 19  b54aagesw1-ga.net.soton.ac.uk (152.78.108.61)  20.833 ms  21.168 ms
> > 18.356 ms
> > 20  152.78.108.1 (152.78.108.1)  21.407 ms  19.516 ms  22.035 ms
> > 21  * * *
> > 22  * * *
> > 23  * * *
> > 24  * * *
> > 25  * * *
> > 26  * * *
> > 27  * * *
> > 28  * * *
> > 29  * * *
> > 30  * * *
> > 
> > Cheers,
> > Steve.
> > 
> > ------------------------ MailScanner list ------------------------
> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> > 
> > Support MailScanner development - buy the book off the website!
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From smcguane at MAILSHIELD.COM.AU  Thu Dec  8 12:37:01 2005
From: smcguane at MAILSHIELD.COM.AU (ShaunM [MailShield])
Date: Thu Jan 12 21:31:27 2006
Subject: Email Notifications
Message-ID: <mailman.17810.1137101487.24926.mailscanner@lists.mailscanner.info>

Dennis,

I do actually use mailwatch as part of my system. However I do not see where
I can set that function up?

Thanks
Shaun

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Dennis Willson
Sent: Thursday, 8 December 2005 4:28 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Email Notifications

If use MailWatch it will send an HTML notification... What it actually 
does is send a nightly email with the list of email that was 
quarantined. It then allows the user to request the email be released to 
them if they really want it. It also allows a user to set their own 
white and black lists.

You should take a look at it.

Shaun McGuane wrote:

>Heyas,
>
>I have a question or 2 for this list. I hope you guys can help here.
>
>1. Is there a way to change the delivery notifications for blocked content
>and other various things to a html notification. I use mailscanner as a
>managed service and i would like to be able to notify using html not txt.
An
>example is the attachment that comes along on an email if something is
>blocked. I would prefer it just to send an email to the receipient or the
>sender to notify it was blocked for a reason and not the original message
be
>quarantined or deleted.
>
>2. Are there any people out there that can customise mailscanner and
>mailwatch to be able to provide reporting to my customers who use it. I am
>willing to pay for this as an addon or someone to program this. I feel that
>my customers should get a report each month that has my template of my
>business as a design and they can see all the pretty information such as
pie
>charts and breakdowns for there organisation.
>
>Thanks
>I look forward to your replies
>Shaun McGuane
>MailShield
>http://www.mailshield.com.au
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>  
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


----------------------------------------------------------------------------
-----------------------
MailShield E-mail Anti-Virus, Anti-Spam and Content Filtering Service.
http://www.mailshield.com.au







---------------------------------------------------------------------------------------------------
MailShield E-mail Anti-Virus, Anti-Spam and Content Filtering Service. http://www.mailshield.com.au

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From lars+lister.mailscanner at ADVENTURAS.NO  Thu Dec  8 12:46:11 2005
From: lars+lister.mailscanner at ADVENTURAS.NO (Lars Kristiansen)
Date: Thu Jan 12 21:31:27 2006
Subject: OT: smtp load balancer???
Message-ID: <mailman.17811.1137101487.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

> Denis Beauchemin wrote:
>> Hello,
>>
>> I am considering adding an SMTP load balancer in front of my MS servers.
>>
>> Any suggestions?

If you have a recent freebsd or openbsd, maybe: 'man carp'
Introduction to CARP:
http://openbsd.org/faq/pf/carp.html

--
Lars

>>
>> Thanks!
>>
>> Denis
>>
>
> I'd recommend www.coyotepoint.com.  Pretty nice stuff.  Never tried
> myself, but I think you can get a 30-day trial.
>
> Si tu as besoin d'un revendeur a Montreal, je peux te donner un nom...
>
> --
> Ugo
>
> -> Please don't send a copy of your reply by e-mail.  I read the list.
> -> Please avoid top-posting, long signatures and HTML, and cut the
> irrelevant parts in your replies.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ewallig at AEROCONTRACTORS.COM  Thu Dec  8 13:06:35 2005
From: ewallig at AEROCONTRACTORS.COM (Ed Wallig)
Date: Thu Jan 12 21:31:27 2006
Subject: Outgoing mail getting blocked
Message-ID: <mailman.17812.1137101487.24926.mailscanner@lists.mailscanner.info>

Thanks Scott, I'll have a look but won't that setting turn off the file
check feature for incoming mail as well?

 - Ed

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Scott Silva
Sent: Wednesday, December 07, 2005 5:09 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Outgoing mail getting blocked

Ed Wallig spake the following on 12/7/2005 1:22 PM:
> Hi,
>  
> Using MailScanner and ClamAV - I sometimes need to send zipped 
> executables to my remote locations for software patches, etc (no FTP).
> MailScanner is catching the exe file in the zip file and kicking it 
> back. Granted, I can change the extension to .xyz or something like 
> that before zipping it but I'd like to write a rule that allows these 
> files from my domain if it comes from my internal mail server - is 
> that possible? If so, can someone provide an example?
>  
> If its not possible, is there another alternative that leaves the 
> extension scanning functionality in place but allows outbound delivery 
> for certain files?
>  
>  
> Thanks,
>  
>  - Ed Wallig
Ed,
Look for this in MailScanner.conf;

# The maximum depth to which zip archives will be unpacked, to allow for #
checking filenames and filetypes within zip archives.
#
# Note: This setting does *not* affect virus scanning in archives at all.
#
# To disable this feature set this to 0.
# A common useful setting is this option = 0, and Allow Password-Protected #
Archives = no. That block password-protected archives but does not do # any
filename/filetype checks on the files within the archive.
# This can also be the filename of a ruleset.
Maximum Archive Depth = 0



-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, Application/X-PKCS7-SIGNATURE  6.1KB. ]
    [ Unable to print this part. ]


From gmatt at NERC.AC.UK  Thu Dec  8 13:04:38 2005
From: gmatt at NERC.AC.UK (Greg Matthews)
Date: Thu Jan 12 21:31:27 2006
Subject: Log Analysis
Message-ID: <mailman.17813.1137101487.24926.mailscanner@lists.mailscanner.info>

I can thoroughly recommend mailscanner-mrtg which provides very good
(nearly) real time info.

Also, recent logwatch does quite detailed analysis, (some might say too
detailed).

G

On Tue, 2005-12-06 at 20:15 +0000, Michele Neylon:: Blacknight.ie wrote:
> Rodney Green wrote:
> > Thanks everyone. I successfully got Vispan working. The stats it
> > provides are good enough for me right now. I just wanted to stats on the
> > number of virus infected and spam messages.
> > 
> Vispan is very handy, but I'd love to "take it to the next level"...
> 
-- 
Greg Matthews           01491 692445
Head of UNIX/Linux, iTSS Wallingford

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ewallig at AEROCONTRACTORS.COM  Thu Dec  8 13:18:21 2005
From: ewallig at AEROCONTRACTORS.COM (Ed Wallig)
Date: Thu Jan 12 21:31:27 2006
Subject: New Release- pscm-1.0.0.2 (postfix 2.2.6, MailScanner: 4.48.4-2,
     Clamav: 0.87.1,SpamAssassin: 3.1.0)
Message-ID: <mailman.17814.1137101487.24926.mailscanner@lists.mailscanner.info>

Thanks for the reply - I just tried downloading the FC4 version again after
turning off av / IDS scanning on my firewall but it's still showing a
downloaded size of 7.92MB instead of the 11.7MB that it advertises when the
download begins. I'm a little concerned about using this file - can you
advise?


Thanks,

 - Ed

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Janet Bindner
Sent: Wednesday, December 07, 2005 8:05 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: New Release- pscm-1.0.0.2 (postfix 2.2.6, MailScanner:
4.48.4-2, Clamav: 0.87.1,SpamAssassin: 3.1.0)

Depending on the version (e.g fc2,fc3) you are refering to, the size should
be about 12 MB, shouldn't be this small.

Janet

--- Ed Wallig <ewallig@AEROCONTRACTORS.COM> wrote:

> Question - when downloading this file from the link that was sent it 
> reports a size of 11.3 MB but the downloaded file ends up being only 
> 7.something MB
> - anything amiss? 
> 
> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Janet Bindner
> Sent: Wednesday, December 07, 2005 1:46 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: New Release- pscm-1.0.0.2 (postfix 2.2.6,
> MailScanner: 4.48.4-2,
> Clamav: 0.87.1,SpamAssassin: 3.1.0)
> 
> Hi all,
>    Latest PSCM is updated with the following:
>     *  Clamav: 0.87.1
>     * MailScanner: 4.48.4-2
>     * SpamAssassin: 3.1.0
>     * Postfix: 2.2.6
> 
> http://metawire.org/~pscm/index.html
> 
> PSCM is an RPM package that provides out-of-box easy installation for 
> a secure smtp mailserver with spam filtering and virus scanning 
> capabilities.
> 
> Cheers!
> Janet
> 
> 
> 		
>
___________________________________________________________
> Yahoo! Exclusive Xmas Game, help Santa with his celebrity party - 
> http://santas-christmas-party.yahoo.net/
> 
> ------------------------ MailScanner list
> ------------------------ To
> unsubscribe, email jiscmail@jiscmail.ac.uk with the
> words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki
> (http://wiki.mailscanner.info/) and the archives 
> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 
> ------------------------ MailScanner list
> ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki
> (http://wiki.mailscanner.info/) and
> the archives
> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 



		
___________________________________________________________
NEW Yahoo! Cars - sell your car and browse thousands of new and used cars
online! http://uk.cars.yahoo.com/

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From gmatt at NERC.AC.UK  Thu Dec  8 13:22:02 2005
From: gmatt at NERC.AC.UK (Greg Matthews)
Date: Thu Jan 12 21:31:27 2006
Subject: Vispan was RE: [MAILSCANNER] Log Analysis
Message-ID: <mailman.17815.1137101487.24926.mailscanner@lists.mailscanner.info>

On Wed, 2005-12-07 at 08:22 -0500, Aaron K. Moore wrote:
> Is there anything out their similar to it that would work with milter?

logwatch provides some facility for milters. I have tweaks that support
milter-ahead.

G

> 
-- 
Greg Matthews           01491 692445
Head of UNIX/Linux, iTSS Wallingford

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From campbell at CNPAPERS.COM  Thu Dec  8 13:34:00 2005
From: campbell at CNPAPERS.COM (Steve Campbell)
Date: Thu Jan 12 21:31:27 2006
Subject: OT: smtp load balancer???
Message-ID: <mailman.17816.1137101487.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I have used ultramonkey also, years back. It works and is quite a lot like 
the RH pirannaha (spelling?) stuff that was around. I stopped using it 
because of ARP problems, but I believe they have that problem resolved now.

Steve Campbell
campbell@cnpapers.com
Charleston Newspapers

----- Original Message ----- 
From: "Brent Addis" <brent.addis@PRONET.CO.NZ>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Wednesday, December 07, 2005 5:32 PM
Subject: Re: OT: smtp load balancer???


>
>
> Denis Beauchemin wrote:
>
>> Hello,
>>
>> I am considering adding an SMTP load balancer in front of my MS servers.
>>
>> Any suggestions?
>>
>> Thanks!
>>
>> Denis
>>
> Seen ultramonkey?. Its opensource and runs on beige boxes without paying
> megabucks for alternatives.
>
> www.ultramonkey.org
>
> I've used it previously for load balancing proxy servers which worked
> really well.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From rcooper at DWFORD.COM  Thu Dec  8 13:36:28 2005
From: rcooper at DWFORD.COM (Rick Cooper)
Date: Thu Jan 12 21:31:28 2006
Subject: Log Analysis
Message-ID: <mailman.17817.1137101487.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> Behalf Of Steve Campbell
> Sent: Wednesday, December 07, 2005 2:49 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Log Analysis
>
>
> Rick,
>
> This particular problem to which I am referring was a typo in the
> documentation which showed the command to add the user to the database. I
> used the errant one and ended up with a different
> username/password than the
> one I entered. So I just configured the scripts to use the wrong one and
> never looked back. This was before the OLD_PASSWORD problem
> existed. But if
> I hadn't queried the database, I would have ended up like you
> describe for
> yourself, and may have just given up.
>
> Steve
>
[...]

Well I got the latest of everything and installed it and everything went
fine, except for the addition of the MailWatch Admin user. When I tried to
add that I had a column count error and I just looked at the table structure
and added ,'0','0','0','0','' to the end of the command and all was well.
MailWatch.pm came right up and started logging. As I have very
geographically dispersed servers I have a program that each one uses to
retrieve updates or new items and process and install so I have to write
install scripts that will run unattended for anything like this. It was
actually easy so I had them all up and operational in about 10 min after
writing/testing the install script.

Now I have noted one problem I have to look into, and yes I will subscribe
to the MailWatch list, but I store and forward spam and when I did a test
release of one of the spams it was really messed up with the To name missing
in the display and looking a the headers it was ugly and the apparent to
name it released to was the forwarded mailbox user name not the originally
intended recipient.

Other than that all appears to be fine. Of course if you are not familiar
with MySql that admin user problem could get you into a real trick bag.

My apologies again to anyone who was offended or thought I was disrespecting
MailWatch, that wasn't my intention. I only wanted to point out that
installation wasn't as simple as following the docs, and still isn't, but
what ever the issue with the older version of MailWatch was when it came to
connection to the database it has certainly been solved.

Rick


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From smcguane at MAILSHIELD.COM.AU  Thu Dec  8 13:47:25 2005
From: smcguane at MAILSHIELD.COM.AU (ShaunM [MailShield])
Date: Thu Jan 12 21:31:28 2006
Subject: Mailwatch for MailScanner
Message-ID: <mailman.17818.1137101488.24926.mailscanner@lists.mailscanner.info>


I know this maybe the wrong mailing list to ask. However I wanted to see
if anyone could help me.

 

What is the difference between the mailwatch addon for WHM and the
mailwatch addon for Mailscanner. I already know that 1 difference is
that I don&#8217;t have a quarantine_report.php for the one in whm and it
makes it hard for me to generate reports.

 

Aynyone else know of any differences ?

 

Thanks

Shaun

 




-----------------------------------------------------------------------------
This message has been scanned for viruses and malicious content by
MailShield
http://www.mailshield.com.au

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From campbell at CNPAPERS.COM  Thu Dec  8 13:52:46 2005
From: campbell at CNPAPERS.COM (Steve Campbell)
Date: Thu Jan 12 21:31:28 2006
Subject: Log Analysis
Message-ID: <mailman.17819.1137101488.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

----- Original Message ----- 
From: "Rick Cooper" <rcooper@DWFORD.COM>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Thursday, December 08, 2005 8:36 AM
Subject: Re: Log Analysis


>> -----Original Message-----
>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
>> Behalf Of Steve Campbell
>> Sent: Wednesday, December 07, 2005 2:49 PM
>> To: MAILSCANNER@JISCMAIL.AC.UK
>> Subject: Re: Log Analysis
>>
>>
>> Rick,
>>
>> This particular problem to which I am referring was a typo in the
>> documentation which showed the command to add the user to the database. I
>> used the errant one and ended up with a different
>> username/password than the
>> one I entered. So I just configured the scripts to use the wrong one and
>> never looked back. This was before the OLD_PASSWORD problem
>> existed. But if
>> I hadn't queried the database, I would have ended up like you
>> describe for
>> yourself, and may have just given up.
>>
>> Steve
>>
> [...]
>
> Well I got the latest of everything and installed it and everything went
> fine, except for the addition of the MailWatch Admin user. When I tried to
> add that I had a column count error and I just looked at the table 
> structure
> and added ,'0','0','0','0','' to the end of the command and all was well.
> MailWatch.pm came right up and started logging. As I have very
> geographically dispersed servers I have a program that each one uses to
> retrieve updates or new items and process and install so I have to write
> install scripts that will run unattended for anything like this. It was
> actually easy so I had them all up and operational in about 10 min after
> writing/testing the install script.
>
> Now I have noted one problem I have to look into, and yes I will subscribe
> to the MailWatch list, but I store and forward spam and when I did a test
> release of one of the spams it was really messed up with the To name 
> missing
> in the display and looking a the headers it was ugly and the apparent to
> name it released to was the forwarded mailbox user name not the originally
> intended recipient.
>
> Other than that all appears to be fine. Of course if you are not familiar
> with MySql that admin user problem could get you into a real trick bag.
>
> My apologies again to anyone who was offended or thought I was 
> disrespecting
> MailWatch, that wasn't my intention. I only wanted to point out that
> installation wasn't as simple as following the docs, and still isn't, but
> what ever the issue with the older version of MailWatch was when it came 
> to
> connection to the database it has certainly been solved.
>
> Rick
>
>
> --

Glad to hear you have MW working. I haven't upgraded to the Version 1 stuff 
yet, but appreciate your posting as it may help when I do upgrade.

Steve Campbell
campbell@cnpapers.com
Charleston Newspapers

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Thu Dec  8 14:00:36 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:28 2006
Subject: www.mailscanner.info & wiki.mailscanner.info down??
Message-ID: <mailman.17820.1137101488.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Steve Freegard wrote on         Thu, 8 Dec 2005 11:31:06 +0000:

> Just editing the Wiki and it looks like both wiki.mailscanner.info and 
> www.mailscanner.info have just become unavailable:

Steve, there were reports on this yesterday already, but no one on the 
list could confirm it. It's fine from here. When tracerouting I see the 
same timeouts as you, but I reach it. Don't know if that is normal. If I 
ping it I don't get anything back, so all the timeouts may actually be 
side effects of some firewalling and nothing to worry about.

12  *   *   Timed out
13  47              5               212.219.151.121

19  47              -1              152.78.108.1
20  *   *   Timed out
21  49              2               152.78.68.160   augur.ecs.soton.ac.uk


Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Thu Dec  8 14:00:10 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:28 2006
Subject: Email Notifications
Message-ID: <mailman.17821.1137101488.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----

You can change all the reports to anything you like, they are all in  
the etc/reports/en directory (if you are using en=english). The ones  
with From and To and Subject headers can be easily replaced with  
complete MIME messages including the MIME headers and the plain text  
and HTML contents of the messages.

Send yourself a message suitable for using in a report and look at  
the raw message source. You can put this into quite a few of the  
MailScanner report files.

On 8 Dec 2005, at 04:36, Shaun McGuane wrote:

> Heyas,
>
> I have a question or 2 for this list. I hope you guys can help here.
>
> 1. Is there a way to change the delivery notifications for blocked  
> content
> and other various things to a html notification. I use mailscanner  
> as a
> managed service and i would like to be able to notify using html  
> not txt. An
> example is the attachment that comes along on an email if something is
> blocked. I would prefer it just to send an email to the receipient  
> or the
> sender to notify it was blocked for a reason and not the original  
> message be
> quarantined or deleted.
>
> 2. Are there any people out there that can customise mailscanner and
> mailwatch to be able to provide reporting to my customers who use  
> it. I am
> willing to pay for this as an addon or someone to program this. I  
> feel that
> my customers should get a report each month that has my template of my
> business as a design and they can see all the pretty information  
> such as pie
> charts and breakdowns for there organisation.
>
> Thanks
> I look forward to your replies
> Shaun McGuane
> MailShield
> http://www.mailshield.com.au
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBQ5g8bvw32o+k+q+hAQHexAf/QMfKEpHRrhy1ps5sBWeQeV2bnrl/Wmtm
JEUs+4jlVhZQH5Vt+/RZXBkU20IYfu7xoocsiRO2Fb6fPYqvRZTT2aGxnoZPtYU2
CAAH4I1FtGboOw3ddnoB+/2lU7hLu1ZPNSE/X6cri0FhTlgawvli5GEXpKFVb2km
8E2CIJuXR3z7LOrpPFGZVJYQ/BgSI64Yg2SnABwHmiq6uCVvKRTHVz5GzB27PJ/G
IJr9TmkNQlTGT83rAsfMPhs7S0TF/ss3XHlEmIIc5tmQSBi/73z+2RjXIJ7lsskr
EXFP4/mag7bIg7aE1UJ1Yuv9jidlvP0WKr7SilsLW6ZC3Cjgw3nM+A==
=pNmG
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Thu Dec  8 14:01:56 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:28 2006
Subject: Mailwatch for MailScanner
Message-ID: <mailman.17822.1137101488.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "WINDOWS-1252" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

What's WHM?
On 8 Dec 2005, at 13:47, ShaunM [MailShield] wrote:

      I know this maybe the wrong mailing list to ask. However I
      wanted to see if anyone could help me.

       

      What is the difference between the mailwatch addon for WHM
      and the mailwatch addon for Mailscanner. I already know that
      1 difference is
      that I don^Òt have a quarantine_report.php for the one in whm
      and it makes it hard for me to generate reports.

       

      Aynyone else know of any differences ?

       

      Thanks

      Shaun

 




-----------------------------------------------------------------------------
This message has been scanned for viruses and malicious content by
MailShield
http://www.mailshield.com.au

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html). 

Support MailScanner development - buy the book off the website!


-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


    [ Part 2, Application/PGP-SIGNATURE  498bytes. ]
    [ Unable to print this part. ]


From dhawal at NETMAGICSOLUTIONS.COM  Thu Dec  8 14:04:37 2005
From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy)
Date: Thu Jan 12 21:31:28 2006
Subject: Mailwatch for MailScanner
Message-ID: <mailman.17823.1137101488.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "windows-1252" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:
> What's WHM?

Cpanel's WebHost Manager.. iirc

> 
> On 8 Dec 2005, at 13:47, ShaunM [MailShield] wrote:
> 
>> I know this maybe the wrong mailing list to ask. However I wanted to 
>> see if anyone could help me.
>>
>>  
>>
>> What is the difference between the mailwatch addon for WHM and the 
>> mailwatch addon for Mailscanner. I already know that 1 difference is
>> that I don^Òt have a quarantine_report.php for the one in whm and it 
>> makes it hard for me to generate reports.
>>
>>  
>>
>> Aynyone else know of any differences ?
>>
>>  
>>
>> Thanks
>>
>> Shaun
>>
>>  
>>
>>
>>
>>
>> -----------------------------------------------------------------------------
>> This message has been scanned for viruses and malicious content by 
>> MailShield
>> *http://www.mailshield.com.au**
>> ***
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the Wiki (http://wiki.mailscanner.info/)
>> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). 
>>
>> *Support MailScanner development - buy the book off the website!*
> 
> 
> -- 
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store 
> <http://www.MailScanner.info/store>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> 
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> *Support MailScanner development - buy the book off the website!*

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From smf at F2S.COM  Thu Dec  8 14:06:10 2005
From: smf at F2S.COM (Steve Freegard)
Date: Thu Jan 12 21:31:28 2006
Subject: Mailwatch for MailScanner
Message-ID: <mailman.17824.1137101488.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "UTF-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I was wondering that too ;-))

On Thu, 2005-12-08 at 14:01 +0000, Julian Field wrote:
> What's WHM?
> 
> On 8 Dec 2005, at 13:47, ShaunM [MailShield] wrote:
> 
> > I know this maybe the wrong mailing list to ask. However I wanted to
> > see if anyone could help me.
> > 
> >  
> > 
> > What is the difference between the mailwatch addon for WHM and the
> > mailwatch addon for Mailscanner. I already know that 1 difference
> > is 
> > that I donâ^À^Ùt have a quarantine_report.php for the one in whm and it
> > makes it hard for me to generate reports.
> > 
> >  
> > 
> > Aynyone else know of any differences ?
> > 
> >  
> > 
> > Thanks
> > 
> > Shaun
> > 
> > 
> >  
> > 
> > 
> > 
> > 
> > 
> > -----------------------------------------------------------------------------
> > This message has been scanned for viruses and malicious content by
> > MailShield
> > http://www.mailshield.com.au
> > 
> > ------------------------ MailScanner list ------------------------
> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the Wiki (http://wiki.mailscanner.info/)
> > and the archives
> > (http://www.jiscmail.ac.uk/lists/mailscanner.html). 
> > 
> > Support MailScanner development - buy the book off the website!
> 
> -- 
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> 
> 
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). 
> 
> Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Thu Dec  8 14:05:10 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:28 2006
Subject: www.mailscanner.info & wiki.mailscanner.info down??
Message-ID: <mailman.17825.1137101488.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----

One thing I have done which might help people occasionally.
There is now
	www.emailscanner.info
(note the extra "e").
This points at the MailScanner.info backup site in Ireland.

On 8 Dec 2005, at 12:04, Steve Freegard wrote:

> Okay - it's working again for me now too! ;-)
>
> On Thu, 2005-12-08 at 06:57 -0500, Stephen Swaney wrote:
>> OK from here which is Washington, DC USA
>>
>> Steve
>>
>> Stephen Swaney
>> Fort Systems Ltd.
>> stephen.swaney@fsl.com
>> www.fsl.com
>>
>>> -----Original Message-----
>>> From: MailScanner mailing list  
>>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
>>> Behalf Of Steve Freegard
>>> Sent: Thursday, December 08, 2005 6:31 AM
>>> To: MAILSCANNER@JISCMAIL.AC.UK
>>> Subject: www.mailscanner.info & wiki.mailscanner.info down??
>>>
>>> Hi All,
>>>
>>> Just editing the Wiki and it looks like both  
>>> wiki.mailscanner.info and
>>> www.mailscanner.info have just become unavailable:
>>>
>>> root@marvin:~ # traceroute -I www.mailscanner.info
>>> traceroute to www.mailscanner.info (152.78.68.160), 30 hops max,  
>>> 38 byte
>>> packets
>>>  1  my.router (192.168.47.254)  0.815 ms  3.174 ms  0.547 ms
>>>  2  f2s1-hg3.ilford.broadband.bt.net (217.41.132.74)  10.105 ms   
>>> 9.849
>>> ms  10.171 ms
>>>  3  217.41.132.34 (217.41.132.34)  10.798 ms 217.41.132.33
>>> (217.41.132.33)  11.895 ms 217.41.132.2 (217.41.132.2)  12.449 ms
>>>  4  217.41.132.106 (217.41.132.106)  11.870 ms  12.385 ms  
>>> 217.41.132.110
>>> (217.41.132.110)  12.724 ms
>>>  5  i-194-106-33-73.freedom2surf.net (194.106.33.73)  11.841 ms   
>>> 12.404
>>> ms  12.176 ms
>>>  6  i-194-106-32-12.freedom2surf.net (194.106.32.12)  12.821 ms   
>>> 13.154
>>> ms  49.155 ms
>>>  7  linx-gw2.ja.net (195.66.226.15)  14.064 ms  14.124 ms  13.999 ms
>>>  8  po2-0.lond-scr3.ja.net (146.97.35.249)  12.779 ms  13.629 ms   
>>> 12.797
>>> ms
>>>  9  po1-0.lond-scr.ja.net (146.97.33.29)  14.947 ms  13.234 ms   
>>> 13.295
>>> ms
>>> 10  po2-0.cosh-scr.ja.net (146.97.33.42)  14.658 ms  15.536 ms   
>>> 16.940
>>> ms
>>> 11  po0-0.cosham-bar.ja.net (146.97.35.22)  16.101 ms  17.191 ms   
>>> 15.378
>>> ms
>>> 12  146.97.40.2 (146.97.40.2)  14.507 ms  15.765 ms  17.004 ms
>>> 13  * * *
>>> 14  212.219.151.121 (212.219.151.121)  76.601 ms  17.518 ms   
>>> 17.180 ms
>>> 15  212.219.151.122 (212.219.151.122)  15.709 ms  16.779 ms   
>>> 17.524 ms
>>> 16  212.219.151.114 (212.219.151.114)  18.292 ms  17.028 ms   
>>> 18.316 ms
>>> 17  b54gafwc1n1-ext.net.soton.ac.uk (152.78.0.22)  17.029 ms   
>>> 17.873 ms
>>> 49.948 ms
>>> 18  b54gagesw1-fwint.net.soton.ac.uk (152.78.109.14)  18.934 ms   
>>> 19.629
>>> ms  19.073 ms
>>> 19  b54aagesw1-ga.net.soton.ac.uk (152.78.108.61)  20.833 ms   
>>> 21.168 ms
>>> 18.356 ms
>>> 20  152.78.108.1 (152.78.108.1)  21.407 ms  19.516 ms  22.035 ms
>>> 21  * * *
>>> 22  * * *
>>> 23  * * *
>>> 24  * * *
>>> 25  * * *
>>> 26  * * *
>>> 27  * * *
>>> 28  * * *
>>> 29  * * *
>>> 30  * * *
>>>
>>> Cheers,
>>> Steve.
>>>
>>> ------------------------ MailScanner list ------------------------
>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>> 'leave mailscanner' in the body of the email.
>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>> Support MailScanner development - buy the book off the website!
>>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBQ5g9mvw32o+k+q+hAQGYyAf8C4wXJ70kXPzC2BD+5xONqOJ3+bJm/HOE
fOc3OyHMQ1NqCDcb8PjMODDSeOLpSoIN3dI3SU7KztIPH7EJjKInQCcvgAJN7Vtv
OmvAl+3NVZ2MkeFMCQv6Cy8tUep/ifFq221yn7MD11u+wR0JkhFT3MT+YqsiBASk
GGjHuVKD9IRyBaGNq61QuOUC//hXNMyT7qX1yHUnhiAaXveh+/qgT0VQfrObwPDR
GDwi+kHgsr6YPOK7zQZqFWtmLto0940Hv4ujT2xms044NBlmo7x50Nkg0U471vpK
ocNGppR0bJSIlbtBsWxJoUsTkqns68mX0WJ7zV9f9gPvH/DLff7T/g==
=ZQi7
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dhawal at NETMAGICSOLUTIONS.COM  Thu Dec  8 14:08:41 2005
From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy)
Date: Thu Jan 12 21:31:28 2006
Subject: www.mailscanner.info & wiki.mailscanner.info down??
Message-ID: <mailman.17826.1137101488.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> One thing I have done which might help people occasionally.
> There is now
> 	www.emailscanner.info
> (note the extra "e").
> This points at the MailScanner.info backup site in Ireland.
> 

Julian,

I got a 'connection refused' for both the sites some time back (didn't 
note down the time though)

Something more sinister could be at work..

- dhawal

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dhawal at NETMAGICSOLUTIONS.COM  Thu Dec  8 14:10:31 2005
From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy)
Date: Thu Jan 12 21:31:28 2006
Subject: Mailwatch for MailScanner
Message-ID: <mailman.17827.1137101488.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "UTF-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Steve Freegard wrote:
> I was wondering that too ;-))

Also, if you haven't already seen this one..

MailScanner Front-End for cPanel Users
http://www.configserver.com/cp/msfe.html

- dhawal

> On Thu, 2005-12-08 at 14:01 +0000, Julian Field wrote:
> 
>>What's WHM?
>>
>>On 8 Dec 2005, at 13:47, ShaunM [MailShield] wrote:
>>
>>
>>>I know this maybe the wrong mailing list to ask. However I wanted to
>>>see if anyone could help me.
>>>
>>> 
>>>
>>>What is the difference between the mailwatch addon for WHM and the
>>>mailwatch addon for Mailscanner. I already know that 1 difference
>>>is 
>>>that I donâ^À^Ùt have a quarantine_report.php for the one in whm and it
>>>makes it hard for me to generate reports.
>>>
>>> 
>>>
>>>Aynyone else know of any differences ?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Thu Dec  8 14:31:25 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:28 2006
Subject: Email Notifications
Message-ID: <mailman.17828.1137101488.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

ShaunM [MailShield] wrote on         Thu, 8 Dec 2005 23:37:01 +1100:

> I do actually use mailwatch as part of my system. However I do not see where 
> I can set that function up?

You want to use the latest version of it.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From smf at F2S.COM  Thu Dec  8 16:36:47 2005
From: smf at F2S.COM (Steve Freegard)
Date: Thu Jan 12 21:31:28 2006
Subject: Feature Idea:  MailScanner process name
Message-ID: <mailman.17829.1137101488.24926.mailscanner@lists.mailscanner.info>

Hi Julian,

I was looking at a live system recently when I came up with the idea of
changing the MailScanner process name according to what it is doing
(similar to sendmail - where you can see exactly what it is doing by
running 'ps').

For example - in the current version a 'ps -o pid,state,command -xf' on
a Linux-based MailScanner system will give you something like:

 6089 S sendmail: accepting connections
 6098 S sendmail: Queue runner@00:15:00 for /var/spool/mqueue
 6116 S /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScanner /etc
 4402 S \_ /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScanner
10084 S \_ /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScanner
14729 S \_ /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScanner
21996 S \_ /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScanner
28135 S \_ /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScanner

So I modified several files to set the process name according to the
action being taken - which then gives:

 3353 S sendmail: accepting connections
 3362 S sendmail: Queue runner@00:15:00 for /var/spool/mqueue
 3413 S MailScanner
 3486 S  \_ MailScanner: Waiting for messages
 3497 S  \_ MailScanner: Waiting for messages
 3509 S  \_ MailScanner: Waiting for messages
 3518 S  \_ MailScanner: Waiting for messages
 3528 S  \_ MailScanner: Waiting for messages

and when a batch is being processed:

 3413 S MailScanner
 3486 S  \_ MailScanner: Waiting for messages
 3497 S  \_ MailScanner: Waiting for messages
 3509 S  \_ MailScanner: Waiting for messages
 3518 S  \_ MailScanner: Virus Scanning
 3547 Ss |   \_ /bin/sh /usr/lib/MailScanner/clamav-wrapper / 
 3552 R  |     \_ /usr/bin/clamscan --unzip --jar --tar --t
 3528 S  \_ MailScanner: Waiting for messages

I'm not sure how portable this is across systems or if anyone other than
me might find this useful (plus a lot of testing would be needed as
check_MailScanner needed modification), but I've attached the diffs each
of the modified files again the current stable release.

What do you think??

Cheers,
Steve.


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, Application/X-COMPRESSED-TAR  3.6KB. ]
    [ Unable to print this part. ]


From martinh at SOLID-STATE-LOGIC.COM  Thu Dec  8 16:41:21 2005
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:31:28 2006
Subject: Feature Idea:  MailScanner process name
Message-ID: <mailman.17830.1137101488.24926.mailscanner@lists.mailscanner.info>

Hi Steve

Have you tested this on non-linux systems?

--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Steve Freegard
> Sent: 08 December 2005 16:37
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: [MAILSCANNER] Feature Idea: MailScanner process name
> 
> Hi Julian,
> 
> I was looking at a live system recently when I came up with the idea of
> changing the MailScanner process name according to what it is doing
> (similar to sendmail - where you can see exactly what it is doing by
> running 'ps').
> 
> For example - in the current version a 'ps -o pid,state,command -xf' on
> a Linux-based MailScanner system will give you something like:
> 
>  6089 S sendmail: accepting connections
>  6098 S sendmail: Queue runner@00:15:00 for /var/spool/mqueue
>  6116 S /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScanner /etc
>  4402 S \_ /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScanner
> 10084 S \_ /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScanner
> 14729 S \_ /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScanner
> 21996 S \_ /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScanner
> 28135 S \_ /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScanner
> 
> So I modified several files to set the process name according to the
> action being taken - which then gives:
> 
>  3353 S sendmail: accepting connections
>  3362 S sendmail: Queue runner@00:15:00 for /var/spool/mqueue
>  3413 S MailScanner
>  3486 S  \_ MailScanner: Waiting for messages
>  3497 S  \_ MailScanner: Waiting for messages
>  3509 S  \_ MailScanner: Waiting for messages
>  3518 S  \_ MailScanner: Waiting for messages
>  3528 S  \_ MailScanner: Waiting for messages
> 
> and when a batch is being processed:
> 
>  3413 S MailScanner
>  3486 S  \_ MailScanner: Waiting for messages
>  3497 S  \_ MailScanner: Waiting for messages
>  3509 S  \_ MailScanner: Waiting for messages
>  3518 S  \_ MailScanner: Virus Scanning
>  3547 Ss |   \_ /bin/sh /usr/lib/MailScanner/clamav-wrapper /
>  3552 R  |     \_ /usr/bin/clamscan --unzip --jar --tar --t
>  3528 S  \_ MailScanner: Waiting for messages
> 
> I'm not sure how portable this is across systems or if anyone other than
> me might find this useful (plus a lot of testing would be needed as
> check_MailScanner needed modification), but I've attached the diffs each
> of the modified files again the current stable release.
> 
> What do you think??
> 
> Cheers,
> Steve.
> 
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From smf at F2S.COM  Thu Dec  8 16:48:13 2005
From: smf at F2S.COM (Steve Freegard)
Date: Thu Jan 12 21:31:28 2006
Subject: Feature Idea:  MailScanner process name
Message-ID: <mailman.17831.1137101488.24926.mailscanner@lists.mailscanner.info>

Hi Martin,

On Thu, 2005-12-08 at 16:41 +0000, Martin Hepworth wrote:
> Hi Steve
> 
> Have you tested this on non-linux systems?

Nope - I don't have any non-linux VM's set-up at the moment.

Cheers,
Steve.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From martinh at SOLID-STATE-LOGIC.COM  Thu Dec  8 16:55:22 2005
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:31:28 2006
Subject: Feature Idea:  MailScanner process name
Message-ID: <mailman.17832.1137101488.24926.mailscanner@lists.mailscanner.info>

Steve

If Jules can pop out a new beta I can test this on FreeBSD 4.11.....


--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Steve Freegard
> Sent: 08 December 2005 16:48
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: [MAILSCANNER] Feature Idea: MailScanner process name
> 
> Hi Martin,
> 
> On Thu, 2005-12-08 at 16:41 +0000, Martin Hepworth wrote:
> > Hi Steve
> >
> > Have you tested this on non-linux systems?
> 
> Nope - I don't have any non-linux VM's set-up at the moment.
> 
> Cheers,
> Steve.
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From taz at TAZ-MANIA.COM  Thu Dec  8 17:07:49 2005
From: taz at TAZ-MANIA.COM (Dennis Willson)
Date: Thu Jan 12 21:31:28 2006
Subject: Email Notifications
Message-ID: <mailman.17833.1137101488.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

In th tools directory... there's a file called quarantine_report.php
Someone wrote a new report program called qr_new.php and should be in 
the archives.

ShaunM [MailShield] wrote:

>Dennis,
>
>I do actually use mailwatch as part of my system. However I do not see where
>I can set that function up?
>
>Thanks
>Shaun
>
>-----Original Message-----
>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
>Of Dennis Willson
>Sent: Thursday, 8 December 2005 4:28 PM
>To: MAILSCANNER@JISCMAIL.AC.UK
>Subject: Re: Email Notifications
>
>If use MailWatch it will send an HTML notification... What it actually 
>does is send a nightly email with the list of email that was 
>quarantined. It then allows the user to request the email be released to 
>them if they really want it. It also allows a user to set their own 
>white and black lists.
>
>You should take a look at it.
>
>Shaun McGuane wrote:
>
>  
>
>>Heyas,
>>
>>I have a question or 2 for this list. I hope you guys can help here.
>>
>>1. Is there a way to change the delivery notifications for blocked content
>>and other various things to a html notification. I use mailscanner as a
>>managed service and i would like to be able to notify using html not txt.
>>    
>>
>An
>  
>
>>example is the attachment that comes along on an email if something is
>>blocked. I would prefer it just to send an email to the receipient or the
>>sender to notify it was blocked for a reason and not the original message
>>    
>>
>be
>  
>
>>quarantined or deleted.
>>
>>2. Are there any people out there that can customise mailscanner and
>>mailwatch to be able to provide reporting to my customers who use it. I am
>>willing to pay for this as an addon or someone to program this. I feel that
>>my customers should get a report each month that has my template of my
>>business as a design and they can see all the pretty information such as
>>    
>>
>pie
>  
>
>>charts and breakdowns for there organisation.
>>
>>Thanks
>>I look forward to your replies
>>Shaun McGuane
>>MailShield
>>http://www.mailshield.com.au
>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>Support MailScanner development - buy the book off the website!
>> 
>>
>>    
>>
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>
>
>----------------------------------------------------------------------------
>-----------------------
>MailShield E-mail Anti-Virus, Anti-Spam and Content Filtering Service.
>http://www.mailshield.com.au
>
>
>
>
>
>
>
>---------------------------------------------------------------------------------------------------
>MailShield E-mail Anti-Virus, Anti-Spam and Content Filtering Service. http://www.mailshield.com.au
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>  
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Thu Dec  8 17:46:07 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:28 2006
Subject: eBay Spam
Message-ID: <mailman.17834.1137101488.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 08/12/05, Mike Kercher <mike@camaross.net> wrote:
> MailScanner mailing list <> scribbled on Wednesday, December 07, 2005 10:03
> PM:
>
> > Having issues with ebay spam, is there a way to stop this
> > from coming in, using MailScanner, SA and Sophos Anti-Virus,
> > Postfix on a Debian Server.
> > Sorry for the last e-mail forgot to include the contents of
> > the header:
> > Received: from mail.mmtnetworks.com.au
> >  ([192.168.3.3])
> >  by mmtnetworks.com.au; Thu, 08 Dec 2005 11:49:50 +0800
> > Received: from ctrl.test.com (unknown [60.173.82.66])  by
> > mail.mmtnetworks.com.au (Postfix) with ESMTP id 0C1E315000B
> > for <jlmiller@mmtnetworks.com.au>; Thu,  8 Dec 2005 11:50:09
> > +0800 (WST)
> > Received: by ctrl.test.com (Postfix, from userid 500)  id
> > 758C337F508; Thu,  8 Dec 2005 11:19:56 +0800 (CST)
> > To: jlmiller@mmtnetworks.com.au
> > Subject: {Dangerous Content?} Your account access will remain limited
> > From: PayPal <service@paypal.com>
> > Content-type: text/plain; charset="ISO-8859-1"
> > Message-Id: <20051208031956.758C337F508@ctrl.test.com>
> > Date: Thu,  8 Dec 2005 11:19:56 +0800 (CST)
> > X-mmtnet-MailScanner: Found to be infected
> > X-mmtnet-MailScanner-SpamCheck: not spam,  SpamAssassin
> > (Disabled due to 20 consecutive timeouts)
> > X-MailScanner-From: test@ctrl.test.com
> >
> > Warning: This message has had one or more attachments removed
> > Warning: (the entire message).
> > Warning: Please read the "mmtnet-Attachment-Warning.txt"
> > attachment(s) for more information.
> >
>
> Add ClamAV to your mix.  It catches many phishing emails.
>
> Mike
>
Yep, it takes virtually all the eBay phishing..... Instructions here:
http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus:clamav:install:tarball
... then (when you've got it running) add it to the list of virus
scanners in MailScanner.conf....
You might also have a look at the Phishing net in MailScanner.... It
is really worthwihile, and should be pretty easy to make not too prone
to FP things...

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Thu Dec  8 17:49:54 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:28 2006
Subject: mailscanner + nod32
Message-ID: <mailman.17835.1137101488.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 08/12/05, Adrian Mak <makkaichung@gmail.com> wrote:
> nod32 has two version on Linux platform, nod32 for Linux Mail server and
> nod32 for Linux File server.
> Which one should I use to use in postfix + mailscanner + virus scanning
> solution ?
>
>
There unfortunately is no wiki entry for Nod32 ... yet (hint to any
nod32 users....:-), but I'd imagine you only use a commandline
scanner, which would pretty much hint at the version for fileservers.
Haven't looked in the old FAQ-o-matic (reach it via
http://www.mailscanner.info), so .... there might be more "meat"
there;-).

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at gmail.com  Thu Dec  8 17:55:52 2005
From: glenn.steen at gmail.com (Glenn Steen)
Date: Thu Jan 12 21:31:28 2006
Subject: mailscanner + nod32
Message-ID: <mailman.17836.1137101488.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 08/12/05, Glenn Steen <glenn.steen@gmail.com> wrote:
> On 08/12/05, Adrian Mak <makkaichung@gmail.com> wrote:
> > nod32 has two version on Linux platform, nod32 for Linux Mail server and
> > nod32 for Linux File server.
> > Which one should I use to use in postfix + mailscanner + virus scanning
> > solution ?
> >
> >
> There unfortunately is no wiki entry for Nod32 ... yet (hint to any
> nod32 users....:-), but I'd imagine you only use a commandline
> scanner, which would pretty much hint at the version for fileservers.
> Haven't looked in the old FAQ-o-matic (reach it via
> http://www.mailscanner.info), so .... there might be more "meat"
> there;-).
>
Just looked in the old FAQ, no "meat" there.... Perhaps a look through
the list archives would render better answers (I really don't know, I
don't use nod32). I've got this nagging memory that this was
asked/answered a while back (last 6 months)

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Thu Dec  8 18:02:04 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:28 2006
Subject: Feature Idea:  MailScanner process name
Message-ID: <mailman.17837.1137101488.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I tried this a long time ago, setting $0 to the name you want. 
Unfortunately it only worked on Linux so I didn't bother implementing 
it. Guess I could do it anyway as most MailScanner users are on Linux.

How many people actually want it?

Martin Hepworth wrote:

>Steve
>
>If Jules can pop out a new beta I can test this on FreeBSD 4.11.....
>
>
>--
>Martin Hepworth 
>Snr Systems Administrator
>Solid State Logic
>Tel: +44 (0)1865 842300
>
>  
>
>>-----Original Message-----
>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
>>Behalf Of Steve Freegard
>>Sent: 08 December 2005 16:48
>>To: MAILSCANNER@JISCMAIL.AC.UK
>>Subject: Re: [MAILSCANNER] Feature Idea: MailScanner process name
>>
>>Hi Martin,
>>
>>On Thu, 2005-12-08 at 16:41 +0000, Martin Hepworth wrote:
>>    
>>
>>>Hi Steve
>>>
>>>Have you tested this on non-linux systems?
>>>      
>>>
>>Nope - I don't have any non-linux VM's set-up at the moment.
>>
>>Cheers,
>>Steve.
>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>Support MailScanner development - buy the book off the website!
>>    
>>
>
>
>**********************************************************************
>
>This email and any files transmitted with it are confidential and
>intended solely for the use of the individual or entity to whom they
>are addressed. If you have received this email in error please notify
>the system manager.
>
>This footnote confirms that this email message has been swept
>for the presence of computer viruses and is believed to be clean.	
>
>**********************************************************************
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>  
>

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dannyh at aac-services.co.uk  Thu Dec  8 18:06:32 2005
From: dannyh at aac-services.co.uk (Dan Harris)
Date: Thu Jan 12 21:31:28 2006
Subject: FW: Other Bad Content Detected
Message-ID: <mailman.17838.1137101488.24926.mailscanner@lists.mailscanner.info>

Hi,

I've just had the list digest bounced for having too many attachments!

I've had the following line in my /etc/MailScanner/MailScanner.conf file,
ever since the last time this happened (when I was using the default
settings):

Maximum Attachments Per Message = 250 

At that time, my suggestion that the list digest processor be set to chop up
the digest once it got to a certain size was poo pooed in favour of
increasing the attachment limit. It seems that we are at that stage once
again, and I really don't want to increase the limit this time! Can anything
be done at the list digest end of things?

Secondly, to save me going trawling through the archives was there anything
interesting that triggered this mailfest?

Best regards,

Dan Harris.

-----Original Message-----
From: MailScanner [mailto:postmaster@mailscan.dmz.aac-services.co.uk] 
Sent: 08 December 2005 00:01
To: mailscanner@mailscan.dmz.aac-services.co.uk
Subject: Other Bad Content Detected

The following e-mails were found to have: Other Bad Content Detected

    Sender: owner-mailscanner@jiscmail.ac.uk
IP Address: 130.246.192.56
 Recipient: dannyh@AAC-SERVICES.CO.UK
   Subject:  MAILSCANNER Digest - 6 Dec 2005 to 7 Dec 2005 (#2005-349)
 MessageID: 1Ek9D5-0003Y4-VM
    Report: MailScanner: Too many attachments in message

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Thu Dec  8 18:08:35 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:28 2006
Subject: eBay Spam
Message-ID: <mailman.17839.1137101488.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Glenn Steen wrote:

>You might also have a look at the Phishing net in MailScanner.... It
>is really worthwihile, and should be pretty easy to make not too prone
>to FP things...
>  
>
One thing to note: if you are going to try out the phishing net, then 
please make sure you have a nice recent version of MailScanner. The 
phishing net develops continually to increase its effectiveness and 
reduce the false positives. A version 3 months old may well be nowhere 
near as good as the latest one. Please don't rate it unless you've tried 
something recent.

If you have plenty of spare server capacity, then you might want to give 
MCP a try. It has a large overhead cost but may help you if you don't 
want to mix this with the spam scanning at all. I would try the phishing 
net, then add a few SpamAssassin rules to catch it, and only go down the 
MCP route if you already use both low and high scoring spam actions and 
want to do something completely different with it. Even then you could 
write a Custom Function to deduce the spam action depending on exactly 
what SpamAssassin rules hit the message. A "delete" action if your 
custom SpamAssassin rules hit would be pretty easy to implement, and 
would work nice and fast.

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Thu Dec  8 18:12:51 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:28 2006
Subject: FW: Other Bad Content Detected
Message-ID: <mailman.17840.1137101488.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

There was a bug in the Max Attachments code which was fixed in 4.47 
(November 2005). You might find this problem has been solved by that fix.

The mailing list is hopefully shortly going to move home, onto a mailman 
setup, so the features available will change at the same time.

Michele ---- How is the mailman setup coming along?

P.S. Please don't set "Reply-To" on mailing list postings, the rest of 
the list may want to see replies to your question too!

Dan Harris wrote:

>Hi,
>
>I've just had the list digest bounced for having too many attachments!
>
>I've had the following line in my /etc/MailScanner/MailScanner.conf file,
>ever since the last time this happened (when I was using the default
>settings):
>
>Maximum Attachments Per Message = 250 
>
>At that time, my suggestion that the list digest processor be set to chop up
>the digest once it got to a certain size was poo pooed in favour of
>increasing the attachment limit. It seems that we are at that stage once
>again, and I really don't want to increase the limit this time! Can anything
>be done at the list digest end of things?
>
>Secondly, to save me going trawling through the archives was there anything
>interesting that triggered this mailfest?
>
>Best regards,
>
>Dan Harris.
>
>-----Original Message-----
>From: MailScanner [mailto:postmaster@mailscan.dmz.aac-services.co.uk] 
>Sent: 08 December 2005 00:01
>To: mailscanner@mailscan.dmz.aac-services.co.uk
>Subject: Other Bad Content Detected
>
>The following e-mails were found to have: Other Bad Content Detected
>
>    Sender: owner-mailscanner@jiscmail.ac.uk
>IP Address: 130.246.192.56
> Recipient: dannyh@AAC-SERVICES.CO.UK
>   Subject:  MAILSCANNER Digest - 6 Dec 2005 to 7 Dec 2005 (#2005-349)
> MessageID: 1Ek9D5-0003Y4-VM
>    Report: MailScanner: Too many attachments in message
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>  
>

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From smf at F2S.COM  Thu Dec  8 18:21:28 2005
From: smf at F2S.COM (Steve Freegard)
Date: Thu Jan 12 21:31:28 2006
Subject: Feature Idea:  MailScanner process name
Message-ID: <mailman.17841.1137101488.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "UTF-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On Thu, 2005-12-08 at 18:02 +0000, Julian Field wrote:
> I tried this a long time ago, setting $0 to the name you want. 
> Unfortunately it only worked on Linux so I didn't bother implementing 
> it. Guess I could do it anyway as most MailScanner users are on Linux.

I've just checked 'perldoc perlvar' and the situation might be a bit
different now:

<snip>
$0      Contains the name of the program being executed.
        On some (read: not all) operating systems assigning to $0 modi-
        fies the argument area that the "ps" program sees.  On some
        platforms you may have to use special "ps" options or a differ-
        ent "ps" to see the changes.  Modifying the $0 is more useful
        as a way of indicating the current program state than it is for
        hiding the program youâ^À^Ùre running.  

        Note for BSD users: setting $0 does not completely remove
        "perl" from the ps(1) output.  For example, setting $0 to "foo-
        bar" may result in "perl: foobar (perl)" (whether both the
        "perl: " prefix and the " (perl)" suffix are shown depends on
        your exact BSD variant and version).  This is an operating sys-
        tem feature, Perl cannot help it.
</snip>

> 
> How many people actually want it?
> 

Well - you can count me as +1 for this as I think it's useful for
debugging and for status reporting purposes and the operating systems
that don't support this won't be affected by the change.

However - I realise that this is going to be a *pig* to test to get the
check_MailScanner script to work correctly and won't be worth the hassle
if only a few people want this in.

Cheers,
Steve.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Thu Dec  8 18:07:48 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:28 2006
Subject: New Release- pscm-1.0.0.2 (postfix 2.2.6, MailScanner: 4.48.4-2,
     Clamav: 0.87.1,SpamAssassin: 3.1.0)
Message-ID: <mailman.17842.1137101488.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Ed Wallig spake the following on 12/8/2005 5:18 AM:
> Thanks for the reply - I just tried downloading the FC4 version again after
> turning off av / IDS scanning on my firewall but it's still showing a
> downloaded size of 7.92MB instead of the 11.7MB that it advertises when the
> download begins. I'm a little concerned about using this file - can you
> advise?
I just downloaded the FC4 version just to check, and I have a filesize
of 12,315,771 bytes.
Something is killing your download before it is complete. Maybe a bad
version is stuck in a proxy?


-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ewallig at AEROCONTRACTORS.COM  Thu Dec  8 18:31:09 2005
From: ewallig at AEROCONTRACTORS.COM (Ed Wallig)
Date: Thu Jan 12 21:31:28 2006
Subject: New Release- pscm-1.0.0.2 (postfix 2.2.6, MailScanner: 4.48.4-2,
     Clamav: 0.87.1,SpamAssassin: 3.1.0)
Message-ID: <mailman.17843.1137101488.24926.mailscanner@lists.mailscanner.info>

What URL did you use?

 - Ed 

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Scott Silva
Sent: Thursday, December 08, 2005 1:08 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: New Release- pscm-1.0.0.2 (postfix 2.2.6, MailScanner:
4.48.4-2, Clamav: 0.87.1,SpamAssassin: 3.1.0)

Ed Wallig spake the following on 12/8/2005 5:18 AM:
> Thanks for the reply - I just tried downloading the FC4 version again 
> after turning off av / IDS scanning on my firewall but it's still 
> showing a downloaded size of 7.92MB instead of the 11.7MB that it 
> advertises when the download begins. I'm a little concerned about 
> using this file - can you advise?
I just downloaded the FC4 version just to check, and I have a filesize of
12,315,771 bytes.
Something is killing your download before it is complete. Maybe a bad
version is stuck in a proxy?


-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Thu Dec  8 18:31:24 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:28 2006
Subject: Feature Idea:  MailScanner process name
Message-ID: <mailman.17844.1137101488.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Steve Freegard wrote on         Thu, 8 Dec 2005 16:36:47 +0000:

> What do you think??

I like that! 
BTW, on a somewhat related issue: I changed the logging facility of 
MailScanner, so that I get a separate log which consists of MailScanner 
actions only and no clutter in the normal mail log anymore. You can set 
the logging facility in MailScanner.conf, f.i. to "news" (which is 
unlikely for most systems to run on the same machine or at all) and then 
redirect news with /etc/syslogd.conf to /var/log/mailscanner.log or 
whatever you like. Don't forget a file for logrotate.d!

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Thu Dec  8 18:37:57 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:28 2006
Subject: Feature Idea:  MailScanner process name
Message-ID: <mailman.17845.1137101488.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Kai Schaetzl wrote:

>Steve Freegard wrote on         Thu, 8 Dec 2005 16:36:47 +0000:
>  
>
>>What do you think??
>>    
>>
>
>I like that! 
>BTW, on a somewhat related issue: I changed the logging facility of 
>MailScanner, so that I get a separate log which consists of MailScanner 
>actions only and no clutter in the normal mail log anymore. You can set 
>the logging facility in MailScanner.conf, f.i. to "news" (which is 
>unlikely for most systems to run on the same machine or at all) and then 
>redirect news with /etc/syslogd.conf to /var/log/mailscanner.log or 
>whatever you like. Don't forget a file for logrotate.d!
>  
>
That's what the local levels are for. Set it to log to local0 rather 
than re-using news.

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From cparker at SWATGEAR.COM  Thu Dec  8 18:39:13 2005
From: cparker at SWATGEAR.COM (Chris W. Parker)
Date: Thu Jan 12 21:31:28 2006
Subject: Want spam lists to have spamassassin score and not spam list count
    in MS
Message-ID: <mailman.17846.1137101488.24926.mailscanner@lists.mailscanner.info>

Hello,

I'd really like to stop receiving emails that are marked as spam even
though they're whitelisted. As far as I've been told this is because the
email(s) is appearing on more spam lists than my MailScanner
configuration allows.

To me this seems wrong (considering the email is whitelisted!) but the
consesus seems to be that it is expected behavior.

I want the spam lists to simply help discover spam rather than tell me
something is spam when it is in fact not.

How can I do this?


Thanks,
Chris.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Thu Dec  8 18:21:03 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:28 2006
Subject: Outgoing mail getting blocked
Message-ID: <mailman.17847.1137101488.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Ed Wallig spake the following on 12/8/2005 5:06 AM:
> Thanks Scott, I'll have a look but won't that setting turn off the file
> check feature for incoming mail as well?
> 
>  - Ed
> 
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
> Of Scott Silva
> Sent: Wednesday, December 07, 2005 5:09 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Outgoing mail getting blocked
> 
> Ed Wallig spake the following on 12/7/2005 1:22 PM:
> 
>>Hi,
>> 
>>Using MailScanner and ClamAV - I sometimes need to send zipped 
>>executables to my remote locations for software patches, etc (no FTP).
>>MailScanner is catching the exe file in the zip file and kicking it 
>>back. Granted, I can change the extension to .xyz or something like 
>>that before zipping it but I'd like to write a rule that allows these 
>>files from my domain if it comes from my internal mail server - is 
>>that possible? If so, can someone provide an example?
>> 
>>If its not possible, is there another alternative that leaves the 
>>extension scanning functionality in place but allows outbound delivery 
>>for certain files?
>> 
>> 
>>Thanks,
>> 
>> - Ed Wallig
> 
> Ed,
> Look for this in MailScanner.conf;
> 
> # The maximum depth to which zip archives will be unpacked, to allow for #
> checking filenames and filetypes within zip archives.
> #
> # Note: This setting does *not* affect virus scanning in archives at all.
> #
> # To disable this feature set this to 0.
> # A common useful setting is this option = 0, and Allow Password-Protected #
> Archives = no. That block password-protected archives but does not do # any
> filename/filetype checks on the files within the archive.
> # This can also be the filename of a ruleset.
> Maximum Archive Depth = 0
> 
> 
> 
If you want to scan incoming archives and not outgoing, you will have to
use a ruleset instead of a fixed number.
Some examples here;
http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:examples&s=ruleset



-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Thu Dec  8 18:26:08 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:28 2006
Subject: eBay Spam
Message-ID: <mailman.17848.1137101488.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Jon Miller spake the following on 12/7/2005 8:02 PM:
> Having issues with ebay spam, is there a way to stop this from coming in, using MailScanner, SA and Sophos Anti-Virus, Postfix on a Debian Server.
> Sorry for the last e-mail forgot to include the contents of the header:
> Received: from mail.mmtnetworks.com.au
>  ([192.168.3.3])
>  by mmtnetworks.com.au; Thu, 08 Dec 2005 11:49:50 +0800
> Received: from ctrl.test.com (unknown [60.173.82.66])
>  by mail.mmtnetworks.com.au (Postfix) with ESMTP id 0C1E315000B
>  for <jlmiller@mmtnetworks.com.au>; Thu,  8 Dec 2005 11:50:09 +0800 (WST)
> Received: by ctrl.test.com (Postfix, from userid 500)
>  id 758C337F508; Thu,  8 Dec 2005 11:19:56 +0800 (CST)
> To: jlmiller@mmtnetworks.com.au
> Subject: {Dangerous Content?} Your account access will remain limited
> From: PayPal <service@paypal.com>
> Content-type: text/plain; charset="ISO-8859-1"
> Message-Id: <20051208031956.758C337F508@ctrl.test.com>
> Date: Thu,  8 Dec 2005 11:19:56 +0800 (CST)
> X-mmtnet-MailScanner: Found to be infected
> X-mmtnet-MailScanner-SpamCheck: not spam,
>  SpamAssassin (Disabled due to 20 consecutive timeouts)
> X-MailScanner-From: test@ctrl.test.com
> 
> Warning: This message has had one or more attachments removed
> Warning: (the entire message).
> Warning: Please read the "mmtnet-Attachment-Warning.txt" attachment(s) for more information.
> 
> This is a message from the MailScanner E-Mail Virus Protection Service
> 
> Regards,
> 
> Jon L. Miller,  ASE, CNS, CLS, MCNE, CCNA
> Director/Sr Systems Consultant
> MMT Networks Pty Ltd
> http://www.mmtnetworks.com.au
> Resellers for: Novell Gold Partner, Cisco Partner, Peopletelecom, Westnet, Sophos Anti-Virus, 
> 
> "I don't know the key to success, but the key to failure
>  is trying to please everybody." -Bill Cosby
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 
> 
> ------------------------------------------------------------------------
> 
> Having issues with ebay spam, is there a way to stop this from coming
> in, using MailScanner, SA and Sophos Anti-Virus, Postfix on a Debian Server.
> Sorry for the last e-mail forgot to include the contents of the header:
> Received: from mail.mmtnetworks.com.au
>  ([192.168.3.3])
>  by mmtnetworks.com.au; Thu, 08 Dec 2005 11:49:50 +0800
> Received: from ctrl.test.com (unknown [60.173.82.66])
>  by mail.mmtnetworks.com.au (Postfix) with ESMTP id 0C1E315000B
>  for <jlmiller@mmtnetworks.com.au <mailto:jlmiller@mmtnetworks.com.au>>;
> Thu,  8 Dec 2005 11:50:09 +0800 (WST)
> Received: by ctrl.test.com (Postfix, from userid 500)
>  id 758C337F508; Thu,  8 Dec 2005 11:19:56 +0800 (CST)
> To: jlmiller@mmtnetworks.com.au <mailto:jlmiller@mmtnetworks.com.au>
> Subject: {Dangerous Content?} Your account access will remain limited
> From: PayPal <service@paypal.com <mailto:service@paypal.com>>
> Content-type: text/plain; charset="ISO-8859-1"
> Message-Id: <20051208031956.758C337F508@ctrl.test.com
> <mailto:20051208031956.758C337F508@ctrl.test.com>>
> Date: Thu,  8 Dec 2005 11:19:56 +0800 (CST)
> X-mmtnet-MailScanner: Found to be infected
> X-mmtnet-MailScanner-SpamCheck: not spam,
>  SpamAssassin (Disabled due to 20 consecutive timeouts)


First thing is to fix your spamassassin timeout problem so it has a
chance of being caught as spam. Maybe add some services like DCC, Razor
or Pyzor, as they help also.


-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From lbergman at WTXS.NET  Thu Dec  8 18:48:10 2005
From: lbergman at WTXS.NET (Lewis Bergman)
Date: Thu Jan 12 21:31:28 2006
Subject: Feature Idea:  MailScanner process name
Message-ID: <mailman.17849.1137101488.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "UTF-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I like it.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mkettler at EVI-INC.COM  Thu Dec  8 18:49:34 2005
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:31:28 2006
Subject: Want spam lists to have spamassassin score and not spam list
    count in MS
Message-ID: <mailman.17850.1137101488.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Chris W. Parker wrote:
> Hello,
> 
> I'd really like to stop receiving emails that are marked as spam even
> though they're whitelisted. As far as I've been told this is because the
> email(s) is appearing on more spam lists than my MailScanner
> configuration allows.
> 
> To me this seems wrong (considering the email is whitelisted!) but the
> consesus seems to be that it is expected behavior.
> 
> I want the spam lists to simply help discover spam rather than tell me
> something is spam when it is in fact not.
> 
> How can I do this?

Just use SpamAssassin's built-in RBL abilities and disable MailScanner's spam lists.

In general, if you have the Net::DNS perl module, SA should already be doing
this unless you've set skip_rbl_checks to 1 in your config.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From lbergman at WTXS.NET  Thu Dec  8 18:51:23 2005
From: lbergman at WTXS.NET (Lewis Bergman)
Date: Thu Jan 12 21:31:28 2006
Subject: Feature Idea:  MailScanner process name
Message-ID: <mailman.17851.1137101488.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:
> Kai Schaetzl wrote:
> 
>> Steve Freegard wrote on         Thu, 8 Dec 2005 16:36:47 +0000:
>>  
>>
>>> What do you think??
>>>   
>>
>>
>> I like that! BTW, on a somewhat related issue: I changed the logging 
>> facility of MailScanner, so that I get a separate log which consists 
>> of MailScanner actions only and no clutter in the normal mail log 
>> anymore. You can set the logging facility in MailScanner.conf, f.i. to 
>> "news" (which is unlikely for most systems to run on the same machine 
>> or at all) and then redirect news with /etc/syslogd.conf to 
>> /var/log/mailscanner.log or whatever you like. Don't forget a file for 
>> logrotate.d!
>>  
>>
> That's what the local levels are for. Set it to log to local0 rather 
> than re-using news.
> 
I have always thougt it would be nice if MailScaner came default using 
it's own log file.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From cparker at SWATGEAR.COM  Thu Dec  8 19:05:31 2005
From: cparker at SWATGEAR.COM (Chris W. Parker)
Date: Thu Jan 12 21:31:29 2006
Subject: Want spam lists to have spamassassin score and not spam list
    count in MS
Message-ID: <mailman.17852.1137101488.24926.mailscanner@lists.mailscanner.info>

Matt Kettler <mailto:mkettler@EVI-INC.COM>
    on Thursday, December 08, 2005 10:50 AM said:

> Just use SpamAssassin's built-in RBL abilities and disable
> MailScanner's spam lists. 
> 
> In general, if you have the Net::DNS perl module, SA should already
> be doing this unless you've set skip_rbl_checks to 1 in your config.

Yes I have Net::DNS and no skip_rbl_checks is not set to 1.

At this point I've disabled RBL checks (by commenting the line found
MailScanner.conf). Now I guess I wait to see if my spam count goes down.


Thanks,
Chris.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From roger at RUDNICK.COM.BR  Thu Dec  8 19:10:42 2005
From: roger at RUDNICK.COM.BR (Roger Jochem)
Date: Thu Jan 12 21:31:29 2006
Subject: Feature Idea:  MailScanner process name
Message-ID: <mailman.17853.1137101489.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I agree with you... 

----- Original Message ----- 
From: "Lewis Bergman" <lbergman@WTXS.NET>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Thursday, December 08, 2005 4:51 PM
Subject: Re: Feature Idea: MailScanner process name


> Julian Field wrote:
>> Kai Schaetzl wrote:
>> 
>>> Steve Freegard wrote on         Thu, 8 Dec 2005 16:36:47 +0000:
>>>  
>>>
>>>> What do you think??
>>>>   
>>>
>>>
>>> I like that! BTW, on a somewhat related issue: I changed the logging 
>>> facility of MailScanner, so that I get a separate log which consists 
>>> of MailScanner actions only and no clutter in the normal mail log 
>>> anymore. You can set the logging facility in MailScanner.conf, f.i. to 
>>> "news" (which is unlikely for most systems to run on the same machine 
>>> or at all) and then redirect news with /etc/syslogd.conf to 
>>> /var/log/mailscanner.log or whatever you like. Don't forget a file for 
>>> logrotate.d!
>>>  
>>>
>> That's what the local levels are for. Set it to log to local0 rather 
>> than re-using news.
>> 
> I have always thougt it would be nice if MailScaner came default using 
> it's own log file.
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jaearick at COLBY.EDU  Thu Dec  8 19:11:42 2005
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:31:29 2006
Subject: Feature Idea: MailScanner process name
Message-ID: <mailman.17854.1137101489.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I take the contrary point of view -- I log everything for all processes
(sendmail, MailScanner, popper, etc) into one file.  All facilities
and loglevels from syslogd.conf point to the same file.  Yes the
file is gigantic on my mail server (about 100 MB/day, rotated daily),
but everything is in one place waiting for grep to reveal what I 
want.  What happened to a mail message?  Grep for the msgid and see
both sendmail and MailScanner actions.  Want to know about a user?
Grep for userid to see sendmail, MailScanner, and POP actions.  Easy.
Behold the power of grep.

Jeff Earickson
Colby College

On Thu, 8 Dec 2005, Kai Schaetzl wrote:

> Date: Thu, 8 Dec 2005 19:31:24 +0100
> From: Kai Schaetzl <maillists@CONACTIVE.COM>
> Reply-To: MAILSCANNER@JISCMAIL.AC.UK
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Feature Idea: MailScanner process name
> 
> Steve Freegard wrote on         Thu, 8 Dec 2005 16:36:47 +0000:
>
>> What do you think??
>
> I like that!
> BTW, on a somewhat related issue: I changed the logging facility of
> MailScanner, so that I get a separate log which consists of MailScanner
> actions only and no clutter in the normal mail log anymore. You can set
> the logging facility in MailScanner.conf, f.i. to "news" (which is
> unlikely for most systems to run on the same machine or at all) and then
> redirect news with /etc/syslogd.conf to /var/log/mailscanner.log or
> whatever you like. Don't forget a file for logrotate.d!
>
> Kai
>
> -- 
> Kai Schätzl, Berlin, Germany
> Get your web at Conactive Internet Services: http://www.conactive.com
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!
From ugob at CAMO-ROUTE.COM  Thu Dec  8 18:56:47 2005
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:31:29 2006
Subject: Feature Idea:  MailScanner process name
Message-ID: <mailman.17855.1137101489.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "UTF-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Lewis Bergman wrote:
> I like it.
> 

Me too

-- 
Ugo

-> Please don't send a copy of your reply by e-mail.  I read the list.
-> Please avoid top-posting, long signatures and HTML, and cut the 
irrelevant parts in your replies.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mkettler at EVI-INC.COM  Thu Dec  8 19:18:29 2005
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:31:29 2006
Subject: Want spam lists to have spamassassin score and not spam list
    count in MS
Message-ID: <mailman.17856.1137101489.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Chris W. Parker wrote:
> Matt Kettler <mailto:mkettler@EVI-INC.COM>
>     on Thursday, December 08, 2005 10:50 AM said:
> 
> 
>>Just use SpamAssassin's built-in RBL abilities and disable
>>MailScanner's spam lists. 
>>
>>In general, if you have the Net::DNS perl module, SA should already
>>be doing this unless you've set skip_rbl_checks to 1 in your config.
> 
> 
> Yes I have Net::DNS and no skip_rbl_checks is not set to 1.
> 
> At this point I've disabled RBL checks (by commenting the line found
> MailScanner.conf). Now I guess I wait to see if my spam count goes down.
> 

You should see SpamAssassin's use of RBLs show up as a bunch of RCVD_IN_* rules.

Some popular ones as an example:

RCVD_IN_BL_SPAMCOP_NET
RCVD_IN_DSBL
RCVD_IN_SORBS_WEB
RCVD_IN_XBL


By default SA uses these DNS blacklists:
	spamhaus.org (SBL+XBL)
	SpamCop.net
	NJABL.org (multiple lists)
	Sorbs.net (multiple lists)
	DSBL.org
	Completewhois.com
It also uses these DNS whitelists:
	iadb.isipp.com
	bondedsender.com

It has support for the mail-abuse.org (MAPS) lists, but since these are for-pay
services they are disabled by default.

See /usr/share/spamassassin/20_dnsbl_tests.cf if you want to see the gory details.

(note: don't edit this file. If you want to add your own tests, do so in
/etc/mail/spamassassin/*.cf)

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Thu Dec  8 19:26:21 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:29 2006
Subject: Feature Idea:  MailScanner process name
Message-ID: <mailman.17857.1137101489.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Lewis Bergman wrote:

> Julian Field wrote:
>
>> Kai Schaetzl wrote:
>>
>>> Steve Freegard wrote on         Thu, 8 Dec 2005 16:36:47 +0000:
>>>  
>>>
>>>> What do you think??
>>>>   
>>>
>>>
>>>
>>> I like that! BTW, on a somewhat related issue: I changed the logging 
>>> facility of MailScanner, so that I get a separate log which consists 
>>> of MailScanner actions only and no clutter in the normal mail log 
>>> anymore. You can set the logging facility in MailScanner.conf, f.i. 
>>> to "news" (which is unlikely for most systems to run on the same 
>>> machine or at all) and then redirect news with /etc/syslogd.conf to 
>>> /var/log/mailscanner.log or whatever you like. Don't forget a file 
>>> for logrotate.d!
>>>  
>>>
>> That's what the local levels are for. Set it to log to local0 rather 
>> than re-using news.
>>
> I have always thougt it would be nice if MailScaner came default using 
> it's own log file.

Sorry, I disagree. syslogd is there to do the job very well for you, and 
I don't think there is any point reinventing the wheel. You can easily 
configure syslog.conf to use its own log file if that is what you want. 
I don't like programs that do their own logging, it just makes more 
things to configure per-app.

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From cparker at SWATGEAR.COM  Thu Dec  8 19:26:41 2005
From: cparker at SWATGEAR.COM (Chris W. Parker)
Date: Thu Jan 12 21:31:29 2006
Subject: Want spam lists to have spamassassin score and not spam list
    count in MS
Message-ID: <mailman.17858.1137101489.24926.mailscanner@lists.mailscanner.info>

Matt Kettler <mailto:mkettler@EVI-INC.COM>
    on Thursday, December 08, 2005 11:18 AM said:

> You should see SpamAssassin's use of RBLs show up as a bunch of
> RCVD_IN_* rules.

Ahh great! That means it's been working all along.

> See /usr/share/spamassassin/20_dnsbl_tests.cf if you want to see the
> gory details. 
> 
> (note: don't edit this file. If you want to add your own tests, do so
> in /etc/mail/spamassassin/*.cf)

What if I just want to increase the score for each rule? Do I need to do
that in a separate file as well?


Thanks!
Chris.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Thu Dec  8 19:25:53 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:29 2006
Subject: New Release- pscm-1.0.0.2 (postfix 2.2.6, MailScanner: 4.48.4-2,
     Clamav: 0.87.1,SpamAssassin: 3.1.0)
Message-ID: <mailman.17859.1137101489.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Ed Wallig spake the following on 12/8/2005 10:31 AM:
> What URL did you use?
> 
>  - Ed 
> 
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
> Of Scott Silva
> Sent: Thursday, December 08, 2005 1:08 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: New Release- pscm-1.0.0.2 (postfix 2.2.6, MailScanner:
> 4.48.4-2, Clamav: 0.87.1,SpamAssassin: 3.1.0)
> 
> Ed Wallig spake the following on 12/8/2005 5:18 AM:
> 
>>Thanks for the reply - I just tried downloading the FC4 version again 
>>after turning off av / IDS scanning on my firewall but it's still 
>>showing a downloaded size of 7.92MB instead of the 11.7MB that it 
>>advertises when the download begins. I'm a little concerned about 
>>using this file - can you advise?
> 
> I just downloaded the FC4 version just to check, and I have a filesize of
> 12,315,771 bytes.
> Something is killing your download before it is complete. Maybe a bad
> version is stuck in a proxy?
> 
> 
http://metawire.org/~pscm/pscm-1.0.0.2-1.fc4.i386.rpm.php
From MailScanner at ecs.soton.ac.uk  Thu Dec  8 19:44:37 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:29 2006
Subject: MailScanner: Beta release 4.49.1 -- process name feature
Message-ID: <mailman.17861.1137101489.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I have just released beta version 4.49.1.
The only changes in this release are

* New Features and Improvements *
- Now changes the command line listed in `ps` (ie $0) to show what
  MailScanner is doing. Should help diagnose slow system problems.

* Fixes *
- Changed Postfix code to better support latest revision of Perl.

Please give the "ps" output a go and see if it works for you.

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Thu Dec  8 19:46:07 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:29 2006
Subject: Want spam lists to have spamassassin score and not spam list
    count in MS
Message-ID: <mailman.17862.1137101489.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Chris W. Parker wrote:

>Matt Kettler <mailto:mkettler@EVI-INC.COM>
>    on Thursday, December 08, 2005 11:18 AM said:
>
>  
>
>>You should see SpamAssassin's use of RBLs show up as a bunch of
>>RCVD_IN_* rules.
>>    
>>
>
>Ahh great! That means it's been working all along.
>
>  
>
>>See /usr/share/spamassassin/20_dnsbl_tests.cf if you want to see the
>>gory details. 
>>
>>(note: don't edit this file. If you want to add your own tests, do so
>>in /etc/mail/spamassassin/*.cf)
>>    
>>
>
>What if I just want to increase the score for each rule? Do I need to do
>that in a separate file as well?
>  
>
You can put new rule scores in spam.assassin.prefs.conf.

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Thu Dec  8 19:45:08 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:29 2006
Subject: Feature Idea:  MailScanner process name
Message-ID: <mailman.17863.1137101489.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Consider it done. Let me know what you think.

Ugo Bellavance wrote:

> Lewis Bergman wrote:
>
>> I like it.
>>
>
> Me too
>

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From lbergman at WTXS.NET  Thu Dec  8 19:45:33 2005
From: lbergman at WTXS.NET (Lewis Bergman)
Date: Thu Jan 12 21:31:29 2006
Subject: Feature Idea: MailScanner process name
Message-ID: <mailman.17864.1137101489.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Jeff A. Earickson wrote:
> I take the contrary point of view -- I log everything for all processes
> (sendmail, MailScanner, popper, etc) into one file.  All facilities
> and loglevels from syslogd.conf point to the same file.  Yes the
> file is gigantic on my mail server (about 100 MB/day, rotated daily),
> but everything is in one place waiting for grep to reveal what I want.  
> What happened to a mail message?  Grep for the msgid and see
> both sendmail and MailScanner actions.  Want to know about a user?
> Grep for userid to see sendmail, MailScanner, and POP actions.  Easy.
> Behold the power of grep.
> 
Yea, I use remote syslogging to do the same thing but from all my 
servers. I log everything to individual files on the server and then all 
logs are sent to the remote syslog. That way, I can track that userid 
across several MX's, into the mailhub, down into his account, and back 
out via dovecot.

I just like to see them broken down on the server so if I am looking for 
trends on a program they are easier to spot. Sometimes grep hides things 
that you asked it to but didn't really mean to.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From lbergman at WTXS.NET  Thu Dec  8 19:48:16 2005
From: lbergman at WTXS.NET (Lewis Bergman)
Date: Thu Jan 12 21:31:29 2006
Subject: Feature Idea:  MailScanner process name
Message-ID: <mailman.17865.1137101489.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:
> Sorry, I disagree. syslogd is there to do the job very well for you, and 
> I don't think there is any point reinventing the wheel. You can easily 
> configure syslog.conf to use its own log file if that is what you want. 
> I don't like programs that do their own logging, it just makes more 
> things to configure per-app.
> 
To each his own. That's the benefit of writing the code. You get to do 
it your way. Like you said, not a big deal to make syslog do it.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From brose at MED.WAYNE.EDU  Thu Dec  8 19:50:22 2005
From: brose at MED.WAYNE.EDU (Rose, Bobby)
Date: Thu Jan 12 21:31:29 2006
Subject: Feature Idea: MailScanner process name
Message-ID: <mailman.17866.1137101489.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Yep, I do the same as Jeff in that I can see sendmail accept, what milters did what, what mailscanner determined if anything and then what sendmail did to deliver. 

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jeff A. Earickson
Sent: Thursday, December 08, 2005 2:12 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Feature Idea: MailScanner process name

I take the contrary point of view -- I log everything for all processes (sendmail, MailScanner, popper, etc) into one file.  All facilities and loglevels from syslogd.conf point to the same file.  Yes the file is gigantic on my mail server (about 100 MB/day, rotated daily), but everything is in one place waiting for grep to reveal what I want.  What happened to a mail message?  Grep for the msgid and see both sendmail and MailScanner actions.  Want to know about a user?
Grep for userid to see sendmail, MailScanner, and POP actions.  Easy.
Behold the power of grep.

Jeff Earickson
Colby College

On Thu, 8 Dec 2005, Kai Schaetzl wrote:

> Date: Thu, 8 Dec 2005 19:31:24 +0100
> From: Kai Schaetzl <maillists@CONACTIVE.COM>
> Reply-To: MAILSCANNER@JISCMAIL.AC.UK
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Feature Idea: MailScanner process name
> 
> Steve Freegard wrote on         Thu, 8 Dec 2005 16:36:47 +0000:
>
>> What do you think??
>
> I like that!
> BTW, on a somewhat related issue: I changed the logging facility of 
> MailScanner, so that I get a separate log which consists of 
> MailScanner actions only and no clutter in the normal mail log 
> anymore. You can set the logging facility in MailScanner.conf, f.i. to 
> "news" (which is unlikely for most systems to run on the same machine 
> or at all) and then redirect news with /etc/syslogd.conf to 
> /var/log/mailscanner.log or whatever you like. Don't forget a file for logrotate.d!
>
> Kai
>
> --
> Kai Schätzl, Berlin, Germany
> Get your web at Conactive Internet Services: http://www.conactive.com
>
> ------------------------ MailScanner list ------------------------ To 
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and the 
> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mkettler at EVI-INC.COM  Thu Dec  8 19:54:01 2005
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:31:29 2006
Subject: Want spam lists to have spamassassin score and not spam list
    count in MS
Message-ID: <mailman.17867.1137101489.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Chris W. Parker wrote:
> Matt Kettler <mailto:mkettler@EVI-INC.COM>
>     on Thursday, December 08, 2005 11:18 AM said:
> 
> 
>>You should see SpamAssassin's use of RBLs show up as a bunch of
>>RCVD_IN_* rules.
> 
> 
> Ahh great! That means it's been working all along.
> 
> 
>>See /usr/share/spamassassin/20_dnsbl_tests.cf if you want to see the
>>gory details. 
>>
>>(note: don't edit this file. If you want to add your own tests, do so
>>in /etc/mail/spamassassin/*.cf)
> 
> 
> What if I just want to increase the score for each rule? Do I need to do
> that in a separate file as well?

I would suggest doing so, yes.

The problem with editing files in /usr/share/spamassassin is that SA assumes it
owns those files. When you upgrade SA versions, it will simply rm -f
/usr/share/spamassassin/*. Poof, all your changes up in smoke.

I personally like to do my adjustments of scores all in one cf file.
/etc/mail/spamassassin/rescore.cf

This file will just contain a bunch of score statements, and comments explaining
them, kinda like this:

#FPs very high on this rule due to mailscanner.info
score INFO_TLD 0.5

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From cparker at SWATGEAR.COM  Thu Dec  8 20:09:11 2005
From: cparker at SWATGEAR.COM (Chris W. Parker)
Date: Thu Jan 12 21:31:29 2006
Subject: Want spam lists to have spamassassin score and not spam list
    count in MS
Message-ID: <mailman.17868.1137101489.24926.mailscanner@lists.mailscanner.info>

Matt Kettler <mailto:mkettler@EVI-INC.COM>
    on Thursday, December 08, 2005 11:54 AM said:

> I would suggest doing so, yes.
[snip]

Thanks for the great info sir.


Chris.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From raylund.lai at KANKANWOO.COM  Thu Dec  8 20:10:35 2005
From: raylund.lai at KANKANWOO.COM (Raylund Lai)
Date: Thu Jan 12 21:31:29 2006
Subject: Feature Idea: MailScanner process name
Message-ID: <mailman.17869.1137101489.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Yes, I totally agree.  They are all related processes and give the flow 
of them.

Rose, Bobby wrote:

>Yep, I do the same as Jeff in that I can see sendmail accept, what milters did what, what mailscanner determined if anything and then what sendmail did to deliver. 
>
>-----Original Message-----
>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jeff A. Earickson
>Sent: Thursday, December 08, 2005 2:12 PM
>To: MAILSCANNER@JISCMAIL.AC.UK
>Subject: Re: Feature Idea: MailScanner process name
>
>I take the contrary point of view -- I log everything for all processes (sendmail, MailScanner, popper, etc) into one file.  All facilities and loglevels from ssyslogd.conf point to the same file.  Yes the file is gigantic on my mail server (about 100 MB/day, rotated daily), but everything is in one place waiting for grep to reveal what I want.  What happened to a mail message?  Grep for the msgid and see both sendmail and MailScanner actions.  Want to know about a user?
>Grep for userid to see sendmail, MailScanner, and POP actions.  Easy.
>Behold the power of grep.
>
>Jeff Earickson
>Colby College
>
>On Thu, 8 Dec 2005, Kai Schaetzl wrote:
>
>  
>
>>Date: Thu, 8 Dec 2005 19:31:24 +0100
>>From: Kai Schaetzl <maillists@CONACTIVE.COM>
>>Reply-To: MAILSCANNER@JISCMAIL.AC.UK
>>To: MAILSCANNER@JISCMAIL.AC.UK
>>Subject: Re: Feature Idea: MailScanner process name
>>
>>Steve Freegard wrote on         Thu, 8 Dec 2005 16:36:47 +0000:
>>
>>    
>>
>>>What do you think??
>>>      
>>>
>>I like that!
>>BTW, on a somewhat related issue: I changed the logging facility of 
>>MailScanner, so that I get a separate log which consists of 
>>MailScanner actions only and no clutter in the normal mail log 
>>anymore. You can set the logging facility in MailScanner.conf, f.i. to 
>>"news" (which is unlikely for most systems to run on the same machine 
>>or at all) and then redirect news with /etc/syslogd.conf to 
>>/var/log/mailscanner.log or whatever you like. Don't forget a file for logrotate.d!
>>
>>Kai
>>
>>--
>>Kai Schätzl, Berlin, Germany
>>Get your web at Conactive Internet Services: http://www.conactive.com
>>
>>------------------------ MailScanner list ------------------------ To 
>>unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and the 
>>archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>Support MailScanner development - buy the book off the website!
>>
>>    
>>
>
>------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the wordds:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>  
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ralloway at WINBEAM.COM  Thu Dec  8 20:13:15 2005
From: ralloway at WINBEAM.COM (Richard D Alloway)
Date: Thu Jan 12 21:31:29 2006
Subject: Feature Idea:  MailScanner process name
Message-ID: <mailman.17870.1137101489.24926.mailscanner@lists.mailscanner.info>

Hi Julian!

I would like to see it...  :)

Thanks!

-Richard D Alloway, Esq
  Chief Technical Officer
  Winbeam

On Thu, 8 Dec 2005, Julian Field wrote:

> I tried this a long time ago, setting $0 to the name you want. Unfortunately 
> it only worked on Linux so I didn't bother implementing it. Guess I could do 
> it anyway as most MailScanner users are on Linux.
>
> How many people actually want it?
>
> Martin Hepworth wrote:
>
>> Steve
>> 
>> If Jules can pop out a new beta I can test this on FreeBSD 4.11.....
>> 
>> 
>> --
>> Martin Hepworth Snr Systems Administrator
>> Solid State Logic
>> Tel: +44 (0)1865 842300
>> 
>> 
>>> -----Original Message-----
>>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
>>> Behalf Of Steve Freegard
>>> Sent: 08 December 2005 16:48
>>> To: MAILSCANNER@JISCMAIL.AC.UK
>>> Subject: Re: [MAILSCANNER] Feature Idea: MailScanner process name
>>> 
>>> Hi Martin,
>>> 
>>> On Thu, 2005-12-08 at 16:41 +0000, Martin Hepworth wrote:
>>> 
>>>> Hi Steve
>>>> 
>>>> Have you tested this on non-linux systems?
>>>> 
>>> Nope - I don't have any non-linux VM's set-up at the moment.
>>> 
>>> Cheers,
>>> Steve.
>>> 
>>> ------------------------ MailScanner list ------------------------
>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>> 'leave mailscanner' in the body of the email.
>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>> 
>>> Support MailScanner development - buy the book off the website!
>>> 
>> 
>> 
>> **********************************************************************
>> 
>> This email and any files transmitted with it are confidential and
>> intended solely for the use of the individual or entity to whom they
>> are addressed. If you have received this email in error please notify
>> the system manager.
>> 
>> This footnote confirms that this email message has been swept
>> for the presence of computer viruses and is believed to be clean. 
>> **********************************************************************
>> 
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>> 
>> Support MailScanner development - buy the book off the website!
>> 
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From liste-mailscanner at INGESCOM.COM  Thu Dec  8 20:48:05 2005
From: liste-mailscanner at INGESCOM.COM (Sam)
Date: Thu Jan 12 21:31:29 2006
Subject: Process did not exit cleanly
Message-ID: <mailman.17871.1137101489.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-15" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi,

I met a problem with .deb install of mailscanner on sarge 3.1 :
When I do
/etc/init.d/mailscanner stop
As soon as, I see this event in syslog :

Dec  8 21:28:50 lucy Debian-exim: Process did not exit cleanly, returned 
0 with signal 15

I've tried on another test-machine, same thing.
It is a NetInstall install of Sarge 3.1.

Any idea ?
Thanks.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From liste-mailscanner at INGESCOM.COM  Thu Dec  8 20:48:05 2005
From: liste-mailscanner at INGESCOM.COM (Sam)
Date: Thu Jan 12 21:31:29 2006
Subject: Process did not exit cleanly
Message-ID: <mailman.17872.1137101489.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-15" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi,

I met a problem with .deb install of mailscanner on sarge 3.1 :
When I do
/etc/init.d/mailscanner stop
As soon as, I see this event in syslog :

Dec  8 21:28:50 lucy Debian-exim: Process did not exit cleanly, returned 
0 with signal 15

I've tried on another test-machine, same thing.
It is a NetInstall install of Sarge 3.1.

Any idea ?
Thanks.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Thu Dec  8 21:31:21 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:29 2006
Subject: Feature Idea:  MailScanner process name
Message-ID: <mailman.17873.1137101489.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote on         Thu, 8 Dec 2005 18:37:57 +0000:

> That's what the local levels are for.

Of course, you can so as well. When I changed that quite a while back I 
didn't know these facilities are available ;-)

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Thu Dec  8 21:42:56 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:29 2006
Subject: MailScanner: Beta release 4.49.1 -- process name feature
Message-ID: <mailman.17874.1137101489.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Problem!

Installed only the rpm with rpm -Fvh mailscanner*.rpm, updated 
MailScanner.conf. It doesn't launch any MailScanner process. Tried with an 
older init script, same problem. I had to go back to 4.48-4.

System is Suse 9.0.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From michele at BLACKNIGHT.IE  Thu Dec  8 21:59:01 2005
From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:31:29 2006
Subject: Slightly OT - Exim / Apache
Message-ID: <mailman.17875.1137101489.24926.mailscanner@lists.mailscanner.info>

Over the last few weeks the number of attacks on forms hosted on our servers
has reached new levels 
Unfortunately the user id for the mail is set to apache, which makes
tracking down the domain / user who has the vulnerable script very awkward

I know there are solutions for sendmail which allow you to setup some way of
tracing it back easily, but we haven't found any such solution for exim... 
(we may be looking in the wrong places!)

If anybody has any such solution I would really appreciate them sharing a
link 

Regards

Michele

Mr Michele Neylon
Blacknight Solutions
Quality Business Hosting & Colocation
http://www.blacknight.ie/
Tel. 1850 927 280
Intl. +353 (0) 59  9183072 
UK: 0870 163 0607
Direct Dial: +353 (0)59 9183090
Fax. +353 (0) 59  9164239 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mkettler at EVI-INC.COM  Thu Dec  8 22:11:11 2005
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:31:29 2006
Subject: Slightly OT - Exim / Apache
Message-ID: <mailman.17876.1137101489.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Michele Neylon :: Blacknight Solutions wrote:
> Over the last few weeks the number of attacks on forms hosted on our servers
> has reached new levels 
> Unfortunately the user id for the mail is set to apache, which makes
> tracking down the domain / user who has the vulnerable script very awkward
> 
> I know there are solutions for sendmail which allow you to setup some way of
> tracing it back easily, but we haven't found any such solution for exim... 
> (we may be looking in the wrong places!)
> 
> If anybody has any such solution I would really appreciate them sharing a
> link 

I don't know of any way to help you back-track, but I can suggest a way to
possibly forward-track. Have you tried using nessus in safe mode against the
server?

In safe mode it's not 100% reliable, generally does a very good job of at least
giving you a list of things to check on. They have an extensive list of common
scripts with vulnerabilities.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From michele at BLACKNIGHT.IE  Thu Dec  8 22:18:50 2005
From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:31:29 2006
Subject: Slightly OT - Exim / Apache
Message-ID: <mailman.17877.1137101489.24926.mailscanner@lists.mailscanner.info>

Matt Kettler <> said on 08 December 2005 22:11:
 
> I don't know of any way to help you back-track, but I can suggest a
> way to possibly forward-track. Have you tried using nessus in safe
> mode against the server?  
> 
> In safe mode it's not 100% reliable, generally does a very good job
> of at least giving you a list of things to check on. They have an
> extensive list of common scripts with vulnerabilities.  

Matt

Thanks, but the problem is that we have hundreds of sites managed by
developers of varying abilities ranging from excellent to incompetent moron
:)
If they were all using common scripts it wouldn't be as much of an issue,
but a lot of these guys are really "bright" and "program" their own scripts 

Justin Mason's blog has an interesting entry on the current issue:

http://taint.org/2005/12/08/202248a.html


Mr Michele Neylon
Blacknight Solutions
Quality Business Hosting & Colocation
http://www.blacknight.ie/
Tel. 1850 927 280
Intl. +353 (0) 59  9183072
UK: 0870 163 0607
Direct Dial: +353 (0)59 9183090
Fax. +353 (0) 59  9164239

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From rcooper at DWFORD.COM  Thu Dec  8 22:26:47 2005
From: rcooper at DWFORD.COM (Rick Cooper)
Date: Thu Jan 12 21:31:29 2006
Subject: Slightly OT - Exim / Apache
Message-ID: <mailman.17878.1137101489.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> Behalf Of Michele Neylon :: Blacknight Solutions
> Sent: Thursday, December 08, 2005 4:59 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Slightly OT - Exim / Apache
>
>
> Over the last few weeks the number of attacks on forms hosted on
> our servers
> has reached new levels
> Unfortunately the user id for the mail is set to apache, which makes
> tracking down the domain / user who has the vulnerable script very awkward
>
> I know there are solutions for sendmail which allow you to setup
> some way of
> tracing it back easily, but we haven't found any such solution
> for exim...
> (we may be looking in the wrong places!)
>
> If anybody has any such solution I would really appreciate them sharing a
> link
>

When you say userid do you mean the local part of the sender address?
are the domain parts of the sender addresses not different
Are they on the same box as the mail service or another host?
What does the logging look like?

Rick


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Thu Dec  8 22:20:51 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:29 2006
Subject: MailScanner: Beta release 4.49.1 -- process name feature
Message-ID: <mailman.17879.1137101489.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Kai Schaetzl spake the following on 12/8/2005 1:42 PM:
> Problem!
> 
> Installed only the rpm with rpm -Fvh mailscanner*.rpm, updated 
> MailScanner.conf. It doesn't launch any MailScanner process. Tried with an 
> older init script, same problem. I had to go back to 4.48-4.
> 
> System is Suse 9.0.
> 
> Kai
> 
Did you download the SUSE install file or the Redhat/Fedora/Mandrake
one? The RedHat rpm will not work on a SUSE system. The init system is
different.

-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From alex at NKPANAMA.COM  Thu Dec  8 22:41:53 2005
From: alex at NKPANAMA.COM (Alex Neuman van der Hans)
Date: Thu Jan 12 21:31:29 2006
Subject: cannot install Mail::ClamAV perl module
Message-ID: <mailman.17880.1137101489.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Adrian Mak wrote:

> # Can't load 
> '/root/.cpan/build/Mail-ClamAV-0.17/blib/arch/auto/Mail/ClamAV/ClamAV.so' 
> for module Mail::ClamAV: libclamav.so.1: cannot open shared object 
> file: No such file or directory at 
> /usr/lib/perl5/5.8.6/i386-linux-thread-multi/DynaLoader.pm line 230.
> #  at /usr/lib/perl5/vendor_perl/5.8.6/Inline.pm line 500
> anybody know what's the problem ?
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> *Support MailScanner development - buy the book off the website!*

Perl's CPAN module can't find "libclamav.so.1". Maybe you haven't 
compiled ClamAV. Maybe you (or the installer) put it in the wrong place, 
or you may need to run something that updates the way (or the places 
where) the OS looks for shared libraries like libclamav.so.1 - although 
I can't remember if it's either "ldconfig" or "depmod -a".

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Thu Dec  8 22:47:51 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:29 2006
Subject: Slightly OT - Exim / Apache
Message-ID: <mailman.17881.1137101489.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Michele Neylon :: Blacknight Solutions wrote on         Thu, 8 Dec 2005 
21:59:01 -0000:

> Over the last few weeks the number of attacks on forms hosted on our servers 
> has reached new levels 
> Unfortunately the user id for the mail is set to apache, which makes 
> tracking down the domain / user who has the vulnerable script very awkward

This is not a problem with CGI, so I assume you are talking about php scripts 
and mod_php? You can set a mail from address for each virtualhost for php which 
will replace the apache userid.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Thu Dec  8 22:51:35 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:29 2006
Subject: cannot install Mail::ClamAV perl module
Message-ID: <mailman.17882.1137101489.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Alex Neuman van der Hans wrote:

> Adrian Mak wrote:
>
>> # Can't load 
>> '/root/.cpan/build/Mail-ClamAV-0.17/blib/arch/auto/Mail/ClamAV/ClamAV.so' 
>> for module Mail::ClamAV: libclamav.so.1: cannot open shared object 
>> file: No such file or directory at 
>> /usr/lib/perl5/5.8.6/i386-linux-thread-multi/DynaLoader.pm line 230.
>> #  at /usr/lib/perl5/vendor_perl/5.8.6/Inline.pm line 500
>> anybody know what's the problem ?
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the Wiki (http://wiki.mailscanner.info/)
>> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> *Support MailScanner development - buy the book off the website!*
>
>
> Perl's CPAN module can't find "libclamav.so.1". Maybe you haven't 
> compiled ClamAV. Maybe you (or the installer) put it in the wrong 
> place, or you may need to run something that updates the way (or the 
> places where) the OS looks for shared libraries like libclamav.so.1 - 
> although I can't remember if it's either "ldconfig" or "depmod -a".

Did you use my easy ClamAV+SpamAssassin install package? This fixes this 
for you. You need to add /usr/local/lib to /etc/ld.so.conf and run 
ldconfig by hand if you didn't.

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From liste-mailscanner at INGESCOM.COM  Thu Dec  8 22:52:19 2005
From: liste-mailscanner at INGESCOM.COM (Sam)
Date: Thu Jan 12 21:31:29 2006
Subject: Process did not exit cleanly
Message-ID: <mailman.17883.1137101489.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-15" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Sam a écrit :

> Hi,
> I met a problem with .deb install of mailscanner on sarge 3.1 :
> When I do
> /etc/init.d/mailscanner stop
> As soon as, I see this event in syslog :
> Dec  8 21:28:50 lucy Debian-exim: Process did not exit cleanly, 
> returned 0 with signal 15
> I've tried on another test-machine, same thing.
> It is a NetInstall install of Sarge 3.1.
> Any idea ?
> Thanks. 


The mailscanner .deb version is : 4.41.3-2 working with exim 4.41.3-2
I follow instruction for install on the website.
All tests work great with f-prot and kav-4.5 except the syslog event.

I made a test from a woody and dist-upgrade to sarge and there is no 
problem.
But on two machines with NetInstall, same event error.
With Sarge 3.1 NetInstall when installing mailscanner (apt-get) there 
where some errors about folders accesses,
but I made the owner modification on the folders.

I can't see where is the problem.

Thanks.
Sam.
Not a very good english speaker ;-)

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From liste-mailscanner at INGESCOM.COM  Thu Dec  8 22:54:36 2005
From: liste-mailscanner at INGESCOM.COM (Sam)
Date: Thu Jan 12 21:31:29 2006
Subject: Process did not exit cleanly
Message-ID: <mailman.17884.1137101489.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-15" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Sam a écrit :

> The mailscanner .deb version is : 4.41.3-2 working with exim 4.41.3-2


Sorry, it's exim4 : 4.50-8

Sam.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Thu Dec  8 23:23:54 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:29 2006
Subject: MailScanner: Beta release 4.49.1 -- process name feature
Message-ID: <mailman.17885.1137101489.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Scott Silva wrote on         Thu, 8 Dec 2005 14:20:51 -0800:

> Did you download the SUSE install file

Of course, yes ;-) It seems it didn't start up at all, no errors logged. I 
had to revert back fast, so I couldn't play longer.

I put it up on a CentOS system now. There it works. However, I don't see a 
difference in ps:
/usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScanner 
/etc/MailScanner/MailScanner.conf

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jwilliams at COURTESYMORTGAGE.COM  Thu Dec  8 23:23:45 2005
From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams)
Date: Thu Jan 12 21:31:29 2006
Subject: Rejecting incoming emails with blank senders (Sendmail)
Message-ID: <mailman.17886.1137101489.24926.mailscanner@lists.mailscanner.info>


I swear, I just saw this on a recent thread here, but for the life of me,
I cannot rememeber the name of the thread. So far, I have had much luck
searcing the archives.

Im running Sendmail (switching to postfix soon) and I've seen a lot of
emails today come in with empty sender addresses:

Dec  8 15:21:04 serenity sm-mta-in[58836]: jB8NL2Mn058836: from=<>,
size=4633, class=0, nrcpts=1,
msgid=<20051208225239.C5C345C0A1DA@mwinf3010.me.freeserve.com>,
proto=ESMTP, daemon=MTA, relay=smtp1.wanadoo.co.uk [193.252.22.158]


I'm getting really annoyed with this and want to stop it. 9 times out of
ten,  the recipient is a false address anyways.

Is there a way to stop this in sendmail? I know you can do it in postfix,
but im not sure how to do it in Sendmail.

I appreciate it.

-Jason


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From alex at NKPANAMA.COM  Thu Dec  8 23:44:38 2005
From: alex at NKPANAMA.COM (Alex Neuman van der Hans)
Date: Thu Jan 12 21:31:29 2006
Subject: cannot install Mail::ClamAV perl module
Message-ID: <mailman.17887.1137101489.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

That was it. ldconfig. Anyways, I always edit the install.sh script and 
add "--enable-milter" to be able to use clamav-milter, and remove the 
--disable-zlib-vcheck because I *like* knowing when my zlib's out of 
date ;).

Would be nice to have those as a command line option, though.

>
> Did you use my easy ClamAV+SpamAssassin install package? This fixes 
> this for you. You need to add /usr/local/lib to /etc/ld.so.conf and 
> run ldconfig by hand if you didn't.
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Wubba at VIPERSHELLS.COM  Fri Dec  9 00:03:22 2005
From: Wubba at VIPERSHELLS.COM (spam Control)
Date: Thu Jan 12 21:31:29 2006
Subject: MailScanner: Beta release 4.49.1 -- process name feature
Message-ID: <mailman.17888.1137101489.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]




Scott Silva wrote on         Thu, 8 Dec 2005 14:20:51 -0800:

> Did you download the SUSE install file

Of course, yes ;-) It seems it didn't start up at all, no errors logged. I
had to revert back fast, so I couldn't play longer.

I put it up on a CentOS system now. There it works. However, I don't see a
difference in ps:
/usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScanner
/etc/MailScanner/MailScanner.conf

Kai


I Just installed on Centos 4.2, Using rpm, I had to revert back also!
even trying to start in debug there was no response from MailScanner.

Brian

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, Application/X-PKCS7-SIGNATURE  4KB. ]
    [ Unable to print this part. ]


From steve.swaney at fsl.com  Fri Dec  9 00:48:22 2005
From: steve.swaney at fsl.com (Stephen Swaney)
Date: Thu Jan 12 21:31:29 2006
Subject: Rejecting incoming emails with blank senders (Sendmail)
Message-ID: <mailman.17889.1137101489.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Jason Williams
> Sent: Thursday, December 08, 2005 6:24 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Rejecting incoming emails with blank senders (Sendmail)
> 
> I swear, I just saw this on a recent thread here, but for the life of me,
> I cannot rememeber the name of the thread. So far, I have had much luck
> searcing the archives.
> 
> Im running Sendmail (switching to postfix soon) and I've seen a lot of
> emails today come in with empty sender addresses:
> 
> Dec  8 15:21:04 serenity sm-mta-in[58836]: jB8NL2Mn058836: from=<>,
> size=4633, class=0, nrcpts=1,
> msgid=<20051208225239.C5C345C0A1DA@mwinf3010.me.freeserve.com>,
> proto=ESMTP, daemon=MTA, relay=smtp1.wanadoo.co.uk [193.252.22.158]
> 
> 
> I'm getting really annoyed with this and want to stop it. 9 times out of
> ten,  the recipient is a false address anyways.
> 
> Is there a way to stop this in sendmail? I know you can do it in postfix,
> but im not sure how to do it in Sendmail.
> 
> I appreciate it.
> 
> -Jason

It's seems like I've been answering this question a lot lately :)

It's on the listserv archives. Go to:

http://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind04&L=MAILSCANNER&P=R251201&
I=-3&X=7FFD786DDC994945AD&Y=steve.swaney%40fsl.com 

If the link doesn't get you there, search the list archives for a subject
that contains:

	DOS attacked :(

And has a date of Wed, 3 Mar 2004.

Rejecting all e-mail that comes from "From: <>" breaks RFC 1123 and should
only be done in an emergency (read DOS attack). It's not a good idea to do
this on a permanent basis. 

Having said that it looks like over 90% of the email today at many of the
sites we maintain and monitor was Junk; 85%+ spam and 5%+ viruses. Maybe
every day now is a DOS attack :(

Steve

Stephen Swaney
Fort Systems Ltd.
stephen.swaney@fsl.com
www.fsl.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From janetbindner at YAHOO.CO.UK  Fri Dec  9 01:12:28 2005
From: janetbindner at YAHOO.CO.UK (Janet Bindner)
Date: Thu Jan 12 21:31:29 2006
Subject: New Release- pscm-1.0.0.2 (postfix 2.2.6, MailScanner: 4.48.4-2,
     Clamav: 0.87.1,SpamAssassin: 3.1.0)
Message-ID: <mailman.17890.1137101489.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

The file is hosted at sourceforge, 
http://pscm.sourceforge.net/pscm-1.0.0.2-1.fc4.i386.rpm

Just tried to downloaded it a few times, sometimes 2
successive attempts are needed to get a complete
download. 

Janet

--- Scott Silva <ssilva@SGVWATER.COM> wrote:

> Ed Wallig spake the following on 12/8/2005 10:31 AM:
> > What URL did you use?
> > 
> >  - Ed 
> > 
> > -----Original Message-----
> > From: MailScanner mailing list
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
> > Of Scott Silva
> > Sent: Thursday, December 08, 2005 1:08 PM
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: Re: New Release- pscm-1.0.0.2 (postfix
> 2.2.6, MailScanner:
> > 4.48.4-2, Clamav: 0.87.1,SpamAssassin: 3.1.0)
> > 
> > Ed Wallig spake the following on 12/8/2005 5:18
> AM:
> > 
> >>Thanks for the reply - I just tried downloading
> the FC4 version again 
> >>after turning off av / IDS scanning on my firewall
> but it's still 
> >>showing a downloaded size of 7.92MB instead of the
> 11.7MB that it 
> >>advertises when the download begins. I'm a little
> concerned about 
> >>using this file - can you advise?
> > 
> > I just downloaded the FC4 version just to check,
> and I have a filesize of
> > 12,315,771 bytes.
> > Something is killing your download before it is
> complete. Maybe a bad
> > version is stuck in a proxy?
> > 
> > 
>
http://metawire.org/~pscm/pscm-1.0.0.2-1.fc4.i386.rpm.php
> From the download page.
> Might be a php re-director that pulls from a bad
> location for you.
> 
> 
> -- 
> 
> /-----------------------\           |~~\_____/~~\__ 
> |
> | MailScanner; The best |___________ \N1____======
> )-+
> | protection on the net!|                   ~~~|/~~ 
> |
> \-----------------------/                      ()
> 
> ------------------------ MailScanner list
> ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with
> the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki
> (http://wiki.mailscanner.info/) and
> the archives
> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off
> the website!
> 



		
___________________________________________________________ 
To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre. http://uk.security.yahoo.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From smcguane at MAILSHIELD.COM.AU  Thu Dec  8 22:07:24 2005
From: smcguane at MAILSHIELD.COM.AU (ShaunM [MailShield])
Date: Thu Jan 12 21:31:29 2006
Subject: Email Notifications
Message-ID: <mailman.17891.1137101489.24926.mailscanner@lists.mailscanner.info>

Julian,

That's no issue I have been doing so. However it does not seem to grab the
reports from the specified directories and do anything with it. I am
wondering if it's because im using a whm/cpanel version of mailwatch which
is available from configserver.com which seems to lack any reporting tools
directory. 

The only report I get and it does not use one of my custom reports is with
being a blocked file. The email I get with the report is just embedded in
the original email. 

I have modified every report in the reports directory to be a html report
which looks much better but it wont pull them up or use them.

I just cant seem to get any emails with any reports at all.

Thanks
Shaun

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Julian Field
Sent: Friday, 9 December 2005 1:00 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Email Notifications

-----BEGIN PGP SIGNED MESSAGE-----

You can change all the reports to anything you like, they are all in  
the etc/reports/en directory (if you are using en=english). The ones  
with From and To and Subject headers can be easily replaced with  
complete MIME messages including the MIME headers and the plain text  
and HTML contents of the messages.

Send yourself a message suitable for using in a report and look at  
the raw message source. You can put this into quite a few of the  
MailScanner report files.

On 8 Dec 2005, at 04:36, Shaun McGuane wrote:

> Heyas,
>
> I have a question or 2 for this list. I hope you guys can help here.
>
> 1. Is there a way to change the delivery notifications for blocked  
> content
> and other various things to a html notification. I use mailscanner  
> as a
> managed service and i would like to be able to notify using html  
> not txt. An
> example is the attachment that comes along on an email if something is
> blocked. I would prefer it just to send an email to the receipient  
> or the
> sender to notify it was blocked for a reason and not the original  
> message be
> quarantined or deleted.
>
> 2. Are there any people out there that can customise mailscanner and
> mailwatch to be able to provide reporting to my customers who use  
> it. I am
> willing to pay for this as an addon or someone to program this. I  
> feel that
> my customers should get a report each month that has my template of my
> business as a design and they can see all the pretty information  
> such as pie
> charts and breakdowns for there organisation.
>
> Thanks
> I look forward to your replies
> Shaun McGuane
> MailShield
> http://www.mailshield.com.au
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBQ5g8bvw32o+k+q+hAQHexAf/QMfKEpHRrhy1ps5sBWeQeV2bnrl/Wmtm
JEUs+4jlVhZQH5Vt+/RZXBkU20IYfu7xoocsiRO2Fb6fPYqvRZTT2aGxnoZPtYU2
CAAH4I1FtGboOw3ddnoB+/2lU7hLu1ZPNSE/X6cri0FhTlgawvli5GEXpKFVb2km
8E2CIJuXR3z7LOrpPFGZVJYQ/BgSI64Yg2SnABwHmiq6uCVvKRTHVz5GzB27PJ/G
IJr9TmkNQlTGT83rAsfMPhs7S0TF/ss3XHlEmIIc5tmQSBi/73z+2RjXIJ7lsskr
EXFP4/mag7bIg7aE1UJ1Yuv9jidlvP0WKr7SilsLW6ZC3Cjgw3nM+A==
=pNmG
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


----------------------------------------------------------------------------
-----------------------
MailShield E-mail Anti-Virus, Anti-Spam and Content Filtering Service.
http://www.mailshield.com.au

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From nats at SSCRMNL.EDU.PH  Fri Dec  9 01:27:02 2005
From: nats at SSCRMNL.EDU.PH (Jose Nathaniel Nengasca)
Date: Thu Jan 12 21:31:29 2006
Subject: OT : Stale Emails
Message-ID: <mailman.17892.1137101489.24926.mailscanner@lists.mailscanner.info>

Hi,

 

I know this is an off topic question, but I just fire it up anyway.. Is
there any management system or software that can disable temporarily an
email user which gone stale who didn't login for say a month.. just like a
feature found at hotmail.com..

 

Thanks for any recommendations.

 

Nats




-- 
All messages that are coming from this domain
is certified to be virus and spam free.  If
ever you have received any virus infected 
content or spam, please report it to the
internet administrator of this domain 
nats@sscrmnl.edu.ph

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From smcguane at MAILSHIELD.COM.AU  Thu Dec  8 22:10:20 2005
From: smcguane at MAILSHIELD.COM.AU (ShaunM [MailShield])
Date: Thu Jan 12 21:31:29 2006
Subject: Mailwatch for MailScanner
Message-ID: <mailman.17893.1137101489.24926.mailscanner@lists.mailscanner.info>

That's the one I am using and it appears to miss out on the reporting files
such as quarantine_reports.php etc.

If I get someone to install the version from mailwatch website will it be
much better?

Does anyone know any professional service companies or people that can be
hired to install this and customize to my business ?

Thanks
Shaun

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Dhawal Doshy
Sent: Friday, 9 December 2005 1:11 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Mailwatch for MailScanner

Steve Freegard wrote:
> I was wondering that too ;-))

Also, if you haven't already seen this one..

MailScanner Front-End for cPanel Users
http://www.configserver.com/cp/msfe.html

- dhawal

> On Thu, 2005-12-08 at 14:01 +0000, Julian Field wrote:
> 
>>What's WHM?
>>
>>On 8 Dec 2005, at 13:47, ShaunM [MailShield] wrote:
>>
>>
>>>I know this maybe the wrong mailing list to ask. However I wanted to
>>>see if anyone could help me.
>>>
>>> 
>>>
>>>What is the difference between the mailwatch addon for WHM and the
>>>mailwatch addon for Mailscanner. I already know that 1 difference
>>>is 
>>>that I don't have a quarantine_report.php for the one in whm and it
>>>makes it hard for me to generate reports.
>>>
>>> 
>>>
>>>Aynyone else know of any differences ?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


----------------------------------------------------------------------------
-----------------------
MailShield E-mail Anti-Virus, Anti-Spam and Content Filtering Service.
http://www.mailshield.com.au

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From alex at NKPANAMA.COM  Fri Dec  9 02:32:50 2005
From: alex at NKPANAMA.COM (Alex Neuman van der Hans)
Date: Thu Jan 12 21:31:29 2006
Subject: OT : Stale Emails
Message-ID: <mailman.17894.1137101489.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Jose Nathaniel Nengasca wrote:

>Hi,
>
> 
>
>I know this is an off topic question, but I just fire it up anyway.. Is
>there any management system or software that can disable temporarily an
>email user which gone stale who didn't login for say a month.. just like a
>feature found at hotmail.com..
>
> 
>
>Thanks for any recommendations.
>
> 
>
>Nats
>
>
>
>
>  
>
How about grepping your maillog and, if you don't find a user, doing 
stuff to the account? What do you need to do?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From smcguane at MAILSHIELD.COM.AU  Fri Dec  9 03:13:58 2005
From: smcguane at MAILSHIELD.COM.AU (ShaunM [MailShield])
Date: Thu Jan 12 21:31:29 2006
Subject: Email Notifications
Message-ID: <mailman.17895.1137101489.24926.mailscanner@lists.mailscanner.info>

Dennis,

In the version I have that is written for cpanel there is no tools
directory. Any ideas?

Thanks
shaun

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Dennis Willson
Sent: Friday, 9 December 2005 4:08 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Email Notifications

In th tools directory... there's a file called quarantine_report.php
Someone wrote a new report program called qr_new.php and should be in 
the archives.

ShaunM [MailShield] wrote:

>Dennis,
>
>I do actually use mailwatch as part of my system. However I do not see
where
>I can set that function up?
>
>Thanks
>Shaun
>
>-----Original Message-----
>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf
>Of Dennis Willson
>Sent: Thursday, 8 December 2005 4:28 PM
>To: MAILSCANNER@JISCMAIL.AC.UK
>Subject: Re: Email Notifications
>
>If use MailWatch it will send an HTML notification... What it actually 
>does is send a nightly email with the list of email that was 
>quarantined. It then allows the user to request the email be released to 
>them if they really want it. It also allows a user to set their own 
>white and black lists.
>
>You should take a look at it.
>
>Shaun McGuane wrote:
>
>  
>
>>Heyas,
>>
>>I have a question or 2 for this list. I hope you guys can help here.
>>
>>1. Is there a way to change the delivery notifications for blocked content
>>and other various things to a html notification. I use mailscanner as a
>>managed service and i would like to be able to notify using html not txt.
>>    
>>
>An
>  
>
>>example is the attachment that comes along on an email if something is
>>blocked. I would prefer it just to send an email to the receipient or the
>>sender to notify it was blocked for a reason and not the original message
>>    
>>
>be
>  
>
>>quarantined or deleted.
>>
>>2. Are there any people out there that can customise mailscanner and
>>mailwatch to be able to provide reporting to my customers who use it. I am
>>willing to pay for this as an addon or someone to program this. I feel
that
>>my customers should get a report each month that has my template of my
>>business as a design and they can see all the pretty information such as
>>    
>>
>pie
>  
>
>>charts and breakdowns for there organisation.
>>
>>Thanks
>>I look forward to your replies
>>Shaun McGuane
>>MailShield
>>http://www.mailshield.com.au
>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>Support MailScanner development - buy the book off the website!
>> 
>>
>>    
>>
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>
>
>---------------------------------------------------------------------------
-
>-----------------------
>MailShield E-mail Anti-Virus, Anti-Spam and Content Filtering Service.
>http://www.mailshield.com.au
>
>
>
>
>
>
>
>---------------------------------------------------------------------------
------------------------
>MailShield E-mail Anti-Virus, Anti-Spam and Content Filtering Service.
http://www.mailshield.com.au
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>  
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!





---------------------------------------------------------------------------------------------------
MailShield E-mail Anti-Virus, Anti-Spam and Content Filtering Service. http://www.mailshield.com.au

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From joshua.hirsh at PARTNERSOLUTIONS.CA  Fri Dec  9 03:26:53 2005
From: joshua.hirsh at PARTNERSOLUTIONS.CA (Joshua Hirsh)
Date: Thu Jan 12 21:31:29 2006
Subject: MailScanner: Beta release 4.49.1 -- process name feature
Message-ID: <mailman.17896.1137101489.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

> I Just installed on Centos 4.2, Using rpm, I had to revert back also!
> even trying to start in debug there was no response from MailScanner.


The new beta works 100% on my CentOS 4.2 systems..

[hirshj@psimf001 sbin]$ ps axf | grep MailScanner
 4354 ? Ss 0:00 MailScanner: starting children
 4355 ? S  0:03  \_ MailScanner: waiting for messages
 4370 ? S  0:03  \_ MailScanner: waiting for messages
 4424 ? S  0:03  \_ MailScanner: waiting for messages
 4435 ? S  0:03  \_ MailScanner: checking with SpamAssassin
 5261 ? S  0:00  |   \_ MailScanner: checking with SpamAssassin
 5265 ? S  0:00  |       \_ /usr/bin/python /usr/bin/pyzor check
 4444 ? S  0:03  \_ MailScanner: waiting for messages
 4466 ? S  0:03  \_ MailScanner: waiting for messages
 4486 ? S  0:03  \_ MailScanner: waiting for messages
 4490 ? S  0:03  \_ MailScanner: virus scanning
 5268 ? Rs 0:00  |   \_ MailScanner: virus scanning
 4521 ? S  0:03  \_ MailScanner: waiting for messages



-Joshua

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From makkaichung at GMAIL.COM  Fri Dec  9 03:28:21 2005
From: makkaichung at GMAIL.COM (Adrian Mak)
Date: Thu Jan 12 21:31:29 2006
Subject: "Expand TNEF" should set yes or no ?
Message-ID: <mailman.17897.1137101489.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Refer to the document, set it 'yes' for other virus scanner and set it
'no' for sophos and mcafee virus scanner
But I used two virus engine, clamav and sophos, then what should I set
for this option ?
 
 
 
 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From alex at NKPANAMA.COM  Fri Dec  9 03:28:49 2005
From: alex at NKPANAMA.COM (Alex Neuman van der Hans)
Date: Thu Jan 12 21:31:29 2006
Subject: MailScanner: Beta release 4.49.1 -- process name feature
Message-ID: <mailman.17898.1137101489.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I'll give it a shot in a few places and let you guys know if I have any 
problems.

Joshua Hirsh wrote:

>>I Just installed on Centos 4.2, Using rpm, I had to revert back also!
>>even trying to start in debug there was no response from MailScanner.
>>    
>>
>
>
>The new beta works 100% on my CentOS 4.2 systems..
>
>[hirshj@psimf001 sbin]$ ps axf | grep MailScanner
> 4354 ? Ss 0:00 MailScanner: starting children
> 4355 ? S  0:03  \_ MailScanner: waiting for messages
> 4370 ? S  0:03  \_ MailScanner: waiting for messages
> 4424 ? S  0:03  \_ MailScanner: waiting for messages
> 4435 ? S  0:03  \_ MailScanner: checking with SpamAssassin
> 5261 ? S  0:00  |   \_ MailScanner: checking with SpamAssassin
> 5265 ? S  0:00  |       \_ /usr/bin/python /usr/bin/pyzor check
> 4444 ? S  0:03  \_ MailScanner: waiting for messages
> 4466 ? S  0:03  \_ MailScanner: waiting for messages
> 4486 ? S  0:03  \_ MailScanner: waiting for messages
> 4490 ? S  0:03  \_ MailScanner: virus scanning
> 5268 ? Rs 0:00  |   \_ MailScanner: virus scanning
> 4521 ? S  0:03  \_ MailScanner: waiting for messages
>
>
>
>-Joshua
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>  
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From taz at TAZ-MANIA.COM  Fri Dec  9 04:35:04 2005
From: taz at TAZ-MANIA.COM (Dennis Willson)
Date: Thu Jan 12 21:31:29 2006
Subject: Email Notifications
Message-ID: <mailman.17899.1137101489.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

You should install the "real" one from:

http://mailwatch.sourceforge.net/doku.php

ShaunM [MailShield] wrote:
> Dennis,
> 
> In the version I have that is written for cpanel there is no tools
> directory. Any ideas?
> 
> Thanks
> shaun
> 
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
> Of Dennis Willson
> Sent: Friday, 9 December 2005 4:08 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Email Notifications
> 
> In th tools directory... there's a file called quarantine_report.php
> Someone wrote a new report program called qr_new.php and should be in 
> the archives.
> 
> ShaunM [MailShield] wrote:
> 
> 
>>Dennis,
>>
>>I do actually use mailwatch as part of my system. However I do not see
> 
> where
> 
>>I can set that function up?
>>
>>Thanks
>>Shaun
>>
>>-----Original Message-----
>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> 
> Behalf
> 
>>Of Dennis Willson
>>Sent: Thursday, 8 December 2005 4:28 PM
>>To: MAILSCANNER@JISCMAIL.AC.UK
>>Subject: Re: Email Notifications
>>
>>If use MailWatch it will send an HTML notification... What it actually 
>>does is send a nightly email with the list of email that was 
>>quarantined. It then allows the user to request the email be released to 
>>them if they really want it. It also allows a user to set their own 
>>white and black lists.
>>
>>You should take a look at it.
>>
>>Shaun McGuane wrote:
>>
>> 
>>
>>
>>>Heyas,
>>>
>>>I have a question or 2 for this list. I hope you guys can help here.
>>>
>>>1. Is there a way to change the delivery notifications for blocked content
>>>and other various things to a html notification. I use mailscanner as a
>>>managed service and i would like to be able to notify using html not txt.
>>>   
>>>
>>
>>An
>> 
>>
>>
>>>example is the attachment that comes along on an email if something is
>>>blocked. I would prefer it just to send an email to the receipient or the
>>>sender to notify it was blocked for a reason and not the original message
>>>   
>>>
>>
>>be
>> 
>>
>>
>>>quarantined or deleted.
>>>
>>>2. Are there any people out there that can customise mailscanner and
>>>mailwatch to be able to provide reporting to my customers who use it. I am
>>>willing to pay for this as an addon or someone to program this. I feel
> 
> that
> 
>>>my customers should get a report each month that has my template of my
>>>business as a design and they can see all the pretty information such as
>>>   
>>>
>>
>>pie
>> 
>>
>>
>>>charts and breakdowns for there organisation.
>>>
>>>Thanks
>>>I look forward to your replies
>>>Shaun McGuane
>>>MailShield
>>>http://www.mailshield.com.au
>>>
>>>------------------------ MailScanner list ------------------------
>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>>'leave mailscanner' in the body of the email.
>>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>>Support MailScanner development - buy the book off the website!
>>>
>>>
>>>   
>>>
>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>Support MailScanner development - buy the book off the website!
>>
>>
>>---------------------------------------------------------------------------
> 
> -
> 
>>-----------------------
>>MailShield E-mail Anti-Virus, Anti-Spam and Content Filtering Service.
>>http://www.mailshield.com.au
>>
>>
>>
>>
>>
>>
>>
>>---------------------------------------------------------------------------
> 
> ------------------------
> 
>>MailShield E-mail Anti-Virus, Anti-Spam and Content Filtering Service.
> 
> http://www.mailshield.com.au
> 
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>Support MailScanner development - buy the book off the website!
>> 
>>
> 
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 
> 
> 
> 
> 
> ---------------------------------------------------------------------------------------------------
> MailShield E-mail Anti-Virus, Anti-Spam and Content Filtering Service. http://www.mailshield.com.au
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dmehler26 at woh.rr.com  Fri Dec  9 06:31:55 2005
From: dmehler26 at woh.rr.com (Dave)
Date: Thu Jan 12 21:31:29 2006
Subject: phishing increases
Message-ID: <mailman.17900.1137101489.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hello,
    I'm seeing an increase in phishing atempts. I'm running MS-4.46.2 on a 
freebsd6 box and here's my phishing-relevant mailscanner.conf settings:

Find Phishing Fraud = yes
Also Find Numeric Phishing = yes
Highlight Phishing Fraud = yes
Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf
Phishing Modify Subject = yes
Phishing Subject Text = {Fraud?}

In the safe sites file i haven't modified anything, is there more i can do? 
Particularly i'm seeing items from ebay, a bank which i don't do business 
with, and emails marked as postmaster undeliverable.
Thanks.
Dave. 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From smcguane at MAILSHIELD.COM.AU  Fri Dec  9 06:45:10 2005
From: smcguane at MAILSHIELD.COM.AU (ShaunM [MailShield])
Date: Thu Jan 12 21:31:29 2006
Subject: Email Notifications
Message-ID: <mailman.17901.1137101489.24926.mailscanner@lists.mailscanner.info>

Dennis,

I am going to have a crack at this tomorrow as it will be Saturday and mail
flow is slower then. 

I am hoping the other one that is installed wont interfere with the
installation.

Thanks
shaun

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Dennis Willson
Sent: Friday, 9 December 2005 3:35 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Email Notifications

You should install the "real" one from:

http://mailwatch.sourceforge.net/doku.php

ShaunM [MailShield] wrote:
> Dennis,
> 
> In the version I have that is written for cpanel there is no tools
> directory. Any ideas?
> 
> Thanks
> shaun
> 
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf
> Of Dennis Willson
> Sent: Friday, 9 December 2005 4:08 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Email Notifications
> 
> In th tools directory... there's a file called quarantine_report.php
> Someone wrote a new report program called qr_new.php and should be in 
> the archives.
> 
> ShaunM [MailShield] wrote:
> 
> 
>>Dennis,
>>
>>I do actually use mailwatch as part of my system. However I do not see
> 
> where
> 
>>I can set that function up?
>>
>>Thanks
>>Shaun
>>
>>-----Original Message-----
>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> 
> Behalf
> 
>>Of Dennis Willson
>>Sent: Thursday, 8 December 2005 4:28 PM
>>To: MAILSCANNER@JISCMAIL.AC.UK
>>Subject: Re: Email Notifications
>>
>>If use MailWatch it will send an HTML notification... What it actually 
>>does is send a nightly email with the list of email that was 
>>quarantined. It then allows the user to request the email be released to 
>>them if they really want it. It also allows a user to set their own 
>>white and black lists.
>>
>>You should take a look at it.
>>
>>Shaun McGuane wrote:
>>
>> 
>>
>>
>>>Heyas,
>>>
>>>I have a question or 2 for this list. I hope you guys can help here.
>>>
>>>1. Is there a way to change the delivery notifications for blocked
content
>>>and other various things to a html notification. I use mailscanner as a
>>>managed service and i would like to be able to notify using html not txt.
>>>   
>>>
>>
>>An
>> 
>>
>>
>>>example is the attachment that comes along on an email if something is
>>>blocked. I would prefer it just to send an email to the receipient or the
>>>sender to notify it was blocked for a reason and not the original message
>>>   
>>>
>>
>>be
>> 
>>
>>
>>>quarantined or deleted.
>>>
>>>2. Are there any people out there that can customise mailscanner and
>>>mailwatch to be able to provide reporting to my customers who use it. I
am
>>>willing to pay for this as an addon or someone to program this. I feel
> 
> that
> 
>>>my customers should get a report each month that has my template of my
>>>business as a design and they can see all the pretty information such as
>>>   
>>>
>>
>>pie
>> 
>>
>>
>>>charts and breakdowns for there organisation.
>>>
>>>Thanks
>>>I look forward to your replies
>>>Shaun McGuane
>>>MailShield
>>>http://www.mailshield.com.au
>>>
>>>------------------------ MailScanner list ------------------------
>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>>'leave mailscanner' in the body of the email.
>>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>>Support MailScanner development - buy the book off the website!
>>>
>>>
>>>   
>>>
>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>Support MailScanner development - buy the book off the website!
>>
>>
>>--------------------------------------------------------------------------
-
> 
> -
> 
>>-----------------------
>>MailShield E-mail Anti-Virus, Anti-Spam and Content Filtering Service.
>>http://www.mailshield.com.au
>>
>>
>>
>>
>>
>>
>>
>>--------------------------------------------------------------------------
-
> 
> ------------------------
> 
>>MailShield E-mail Anti-Virus, Anti-Spam and Content Filtering Service.
> 
> http://www.mailshield.com.au
> 
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>Support MailScanner development - buy the book off the website!
>> 
>>
> 
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 
> 
> 
> 
> 
>
----------------------------------------------------------------------------
-----------------------
> MailShield E-mail Anti-Virus, Anti-Spam and Content Filtering Service.
http://www.mailshield.com.au
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


----------------------------------------------------------------------------
-----------------------
MailShield E-mail Anti-Virus, Anti-Spam and Content Filtering Service.
http://www.mailshield.com.au







---------------------------------------------------------------------------------------------------
MailShield E-mail Anti-Virus, Anti-Spam and Content Filtering Service. http://www.mailshield.com.au

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Fri Dec  9 08:42:08 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:29 2006
Subject: MailScanner: Beta release 4.49.1 -- process name feature
Message-ID: <mailman.17902.1137101489.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----

With MailScanner not running, please can you send me
ps axww

On 9 Dec 2005, at 00:03, spam Control wrote:

> * PGP Bad Signature, Signed by a unverified key
>
>
>
> Scott Silva wrote on         Thu, 8 Dec 2005 14:20:51 -0800:
>
>> Did you download the SUSE install file
>
> Of course, yes ;-) It seems it didn't start up at all, no errors  
> logged. I
> had to revert back fast, so I couldn't play longer.
>
> I put it up on a CentOS system now. There it works. However, I  
> don't see a
> difference in ps:
> /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScanner
> /etc/MailScanner/MailScanner.conf
>
> Kai
>
>
> I Just installed on Centos 4.2, Using rpm, I had to revert back also!
> even trying to start in debug there was no response from MailScanner.
>
> Brian
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
> * Thawte Freemail Member <wubba@Vipershells.com>
> * Issuer: Thawte Consulting (Pty) Ltd. - Unverified
>

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBQ5lDYvw32o+k+q+hAQHafAf+NarXSQadSeUNnaXT7QpkIbD173Qpz79+
9JfbphgAC0AiBMmCFgnCWHCK+KbdAlVykb3i6sYt/4vJBR/ZGYbD8Tbkyo07NnG5
+wZU1imtEbUPQG0SfdYMhDfex6IPkjnBNsR7IXYZW+mfv6whQrXwY2q/rgbw93A9
TRt/yGXCdvxzD1F9UKMmJCZVGbaiq9xUT0A4Uo/PJvQJtScS42DD/2qR/ZBhPWRG
LceFhpF/2zrS5sfMVAh1XHslJWHJTQNHSlInhKRJ+ZErpeS/CGgGGKcI546NAWLq
mxqDsXB9JxxRPCCEiuD+BjaDTGTSfsRVDMbhHgD7N++yCqQpQeAhWw==
=luGh
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From martinh at SOLID-STATE-LOGIC.COM  Fri Dec  9 09:03:33 2005
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:31:29 2006
Subject: Slightly OT - Exim / Apache
Message-ID: <mailman.17903.1137101489.24926.mailscanner@lists.mailscanner.info>

Michele

Have you asked on the exim mailing list - they are almost as friendlt as
this list.

--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Michele Neylon :: Blacknight Solutions
> Sent: 08 December 2005 21:59
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: [MAILSCANNER] Slightly OT - Exim / Apache
> 
> Over the last few weeks the number of attacks on forms hosted on our
> servers
> has reached new levels
> Unfortunately the user id for the mail is set to apache, which makes
> tracking down the domain / user who has the vulnerable script very awkward
> 
> I know there are solutions for sendmail which allow you to setup some way
> of
> tracing it back easily, but we haven't found any such solution for exim...
> (we may be looking in the wrong places!)
> 
> If anybody has any such solution I would really appreciate them sharing a
> link
> 
> Regards
> 
> Michele
> 
> Mr Michele Neylon
> Blacknight Solutions
> Quality Business Hosting & Colocation
> http://www.blacknight.ie/
> Tel. 1850 927 280
> Intl. +353 (0) 59  9183072
> UK: 0870 163 0607
> Direct Dial: +353 (0)59 9183090
> Fax. +353 (0) 59  9164239
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Fri Dec  9 09:15:59 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:29 2006
Subject: "Expand TNEF" should set yes or no ?
Message-ID: <mailman.17904.1137101489.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Yes.It doesn't affect the functionality of sophos or mcafee, it just adds
an irrelevant step in the process. It will just burn a few CPU cycles
extra, it won't cause any damage.

On 9 Dec 2005, at 03:28, Adrian Mak wrote:

      Refer to the document, set it 'yes' for other virus scanner
      and set it 'no' for sophos and mcafee virus scanner
But I used two virus engine, clamav and sophos, then what should I
set for this option ?
 


-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


    [ Part 2, Application/PGP-SIGNATURE  498bytes. ]
    [ Unable to print this part. ]


From glenn.steen at GMAIL.COM  Fri Dec  9 09:36:40 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:29 2006
Subject: Feature Idea: MailScanner process name
Message-ID: <mailman.17905.1137101489.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 08/12/05, Ugo Bellavance <ugob@camo-route.com> wrote:
> Lewis Bergman wrote:
> > I like it.
> >
>
> Me too
>
> --
> Ugo
>
+me too.

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From martinh at SOLID-STATE-LOGIC.COM  Fri Dec  9 09:36:13 2005
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:31:29 2006
Subject: MailScanner: Beta release 4.49.1 -- process name feature
Message-ID: <mailman.17906.1137101489.24926.mailscanner@lists.mailscanner.info>

Jules

'ps' mod Works on FreeBSD....

# ps -auxww | grep MailScanner
<uname>   572  0.0  1.0 15660 15184  ??  Ss    9:17AM   0:00.01 MailScanner:
killing children, bwahaha! (perl)


ROFL....


Anyway I note my rc start script now complains in a egrep error.... seems to
do the job though.....

case "$1" in
start)
        [ -x /opt/MailScanner/bin/check_mailscanner ] &&\\ 
/opt/MailScanner/bin/check_mailscanner > /dev/null && \\ 
echo -n ' MailScanner'
;;

Gives 

egrep: Unmatched ( or \(

I guess this is line 93 in check_mailscanner that's the problem, with the
'(' just before the '$msbinddir

but carries on anyway...so that's a prob a side effect of the (perl) at the
end of the ps output.

can't comment on the Postfix mod as I don't run PF.

--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Julian Field
> Sent: 08 December 2005 19:45
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: [MAILSCANNER] MailScanner: Beta release 4.49.1 -- process name
> feature
> 
> I have just released beta version 4.49.1.
> The only changes in this release are
> 
> * New Features and Improvements *
> - Now changes the command line listed in `ps` (ie $0) to show what
>   MailScanner is doing. Should help diagnose slow system problems.
> 
> * Fixes *
> - Changed Postfix code to better support latest revision of Perl.
> 
> Please give the "ps" output a go and see if it works for you.
> 
> --
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> 
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> 
> 
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Fri Dec  9 09:48:14 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:29 2006
Subject: cannot install Mail::ClamAV perl module
Message-ID: <mailman.17907.1137101489.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 09/12/05, Alex Neuman van der Hans <alex@nkpanama.com> wrote:
> That was it. ldconfig. Anyways, I always edit the install.sh script and
> add "--enable-milter" to be able to use clamav-milter, and remove the
> --disable-zlib-vcheck because I *like* knowing when my zlib's out of
> date ;).

Thing is, some (perhaps demented:-) distros will have the patched zlib
installed, but will not have updated the zlib version number (weakness
of rpm package handling stategy there, to say the least.... Has seen
this with older versions of Mandriva). So to keep things as simple as
possible, I think Jules is doing the right thing, more or less.

> Would be nice to have those as a command line option, though.

Definitely. Choice is always good:-).

> >
> > Did you use my easy ClamAV+SpamAssassin install package? This fixes
> > this for you. You need to add /usr/local/lib to /etc/ld.so.conf and
> > run ldconfig by hand if you didn't.
> >

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Fri Dec  9 10:30:38 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:29 2006
Subject: MailScanner: Beta release 4.49.1 -- process name feature
Message-ID: <mailman.17908.1137101489.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----


On 9 Dec 2005, at 09:36, Martin Hepworth wrote:

> Jules
>
> 'ps' mod Works on FreeBSD....
>
> # ps -auxww | grep MailScanner
> <uname>   572  0.0  1.0 15660 15184  ??  Ss    9:17AM   0:00.01  
> MailScanner:
> killing children, bwahaha! (perl)
>
>
> ROFL....

I wondered how long it would take people to find that one :-)

>
>
> Anyway I note my rc start script now complains in a egrep error....  
> seems to
> do the job though.....
>
> case "$1" in
> start)
>         [ -x /opt/MailScanner/bin/check_mailscanner ] &&\\
> /opt/MailScanner/bin/check_mailscanner > /dev/null && \\
> echo -n ' MailScanner'
> ;;
>
> Gives
>
> egrep: Unmatched ( or \(
>
> I guess this is line 93 in check_mailscanner that's the problem,  
> with the
> '(' just before the '$msbinddir
>
> but carries on anyway...so that's a prob a side effect of the  
> (perl) at the
> end of the ps output.

I'll take a look.

>
> can't comment on the Postfix mod as I don't run PF.
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>> -----Original Message-----
>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
>> Behalf Of Julian Field
>> Sent: 08 December 2005 19:45
>> To: MAILSCANNER@JISCMAIL.AC.UK
>> Subject: [MAILSCANNER] MailScanner: Beta release 4.49.1 -- process  
>> name
>> feature
>>
>> I have just released beta version 4.49.1.
>> The only changes in this release are
>>
>> * New Features and Improvements *
>> - Now changes the command line listed in `ps` (ie $0) to show what
>>   MailScanner is doing. Should help diagnose slow system problems.
>>
>> * Fixes *
>> - Changed Postfix code to better support latest revision of Perl.
>>
>> Please give the "ps" output a go and see if it works for you.
>>
>> --
>> Julian Field
>> www.MailScanner.info
>> Buy the MailScanner book at www.MailScanner.info/store
>> Professional Support Services at www.MailScanner.biz
>> MailScanner thanks transtec Computers for their support
>>
>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>
>>
>> --
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>
>
> **********************************************************************
>
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
>
> This footnote confirms that this email message has been swept
> for the presence of computer viruses and is believed to be clean.	
>
> **********************************************************************
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBQ5lc0Pw32o+k+q+hAQGaTggAicQj1V5JoE9/crsjNFBBF2wxBZ2QZY1r
nuQaZD+EtkXn2dYaLTG3L/ALldI/xmNnbgIrhJUXcQKo0Gbo7rOZtmVeePSDGLVx
R8bHWEw6D52Vv5LRV/lgBk/ZlIu3wcvCQe5R1dr5eVA2ToV+ZItNGxTXEL6/bTJI
+UEVcvLT0vnef29EAtJYjN5wCMvXOdr1xi/lyrJxdqkGSCsM2xpgRV40RAHwL55P
myzRNCAJv4OC+CbHlQgO0Mt4m6t8IL6uOH16MjznQ8tGyFYVKaEfAceVFv8kl8q2
yh/tWOCgj+/0pB/75l4z50NtriMq1K2MaERGa7f5GOo/0iz9Cs8JyA==
=Ccq7
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From t.suter at AM-IMPACT.NL  Fri Dec  9 10:41:44 2005
From: t.suter at AM-IMPACT.NL (A&M ImpacT [T. Suter])
Date: Thu Jan 12 21:31:29 2006
Subject: Problem with scanning mail
Message-ID: <mailman.17909.1137101489.24926.mailscanner@lists.mailscanner.info>

My Mailscanner configuration doesn't seen to scan mail properly with clamav.


It kept saying:  
Unscanned: Delivered 1 messages

When I switch to debug mode mailscanner tells me:
Dec  9 11:02:27 localhost MailScanner[1029]: New Batch: Forwarding 1
unscanned messages, 16729 bytes
Dec  9 11:02:27 localhost MailScanner[1029]: Spam Checks: Starting
Dec  9 11:02:29 localhost MailScanner[1029]: SpamAssassin returned 0
Dec  9 11:02:29 localhost MailScanner[1029]: About to deliver 1 messages
Dec  9 11:02:29 localhost MailScanner[1029]: Unscanned: Delivered 1 messages
Dec  9 11:02:29 localhost MailScanner[1029]: Created attachment dirs for 0
messages
Dec  9 11:02:29 localhost MailScanner[1029]: Virus and Content Scanning:
Starting
Dec  9 11:02:29 localhost MailScanner[1029]: Commencing scanning by
clamav...

The spam checks go ok, but somehow things get messed up after this. It
doesn't scan any mail. It sais: Created attachment dirs for 0 messages. That
sounds strange to me.

I'm using Mailscanner 4.22 (I know it is old, but I need to stick to this
one)
Clamav version 0.87

I hope that anyone can help. Searching the web didn't brought me a solution.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Fri Dec  9 10:53:29 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:29 2006
Subject: MailScanner: Beta release 4.49.1 -- process name feature
Message-ID: <mailman.17910.1137101489.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----


On 9 Dec 2005, at 10:30, Julian Field wrote:

> * PGP Signed: 12/09/05 at 10:30:40
>
>
> On 9 Dec 2005, at 09:36, Martin Hepworth wrote:
>
>>
>>         [ -x /opt/MailScanner/bin/check_mailscanner ] &&\\
>> /opt/MailScanner/bin/check_mailscanner > /dev/null && \\
>> echo -n ' MailScanner'
>> ;;
>>
>> Gives
>>
>> egrep: Unmatched ( or \(
>>
>> I guess this is line 93 in check_mailscanner that's the problem,  
>> with the
>> '(' just before the '$msbinddir
>>
>> but carries on anyway...so that's a prob a side effect of the  
>> (perl) at the
>> end of the ps output.
>
> I'll take a look.

Download the -2 release, this should be fixed already.


- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBQ5liK/w32o+k+q+hAQFDcwf/VlWSf6YHB/zsG1ioEr/fYpRWZbWLpjSS
5vtxR2GjrssKySLgoDl6AK0jpPvR52thYk1GMURE2dLHtK+Jco0P0T5/EadeYjb4
Q34fISzA+gkdceyYpmVhNVpyQh46shsVJvEz3e261FElTioWRuLGEfECSGrXvWbm
6bVFCpd9YoiRRlf59E3N2dzHDavTzcXlVdsPxRBeXvMB0nFhvBjjt9Dgm7aGfwIY
ELIF2hjfpaH5b5kNhfs+QXM3vN9V7nGcAbAH02ygoqhVSr8dVYs//efIOMoqNgyE
G7CCYaCXvZttLzx7+yw5KAveESeElP1ZOXnG9wMbsHloZuxD96ao2w==
=vr+B
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Fri Dec  9 11:02:44 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:29 2006
Subject: Problem with scanning mail
Message-ID: <mailman.17911.1137101489.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----

That's because it is set to not scan the message that came in.

On 9 Dec 2005, at 10:41, A&M ImpacT [T. Suter] wrote:

> My Mailscanner configuration doesn't seen to scan mail properly  
> with clamav.
>
>
> It kept saying:
> Unscanned: Delivered 1 messages
>
> When I switch to debug mode mailscanner tells me:
> Dec  9 11:02:27 localhost MailScanner[1029]: New Batch: Forwarding 1
> unscanned messages, 16729 bytes
> Dec  9 11:02:27 localhost MailScanner[1029]: Spam Checks: Starting
> Dec  9 11:02:29 localhost MailScanner[1029]: SpamAssassin returned 0
> Dec  9 11:02:29 localhost MailScanner[1029]: About to deliver 1  
> messages
> Dec  9 11:02:29 localhost MailScanner[1029]: Unscanned: Delivered 1  
> messages
> Dec  9 11:02:29 localhost MailScanner[1029]: Created attachment  
> dirs for 0
> messages
> Dec  9 11:02:29 localhost MailScanner[1029]: Virus and Content  
> Scanning:
> Starting
> Dec  9 11:02:29 localhost MailScanner[1029]: Commencing scanning by
> clamav...
>
> The spam checks go ok, but somehow things get messed up after this. It
> doesn't scan any mail. It sais: Created attachment dirs for 0  
> messages. That
> sounds strange to me.
>
> I'm using Mailscanner 4.22 (I know it is old, but I need to stick  
> to this
> one)
> Clamav version 0.87
>
> I hope that anyone can help. Searching the web didn't brought me a  
> solution.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBQ5lkV/w32o+k+q+hAQH3GQf/QLRD8w02TxM9KwofKQhwJjR3aa3eI2yg
jeELb37cNBzWEo2zuUql8KKkeksMEQHSA9rXXQQQOQPIQPOxLK3D2mELNrr4hJBG
BDTlLPkgOwbjyd58D2EKT5eUpZfb00vp92p4bhF7pLArc9owfv7E/RtgisPPQxxt
t4KEKgXBB5OTZR9oKf6zyUNR/YTHZXOI4iheWZ/TEUuLHtuJcy+hF7/P7dTswQKO
kRc8YuuPHrYyr/c8p5+tZpPHxnqQMw8kld5K2plKCzwCxugF7UQn1KE5yb4kawGY
i52ANTIiHOP0TCGf8bMAyff/fpKmXM4J5ZMXVRKDNVX2Zmg78XIfzQ==
=V/hv
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From martinh at SOLID-STATE-LOGIC.COM  Fri Dec  9 11:02:23 2005
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:31:29 2006
Subject: MailScanner: Beta release 4.49.1 -- process name feature
Message-ID: <mailman.17912.1137101489.24926.mailscanner@lists.mailscanner.info>

Jules

I did - I downloaded 

http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/tar/MailScanner-install-4
.49.1-2.tar.gz



--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Julian Field
> Sent: 09 December 2005 10:53
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: [MAILSCANNER] MailScanner: Beta release 4.49.1 -- process
> name feature
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> 
> On 9 Dec 2005, at 10:30, Julian Field wrote:
> 
> > * PGP Signed: 12/09/05 at 10:30:40
> >
> >
> > On 9 Dec 2005, at 09:36, Martin Hepworth wrote:
> >
> >>
> >>         [ -x /opt/MailScanner/bin/check_mailscanner ] &&\\
> >> /opt/MailScanner/bin/check_mailscanner > /dev/null && \\
> >> echo -n ' MailScanner'
> >> ;;
> >>
> >> Gives
> >>
> >> egrep: Unmatched ( or \(
> >>
> >> I guess this is line 93 in check_mailscanner that's the problem,
> >> with the
> >> '(' just before the '$msbinddir
> >>
> >> but carries on anyway...so that's a prob a side effect of the
> >> (perl) at the
> >> end of the ps output.
> >
> > I'll take a look.
> 
> Download the -2 release, this should be fixed already.
> 
> 
> - --
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.0.3 (Build 2932)
> 
> iQEVAwUBQ5liK/w32o+k+q+hAQFDcwf/VlWSf6YHB/zsG1ioEr/fYpRWZbWLpjSS
> 5vtxR2GjrssKySLgoDl6AK0jpPvR52thYk1GMURE2dLHtK+Jco0P0T5/EadeYjb4
> Q34fISzA+gkdceyYpmVhNVpyQh46shsVJvEz3e261FElTioWRuLGEfECSGrXvWbm
> 6bVFCpd9YoiRRlf59E3N2dzHDavTzcXlVdsPxRBeXvMB0nFhvBjjt9Dgm7aGfwIY
> ELIF2hjfpaH5b5kNhfs+QXM3vN9V7nGcAbAH02ygoqhVSr8dVYs//efIOMoqNgyE
> G7CCYaCXvZttLzx7+yw5KAveESeElP1ZOXnG9wMbsHloZuxD96ao2w==
> =vr+B
> -----END PGP SIGNATURE-----
> 
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Fri Dec  9 11:07:00 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:29 2006
Subject: MailScanner: Beta release 4.49.1 -- process name feature
Message-ID: <mailman.17913.1137101489.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----

Most strange. It should say this:

else
     # not BSD; everything else seems to do POSIX
     pid=`COLUMNS=500 $PS -ef |
          $EGREP '([ ]'$msbindir/$process')|'$process'[:]' |
          $AWK '{print $2}'`
fi

On 9 Dec 2005, at 11:02, Martin Hepworth wrote:

> Jules
>
> I did - I downloaded
>
> http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/tar/MailScanner- 
> install-4
> .49.1-2.tar.gz
>
>
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>> -----Original Message-----
>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
>> Behalf Of Julian Field
>> Sent: 09 December 2005 10:53
>> To: MAILSCANNER@JISCMAIL.AC.UK
>> Subject: Re: [MAILSCANNER] MailScanner: Beta release 4.49.1 --  
>> process
>> name feature
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>>
>>
>> On 9 Dec 2005, at 10:30, Julian Field wrote:
>>
>>>> Old Signed: 12/09/05 at 10:30:40
>>>
>>>
>>> On 9 Dec 2005, at 09:36, Martin Hepworth wrote:
>>>
>>>>
>>>>         [ -x /opt/MailScanner/bin/check_mailscanner ] &&\\
>>>> /opt/MailScanner/bin/check_mailscanner > /dev/null && \\
>>>> echo -n ' MailScanner'
>>>> ;;
>>>>
>>>> Gives
>>>>
>>>> egrep: Unmatched ( or \(
>>>>
>>>> I guess this is line 93 in check_mailscanner that's the problem,
>>>> with the
>>>> '(' just before the '$msbinddir
>>>>
>>>> but carries on anyway...so that's a prob a side effect of the
>>>> (perl) at the
>>>> end of the ps output.
>>>
>>> I'll take a look.
>>
>> Download the -2 release, this should be fixed already.
>>
>>
>> - --
>> Julian Field
>> www.MailScanner.info
>> Buy the MailScanner book at www.MailScanner.info/store
>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: PGP Desktop 9.0.3 (Build 2932)
>>
>> iQEVAwUBQ5liK/w32o+k+q+hAQFDcwf/VlWSf6YHB/zsG1ioEr/fYpRWZbWLpjSS
>> 5vtxR2GjrssKySLgoDl6AK0jpPvR52thYk1GMURE2dLHtK+Jco0P0T5/EadeYjb4
>> Q34fISzA+gkdceyYpmVhNVpyQh46shsVJvEz3e261FElTioWRuLGEfECSGrXvWbm
>> 6bVFCpd9YoiRRlf59E3N2dzHDavTzcXlVdsPxRBeXvMB0nFhvBjjt9Dgm7aGfwIY
>> ELIF2hjfpaH5b5kNhfs+QXM3vN9V7nGcAbAH02ygoqhVSr8dVYs//efIOMoqNgyE
>> G7CCYaCXvZttLzx7+yw5KAveESeElP1ZOXnG9wMbsHloZuxD96ao2w==
>> =vr+B
>> -----END PGP SIGNATURE-----
>>
>> --
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>
>
> **********************************************************************
>
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
>
> This footnote confirms that this email message has been swept
> for the presence of computer viruses and is believed to be clean.	
>
> **********************************************************************
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBQ5llVvw32o+k+q+hAQEwRwgAuedEEBJl+gFNsLiGZtxP29RFtr6Aaql/
JsZK/S2bIdblyP9d5JG41iaygdEHoSWHhBMIvOd75EQCiw9sX2iBQZd9qH3cH2Lj
jr35AR0hysEy8yAKhhOFODwIxCx0Y1avGOpMt8uxJPCCba2OlI7vr0Webg/0OpmU
H6ycyZInDtxPfutC7Rb/WpE9G1LFxa8+3isI1Y4UNsxbJwQzxR5aAlHgObXu27Zg
5R6BbCZC93mgqSA4dsISD3dsBlPhnHVt00Q3+RDxacxUVH3Qg7HjSn1INn41W7fI
nE451UEUx8eE0MbDTQx0DICcDzZroofOhoznDLpe7pYekuoNF8mDlg==
=Es5O
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From martinh at SOLID-STATE-LOGIC.COM  Fri Dec  9 11:15:06 2005
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:31:29 2006
Subject: MailScanner: Beta release 4.49.1 -- process name feature
Message-ID: <mailman.17914.1137101489.24926.mailscanner@lists.mailscanner.info>

Jules

Further up - the BSD section at line 93...

elif $UNAME | $FGREP "BSD" >/dev/null ; then
    pid=`$PS -axww |
         $EGREP '[ ]('$msbindir/$process'|'$process'[:]' |
         $AWK '{print $1}'`

The ( after $EGREP '[ ] should not be there..

--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Julian Field
> Sent: 09 December 2005 11:07
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: [MAILSCANNER] MailScanner: Beta release 4.49.1 -- process
> name feature
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> Most strange. It should say this:
> 
> else
>      # not BSD; everything else seems to do POSIX
>      pid=`COLUMNS=500 $PS -ef |
>           $EGREP '([ ]'$msbindir/$process')|'$process'[:]' |
>           $AWK '{print $2}'`
> fi
> 
> On 9 Dec 2005, at 11:02, Martin Hepworth wrote:
> 
> > Jules
> >
> > I did - I downloaded
> >
> > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/tar/MailScanner-
> > install-4
> > .49.1-2.tar.gz
> >
> >
> >
> > --
> > Martin Hepworth
> > Snr Systems Administrator
> > Solid State Logic
> > Tel: +44 (0)1865 842300
> >
> >> -----Original Message-----
> >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> >> Behalf Of Julian Field
> >> Sent: 09 December 2005 10:53
> >> To: MAILSCANNER@JISCMAIL.AC.UK
> >> Subject: Re: [MAILSCANNER] MailScanner: Beta release 4.49.1 --
> >> process
> >> name feature
> >>
> >> -----BEGIN PGP SIGNED MESSAGE-----
> >>
> >>
> >> On 9 Dec 2005, at 10:30, Julian Field wrote:
> >>
> >>>> Old Signed: 12/09/05 at 10:30:40
> >>>
> >>>
> >>> On 9 Dec 2005, at 09:36, Martin Hepworth wrote:
> >>>
> >>>>
> >>>>         [ -x /opt/MailScanner/bin/check_mailscanner ] &&\\
> >>>> /opt/MailScanner/bin/check_mailscanner > /dev/null && \\
> >>>> echo -n ' MailScanner'
> >>>> ;;
> >>>>
> >>>> Gives
> >>>>
> >>>> egrep: Unmatched ( or \(
> >>>>
> >>>> I guess this is line 93 in check_mailscanner that's the problem,
> >>>> with the
> >>>> '(' just before the '$msbinddir
> >>>>
> >>>> but carries on anyway...so that's a prob a side effect of the
> >>>> (perl) at the
> >>>> end of the ps output.
> >>>
> >>> I'll take a look.
> >>
> >> Download the -2 release, this should be fixed already.
> >>
> >>
> >> - --
> >> Julian Field
> >> www.MailScanner.info
> >> Buy the MailScanner book at www.MailScanner.info/store
> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> >>
> >>
> >> -----BEGIN PGP SIGNATURE-----
> >> Version: PGP Desktop 9.0.3 (Build 2932)
> >>
> >> iQEVAwUBQ5liK/w32o+k+q+hAQFDcwf/VlWSf6YHB/zsG1ioEr/fYpRWZbWLpjSS
> >> 5vtxR2GjrssKySLgoDl6AK0jpPvR52thYk1GMURE2dLHtK+Jco0P0T5/EadeYjb4
> >> Q34fISzA+gkdceyYpmVhNVpyQh46shsVJvEz3e261FElTioWRuLGEfECSGrXvWbm
> >> 6bVFCpd9YoiRRlf59E3N2dzHDavTzcXlVdsPxRBeXvMB0nFhvBjjt9Dgm7aGfwIY
> >> ELIF2hjfpaH5b5kNhfs+QXM3vN9V7nGcAbAH02ygoqhVSr8dVYs//efIOMoqNgyE
> >> G7CCYaCXvZttLzx7+yw5KAveESeElP1ZOXnG9wMbsHloZuxD96ao2w==
> >> =vr+B
> >> -----END PGP SIGNATURE-----
> >>
> >> --
> >> This message has been scanned for viruses and
> >> dangerous content by MailScanner, and is
> >> believed to be clean.
> >>
> >> ------------------------ MailScanner list ------------------------
> >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> >> 'leave mailscanner' in the body of the email.
> >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >>
> >> Support MailScanner development - buy the book off the website!
> >
> >
> > **********************************************************************
> >
> > This email and any files transmitted with it are confidential and
> > intended solely for the use of the individual or entity to whom they
> > are addressed. If you have received this email in error please notify
> > the system manager.
> >
> > This footnote confirms that this email message has been swept
> > for the presence of computer viruses and is believed to be clean.
> >
> > **********************************************************************
> >
> > ------------------------ MailScanner list ------------------------
> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> > Support MailScanner development - buy the book off the website!
> 
> - --
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.0.3 (Build 2932)
> 
> iQEVAwUBQ5llVvw32o+k+q+hAQEwRwgAuedEEBJl+gFNsLiGZtxP29RFtr6Aaql/
> JsZK/S2bIdblyP9d5JG41iaygdEHoSWHhBMIvOd75EQCiw9sX2iBQZd9qH3cH2Lj
> jr35AR0hysEy8yAKhhOFODwIxCx0Y1avGOpMt8uxJPCCba2OlI7vr0Webg/0OpmU
> H6ycyZInDtxPfutC7Rb/WpE9G1LFxa8+3isI1Y4UNsxbJwQzxR5aAlHgObXu27Zg
> 5R6BbCZC93mgqSA4dsISD3dsBlPhnHVt00Q3+RDxacxUVH3Qg7HjSn1INn41W7fI
> nE451UEUx8eE0MbDTQx0DICcDzZroofOhoznDLpe7pYekuoNF8mDlg==
> =Es5O
> -----END PGP SIGNATURE-----
> 
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From martinh at SOLID-STATE-LOGIC.COM  Fri Dec  9 11:16:45 2005
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:31:30 2006
Subject: MailScanner: Beta release 4.49.1 -- process name feature
Message-ID: <mailman.17915.1137101489.24926.mailscanner@lists.mailscanner.info>

Jules

For comparison 4.48 has this in that section..

elif $UNAME | $FGREP "BSD" >/dev/null ; then
    pid=`$PS -axww |
         $GREP '[ ]'$msbindir/$process |
         $AWK '{print $1}'`

--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Julian Field
> Sent: 09 December 2005 11:07
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: [MAILSCANNER] MailScanner: Beta release 4.49.1 -- process
> name feature
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> Most strange. It should say this:
> 
> else
>      # not BSD; everything else seems to do POSIX
>      pid=`COLUMNS=500 $PS -ef |
>           $EGREP '([ ]'$msbindir/$process')|'$process'[:]' |
>           $AWK '{print $2}'`
> fi
> 
> On 9 Dec 2005, at 11:02, Martin Hepworth wrote:
> 
> > Jules
> >
> > I did - I downloaded
> >
> > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/tar/MailScanner-
> > install-4
> > .49.1-2.tar.gz
> >
> >
> >
> > --
> > Martin Hepworth
> > Snr Systems Administrator
> > Solid State Logic
> > Tel: +44 (0)1865 842300
> >
> >> -----Original Message-----
> >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> >> Behalf Of Julian Field
> >> Sent: 09 December 2005 10:53
> >> To: MAILSCANNER@JISCMAIL.AC.UK
> >> Subject: Re: [MAILSCANNER] MailScanner: Beta release 4.49.1 --
> >> process
> >> name feature
> >>
> >> -----BEGIN PGP SIGNED MESSAGE-----
> >>
> >>
> >> On 9 Dec 2005, at 10:30, Julian Field wrote:
> >>
> >>>> Old Signed: 12/09/05 at 10:30:40
> >>>
> >>>
> >>> On 9 Dec 2005, at 09:36, Martin Hepworth wrote:
> >>>
> >>>>
> >>>>         [ -x /opt/MailScanner/bin/check_mailscanner ] &&\\
> >>>> /opt/MailScanner/bin/check_mailscanner > /dev/null && \\
> >>>> echo -n ' MailScanner'
> >>>> ;;
> >>>>
> >>>> Gives
> >>>>
> >>>> egrep: Unmatched ( or \(
> >>>>
> >>>> I guess this is line 93 in check_mailscanner that's the problem,
> >>>> with the
> >>>> '(' just before the '$msbinddir
> >>>>
> >>>> but carries on anyway...so that's a prob a side effect of the
> >>>> (perl) at the
> >>>> end of the ps output.
> >>>
> >>> I'll take a look.
> >>
> >> Download the -2 release, this should be fixed already.
> >>
> >>
> >> - --
> >> Julian Field
> >> www.MailScanner.info
> >> Buy the MailScanner book at www.MailScanner.info/store
> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> >>
> >>
> >> -----BEGIN PGP SIGNATURE-----
> >> Version: PGP Desktop 9.0.3 (Build 2932)
> >>
> >> iQEVAwUBQ5liK/w32o+k+q+hAQFDcwf/VlWSf6YHB/zsG1ioEr/fYpRWZbWLpjSS
> >> 5vtxR2GjrssKySLgoDl6AK0jpPvR52thYk1GMURE2dLHtK+Jco0P0T5/EadeYjb4
> >> Q34fISzA+gkdceyYpmVhNVpyQh46shsVJvEz3e261FElTioWRuLGEfECSGrXvWbm
> >> 6bVFCpd9YoiRRlf59E3N2dzHDavTzcXlVdsPxRBeXvMB0nFhvBjjt9Dgm7aGfwIY
> >> ELIF2hjfpaH5b5kNhfs+QXM3vN9V7nGcAbAH02ygoqhVSr8dVYs//efIOMoqNgyE
> >> G7CCYaCXvZttLzx7+yw5KAveESeElP1ZOXnG9wMbsHloZuxD96ao2w==
> >> =vr+B
> >> -----END PGP SIGNATURE-----
> >>
> >> --
> >> This message has been scanned for viruses and
> >> dangerous content by MailScanner, and is
> >> believed to be clean.
> >>
> >> ------------------------ MailScanner list ------------------------
> >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> >> 'leave mailscanner' in the body of the email.
> >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >>
> >> Support MailScanner development - buy the book off the website!
> >
> >
> > **********************************************************************
> >
> > This email and any files transmitted with it are confidential and
> > intended solely for the use of the individual or entity to whom they
> > are addressed. If you have received this email in error please notify
> > the system manager.
> >
> > This footnote confirms that this email message has been swept
> > for the presence of computer viruses and is believed to be clean.
> >
> > **********************************************************************
> >
> > ------------------------ MailScanner list ------------------------
> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> > Support MailScanner development - buy the book off the website!
> 
> - --
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.0.3 (Build 2932)
> 
> iQEVAwUBQ5llVvw32o+k+q+hAQEwRwgAuedEEBJl+gFNsLiGZtxP29RFtr6Aaql/
> JsZK/S2bIdblyP9d5JG41iaygdEHoSWHhBMIvOd75EQCiw9sX2iBQZd9qH3cH2Lj
> jr35AR0hysEy8yAKhhOFODwIxCx0Y1avGOpMt8uxJPCCba2OlI7vr0Webg/0OpmU
> H6ycyZInDtxPfutC7Rb/WpE9G1LFxa8+3isI1Y4UNsxbJwQzxR5aAlHgObXu27Zg
> 5R6BbCZC93mgqSA4dsISD3dsBlPhnHVt00Q3+RDxacxUVH3Qg7HjSn1INn41W7fI
> nE451UEUx8eE0MbDTQx0DICcDzZroofOhoznDLpe7pYekuoNF8mDlg==
> =Es5O
> -----END PGP SIGNATURE-----
> 
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From t.suter at AM-IMPACT.NL  Fri Dec  9 11:18:20 2005
From: t.suter at AM-IMPACT.NL (A&M ImpacT [T. Suter])
Date: Thu Jan 12 21:31:30 2006
Subject: Problem with scanning mail
Message-ID: <mailman.17916.1137101490.24926.mailscanner@lists.mailscanner.info>

Thanks for your reply.
And how can I check where exactly that is set? 

-----Oorspronkelijk bericht-----
Van: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] Namens
Julian Field
Verzonden: vrijdag 9 december 2005 12:03
Aan: MAILSCANNER@JISCMAIL.AC.UK
Onderwerp: Re: Problem with scanning mail

-----BEGIN PGP SIGNED MESSAGE-----

That's because it is set to not scan the message that came in.

On 9 Dec 2005, at 10:41, A&M ImpacT [T. Suter] wrote:

> My Mailscanner configuration doesn't seen to scan mail properly  
> with clamav.
>
>
> It kept saying:
> Unscanned: Delivered 1 messages
>
> When I switch to debug mode mailscanner tells me:
> Dec  9 11:02:27 localhost MailScanner[1029]: New Batch: Forwarding 1
> unscanned messages, 16729 bytes
> Dec  9 11:02:27 localhost MailScanner[1029]: Spam Checks: Starting
> Dec  9 11:02:29 localhost MailScanner[1029]: SpamAssassin returned 0
> Dec  9 11:02:29 localhost MailScanner[1029]: About to deliver 1  
> messages
> Dec  9 11:02:29 localhost MailScanner[1029]: Unscanned: Delivered 1  
> messages
> Dec  9 11:02:29 localhost MailScanner[1029]: Created attachment  
> dirs for 0
> messages
> Dec  9 11:02:29 localhost MailScanner[1029]: Virus and Content  
> Scanning:
> Starting
> Dec  9 11:02:29 localhost MailScanner[1029]: Commencing scanning by
> clamav...
>
> The spam checks go ok, but somehow things get messed up after this. It
> doesn't scan any mail. It sais: Created attachment dirs for 0  
> messages. That
> sounds strange to me.
>
> I'm using Mailscanner 4.22 (I know it is old, but I need to stick  
> to this
> one)
> Clamav version 0.87
>
> I hope that anyone can help. Searching the web didn't brought me a  
> solution.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBQ5lkV/w32o+k+q+hAQH3GQf/QLRD8w02TxM9KwofKQhwJjR3aa3eI2yg
jeELb37cNBzWEo2zuUql8KKkeksMEQHSA9rXXQQQOQPIQPOxLK3D2mELNrr4hJBG
BDTlLPkgOwbjyd58D2EKT5eUpZfb00vp92p4bhF7pLArc9owfv7E/RtgisPPQxxt
t4KEKgXBB5OTZR9oKf6zyUNR/YTHZXOI4iheWZ/TEUuLHtuJcy+hF7/P7dTswQKO
kRc8YuuPHrYyr/c8p5+tZpPHxnqQMw8kld5K2plKCzwCxugF7UQn1KE5yb4kawGY
i52ANTIiHOP0TCGf8bMAyff/fpKmXM4J5ZMXVRKDNVX2Zmg78XIfzQ==
=V/hv
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Fri Dec  9 11:21:58 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:30 2006
Subject: Problem with scanning mail
Message-ID: <mailman.17917.1137101490.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----

MailScanner.conf. The "Virus Scanning" setting to start with.

On 9 Dec 2005, at 11:18, A&M ImpacT [T. Suter] wrote:

> Thanks for your reply.
> And how can I check where exactly that is set?
>
> -----Oorspronkelijk bericht-----
> Van: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]  
> Namens
> Julian Field
> Verzonden: vrijdag 9 december 2005 12:03
> Aan: MAILSCANNER@JISCMAIL.AC.UK
> Onderwerp: Re: Problem with scanning mail
>
> * PGP Signed by an unmatched address: 12/09/05 at 11:02:47
>
> That's because it is set to not scan the message that came in.
>
> On 9 Dec 2005, at 10:41, A&M ImpacT [T. Suter] wrote:
>
>> My Mailscanner configuration doesn't seen to scan mail properly
>> with clamav.
>>
>>
>> It kept saying:
>> Unscanned: Delivered 1 messages
>>
>> When I switch to debug mode mailscanner tells me:
>> Dec  9 11:02:27 localhost MailScanner[1029]: New Batch: Forwarding 1
>> unscanned messages, 16729 bytes
>> Dec  9 11:02:27 localhost MailScanner[1029]: Spam Checks: Starting
>> Dec  9 11:02:29 localhost MailScanner[1029]: SpamAssassin returned 0
>> Dec  9 11:02:29 localhost MailScanner[1029]: About to deliver 1
>> messages
>> Dec  9 11:02:29 localhost MailScanner[1029]: Unscanned: Delivered 1
>> messages
>> Dec  9 11:02:29 localhost MailScanner[1029]: Created attachment
>> dirs for 0
>> messages
>> Dec  9 11:02:29 localhost MailScanner[1029]: Virus and Content
>> Scanning:
>> Starting
>> Dec  9 11:02:29 localhost MailScanner[1029]: Commencing scanning by
>> clamav...
>>
>> The spam checks go ok, but somehow things get messed up after  
>> this. It
>> doesn't scan any mail. It sais: Created attachment dirs for 0
>> messages. That
>> sounds strange to me.
>>
>> I'm using Mailscanner 4.22 (I know it is old, but I need to stick
>> to this
>> one)
>> Clamav version 0.87
>>
>> I hope that anyone can help. Searching the web didn't brought me a
>> solution.
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>
> -- 
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
> * Julian Field <MailScanner@ecs.soton.ac.uk>
> * 0xA4FAAFA1 (L)
>
>
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBQ5lo2Pw32o+k+q+hAQFYDwf/ZRKM9yoGOA1sjVeP7CITiFPwAzS+euiv
WxOTj3VWh8o2rVaLau2pebiBI0mWRsbeWvj1meQbXI80vu4epwM92V1+jYPIWrwA
2s0pzK7O79obMzN0D16HdxlNnfa7qvSZsjqvlJYk6VJLLlt5CUVfFQwvxZKW3QYG
X9y0pniVG1HRBlP5y1am1KSzzFbsOoY+G7LQTOgMfPZ75ladgEdbWYGKvK2g0KQq
M5HpIJsCKSApnBCZjyl9rihBJTehYuCl75lr596agjeGKHC4aLT+lZTekke6SZl3
GD3IMec/nehFvdQTaXCHlA79WMQJqiayzSa6dAZvtrZ6o+ZHOjDrCw==
=hyIO
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Fri Dec  9 11:31:19 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:30 2006
Subject: MailScanner: Beta release 4.49.1 -- process name feature
Message-ID: <mailman.17918.1137101490.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote on         Fri, 9 Dec 2005 08:42:08 +0000:

> With MailScanner not running, please can you send me 
> ps axww

Without doing anything else the first ps ax shows the correct output 
today. I suspect that the restart didn't work correctly, so that a single 
instance of the old version kept running until the next automatic restart.

That's for CentOS. Anyone tried the new version on Suse 9.x yet?

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Fri Dec  9 11:39:54 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:30 2006
Subject: MailScanner: Beta release 4.49.1 -- process name feature
Message-ID: <mailman.17919.1137101490.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----


On 9 Dec 2005, at 11:31, Kai Schaetzl wrote:

> Julian Field wrote on         Fri, 9 Dec 2005 08:42:08 +0000:
>
>> With MailScanner not running, please can you send me
>> ps axww
>
> Without doing anything else the first ps ax shows the correct output
> today. I suspect that the restart didn't work correctly, so that a  
> single
> instance of the old version kept running until the next automatic  
> restart.
>
> That's for CentOS. Anyone tried the new version on Suse 9.x yet?

No, not yet. If I have the time this weekend I will see if I still  
have SuSE9, SuSE10, Solaris and FreeBSD on my laptop.

Must save up for bigger disk. Don't suppose anyone wants to buy me one?


- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBQ5ltDPw32o+k+q+hAQFuoAf7Bb+NQqlVkQcy8AhWZS667OU2sqa5UTWt
q+AhCWfsgKBNQvCZj5dzo5ZJUhuiu7tEbjSKgBGt9Wa9kkP/cCpj3AZHE3/Nsm3h
yFkTgUDlOdiO1pkZxCdJUa0AfIssY7mc8FZiAa1eqjDqa5ZVWd48zJt+d4uhfFEY
ubxgoUVY1t8ZwaOSUNihnptkU2UThRlJflNiXXLKEnrrSn21Lcvda8anMdcwO77C
VhZqpms9dncXAFp84/lAFHMtsw4b1dXrqmY1IVhUyc9um2I7qzjmoZ9mtJA8luu/
cUeN5YPQNwcKl7jmst320Un5/x4NXzZHYKVJ1qAhPrAAzHPOaoeLyA==
=Py68
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From shuttlebox at GMAIL.COM  Fri Dec  9 12:39:08 2005
From: shuttlebox at GMAIL.COM (shuttlebox)
Date: Thu Jan 12 21:31:30 2006
Subject: MailScanner: Beta release 4.49.1 -- process name feature
Message-ID: <mailman.17920.1137101490.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 12/9/05, Julian Field <MailScanner@ecs.soton.ac.uk> wrote:
      No, not yet. If I have the time this weekend I will see if I
      still
      have SuSE9, SuSE10, Solaris and FreeBSD on my laptop.


It does not work on Solaris 9. I used MailScanner-install-4.49.1-2.tar.gz
.

# ps -ef | grep Mail
    root 21757 21674  0 10:56:43 ?        0:32 /usr/bin/perl
-I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail
    root 21847 21674  0 10:57:05 ?        0:29 /usr/bin/perl
-I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail
    root 21674     1  0 10:56:21 ?        0:00 /usr/bin/perl
-I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail
    root 21675 21674  0 10:56:21 ?        0:39 /usr/bin/perl
-I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail
    root 21711 21674  0 10:56:32 ?        0:35 /usr/bin/perl
-I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail
    root 25947 25869  0 13:35:30 pts/1    0:00 grep Mail
    root 21798 21674  0 10:56:54 ?        0:29 /usr/bin/perl
-I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail
# ptree 21674
21674 /usr/bin/perl -I/opt/MailScanner/lib
/opt/MailScanner/bin/MailScanner /op
  21675 /usr/bin/perl -I/opt/MailScanner/lib
/opt/MailScanner/bin/MailScanner /
  21711 /usr/bin/perl -I/opt/MailScanner/lib
/opt/MailScanner/bin/MailScanner /
  21757 /usr/bin/perl -I/opt/MailScanner/lib
/opt/MailScanner/bin/MailScanner /
  21798 /usr/bin/perl -I/opt/MailScanner/lib
/opt/MailScanner/bin/MailScanner /
  21847 /usr/bin/perl -I/opt/MailScanner/lib
/opt/MailScanner/bin/MailScanner /

/Peter

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From ewallig at AEROCONTRACTORS.COM  Fri Dec  9 13:04:15 2005
From: ewallig at AEROCONTRACTORS.COM (Ed Wallig)
Date: Thu Jan 12 21:31:30 2006
Subject: New Release- pscm-1.0.0.2 (postfix 2.2.6, MailScanner: 4.48.4-2,
     Clamav: 0.87.1,SpamAssassin: 3.1.0)
Message-ID: <mailman.17921.1137101490.24926.mailscanner@lists.mailscanner.info>

Thanks, I was able to get the full file this a.m. - looking forward to
trying this compilation.


 - Ed 

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Janet Bindner
Sent: Thursday, December 08, 2005 8:12 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: New Release- pscm-1.0.0.2 (postfix 2.2.6, MailScanner:
4.48.4-2, Clamav: 0.87.1,SpamAssassin: 3.1.0)

The file is hosted at sourceforge,
http://pscm.sourceforge.net/pscm-1.0.0.2-1.fc4.i386.rpm

Just tried to downloaded it a few times, sometimes 2 successive attempts are
needed to get a complete download. 

Janet

--- Scott Silva <ssilva@SGVWATER.COM> wrote:

> Ed Wallig spake the following on 12/8/2005 10:31 AM:
> > What URL did you use?
> > 
> >  - Ed
> > 
> > -----Original Message-----
> > From: MailScanner mailing list
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
> > Of Scott Silva
> > Sent: Thursday, December 08, 2005 1:08 PM
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: Re: New Release- pscm-1.0.0.2 (postfix
> 2.2.6, MailScanner:
> > 4.48.4-2, Clamav: 0.87.1,SpamAssassin: 3.1.0)
> > 
> > Ed Wallig spake the following on 12/8/2005 5:18
> AM:
> > 
> >>Thanks for the reply - I just tried downloading
> the FC4 version again
> >>after turning off av / IDS scanning on my firewall
> but it's still
> >>showing a downloaded size of 7.92MB instead of the
> 11.7MB that it
> >>advertises when the download begins. I'm a little
> concerned about
> >>using this file - can you advise?
> > 
> > I just downloaded the FC4 version just to check,
> and I have a filesize of
> > 12,315,771 bytes.
> > Something is killing your download before it is
> complete. Maybe a bad
> > version is stuck in a proxy?
> > 
> > 
>
http://metawire.org/~pscm/pscm-1.0.0.2-1.fc4.i386.rpm.php
> From the download page.
> Might be a php re-director that pulls from a bad location for you.
> 
> 
> --
> 
> /-----------------------\           |~~\_____/~~\__ 
> |
> | MailScanner; The best |___________ \N1____======
> )-+
> | protection on the net!|                   ~~~|/~~ 
> |
> \-----------------------/                      ()
> 
> ------------------------ MailScanner list
> ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki
> (http://wiki.mailscanner.info/) and
> the archives
> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 



		
___________________________________________________________
To help you stay safe and secure online, we've developed the all new Yahoo!
Security Centre. http://uk.security.yahoo.com

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, Application/X-PKCS7-SIGNATURE  6.1KB. ]
    [ Unable to print this part. ]


From maillists at CONACTIVE.COM  Fri Dec  9 13:19:47 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:30 2006
Subject: New Release- pscm-1.0.0.2 (postfix 2.2.6, MailScanner: 4.48.4-2,
     Clamav: 0.87.1,SpamAssassin: 3.1.0)
Message-ID: <mailman.17922.1137101490.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Ed Wallig wrote on         Fri, 9 Dec 2005 08:04:15 -0500:

> Thanks, I was able to get the full file this a.m. - looking forward to 
> trying this compilation.

Which way do you do the downloads?

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From campbell at CNPAPERS.COM  Fri Dec  9 14:08:09 2005
From: campbell at CNPAPERS.COM (Steve Campbell)
Date: Thu Jan 12 21:31:30 2006
Subject: Slightly OT - Exim / Apache
Message-ID: <mailman.17923.1137101490.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Kai,

I could use this ability here, but only find the sendmail_from parameter for 
Windows PHP. Could you explain how this is done or point me to something, 
please? We run multiple virtual hosts on many servers, and not only do we 
get a log entry from apache that it changed the sender, but it always 
indicates the hostname as the sender.

Thanks for any help.

Steve Campbell
campbell@cnpapers.com
Charleston Newspapers

----- Original Message ----- 
From: "Kai Schaetzl" <maillists@CONACTIVE.COM>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Thursday, December 08, 2005 5:47 PM
Subject: Re: Slightly OT - Exim / Apache


> Michele Neylon :: Blacknight Solutions wrote on         Thu, 8 Dec 2005
> 21:59:01 -0000:
>
>> Over the last few weeks the number of attacks on forms hosted on our 
>> servers
>> has reached new levels
>> Unfortunately the user id for the mail is set to apache, which makes
>> tracking down the domain / user who has the vulnerable script very 
>> awkward
>
> This is not a problem with CGI, so I assume you are talking about php 
> scripts
> and mod_php? You can set a mail from address for each virtualhost for php 
> which
> will replace the apache userid.
>
> Kai
>
> -- 
> Kai Schätzl, Berlin, Germany
> Get your web at Conactive Internet Services: http://www.conactive.com
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Fri Dec  9 15:05:47 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:30 2006
Subject: MailScanner: Beta release 4.49.1 -- process name feature
Message-ID: <mailman.17924.1137101490.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----

Thanks. I'll get back to you once I have had the laptop opened up so  
we can check exactly what it's got now. Hopefully Monday.
Cheers!

On 9 Dec 2005, at 13:05, Kai Schaetzl wrote:

> Julian Field wrote on         Fri, 9 Dec 2005 11:39:54 +0000:
>
>> Must save up for bigger disk. Don't suppose anyone wants to buy me  
>> one?
>
> Julian, send me the link to the shop/disk off-list and I'll tell  
> you an
> hour later if I can do that.
>
> Kai
>
> -- 
> Kai Schätzl, Berlin, Germany
> Get your web at Conactive Internet Services: http://www.conactive.com
>
>
>

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBQ5mdTvw32o+k+q+hAQG24wgAumlXIh6GfSN+PbSFNVnjVHWjG98NhGo4
GpAhEHyDiWcHoVR1vuEzDlg2vvAjdOlGOqs9FDT7BP3FOq8c99iGtgYpod1giFKf
bH58YjsiRpZ6Sa4AOpSzXoaVb6FPO940GBfb97sEXzXKFJ1w6KQJPdk+XJzJLFM6
937VK+0/l/WyChKDL+YizS8ca1w1d/yeA6OwqtuQkWoDxz1o6jbrc5H8h6SYBKVW
vGsCvGYJS1ckgzOkWKfSRD8n+6BcDFcZmIYzY89spOXSJxHxfHHE+RWlA6+n6Bw8
je31B1Of+aGa8cytlg42w+G93yRByHB2wQOmxc1eR8kEQ8NJ1GYosw==
=GvJC
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Fri Dec  9 15:31:22 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:30 2006
Subject: Slightly OT - Exim / Apache
Message-ID: <mailman.17925.1137101490.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Steve Campbell wrote on         Fri, 9 Dec 2005 09:08:09 -0500:

> I could use this ability here, but only find the sendmail_from parameter for 
> Windows PHP. Could you explain how this is done or point me to something, 
> please?

You won't be able to do this on Windows unless you use a program which accepts 
sendmail-like input and command parameters. The directive to use is 
php_admin_value sendmail_path "your command line here".

The best way to stop this with other means is to disable mail() and require 
clients to use an smtp class. There's one in PEAR, so anyone can access it.

Oh, I overlooked something. Of course, you could just set "php_admin_value 
sendmail_from address" in each virtual host on Windows. Should work.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From rcooper at DWFORD.COM  Fri Dec  9 15:17:03 2005
From: rcooper at DWFORD.COM (Rick Cooper)
Date: Thu Jan 12 21:31:30 2006
Subject: Slightly OT - Exim / Apache
Message-ID: <mailman.17926.1137101490.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> Behalf Of Steve Campbell
> Sent: Friday, December 09, 2005 9:08 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Slightly OT - Exim / Apache
>
>
> Kai,
>
> I could use this ability here, but only find the sendmail_from
> parameter for
> Windows PHP. Could you explain how this is done or point me to something,
> please? We run multiple virtual hosts on many servers, and not only do we
> get a log entry from apache that it changed the sender, but it always
> indicates the hostname as the sender.
>
[...]

I don't know how you would do it through php.ini, I mean you could use
the -f user@domain in your sendmail line but how about simply requiring all
your virtual admins to use a valid from address? if they are using php it
can easily be added to the fourth param. Set exim to reject any sender local
part that is apache (or whatever your www user is) and set your apache user
as trusted in your exim config so it can set the from address (if the web
server is local to the mail server). I would also send them information as
to how to check the referrer to ensure that someone isn't high jacking their
forms.

I think if they understand policy is no mail from apache@ will be accepted,
and you provide them with the information as to how to set the from address
in their scripts they will comply rather quickly.

It might even be worth your while to create a mail script that uses the pear
package that they are able to include in their scripts and have your wrapper
add an X- header that is required by exim from their web service from
addresses or it won't run. For instance if you have a virtual user@xyz.com
and your wrapper adds X-VMail-from:user@xyz.com when mail hits exim with a
sender address of user@xyz.com and the X-Vmail-from: header is wrong or
missing reject the mail.

But at least require they use a real from address, hopefully something you
and your clients understand is only used in their web forms

Rick



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Fri Dec  9 15:31:22 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:30 2006
Subject: Slightly OT - Exim / Apache
Message-ID: <mailman.17927.1137101490.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Steve Campbell wrote on         Fri, 9 Dec 2005 09:08:09 -0500:

> I could use this ability here, but only find the sendmail_from parameter for 
> Windows PHP. Could you explain how this is done or point me to something, 
> please?

You won't be able to do this on Windows unless you use a program which accepts 
sendmail-like input and command parameters. The directive to use is 
php_admin_value sendmail_path "your command line here".

The best way to stop this with other means is to disable mail() and require 
clients to use an smtp class. There's one in PEAR, so anyone can access it.

Oh, I overlooked something. Of course, you could just set "php_admin_value 
sendmail_from address" in each virtual host on Windows. Should work.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Fri Dec  9 15:05:47 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:30 2006
Subject: MailScanner: Beta release 4.49.1 -- process name feature
Message-ID: <mailman.17928.1137101490.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----

Thanks. I'll get back to you once I have had the laptop opened up so  
we can check exactly what it's got now. Hopefully Monday.
Cheers!

On 9 Dec 2005, at 13:05, Kai Schaetzl wrote:

> Julian Field wrote on         Fri, 9 Dec 2005 11:39:54 +0000:
>
>> Must save up for bigger disk. Don't suppose anyone wants to buy me  
>> one?
>
> Julian, send me the link to the shop/disk off-list and I'll tell  
> you an
> hour later if I can do that.
>
> Kai
>
> -- 
> Kai Schätzl, Berlin, Germany
> Get your web at Conactive Internet Services: http://www.conactive.com
>
>
>

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBQ5mdTvw32o+k+q+hAQG24wgAumlXIh6GfSN+PbSFNVnjVHWjG98NhGo4
GpAhEHyDiWcHoVR1vuEzDlg2vvAjdOlGOqs9FDT7BP3FOq8c99iGtgYpod1giFKf
bH58YjsiRpZ6Sa4AOpSzXoaVb6FPO940GBfb97sEXzXKFJ1w6KQJPdk+XJzJLFM6
937VK+0/l/WyChKDL+YizS8ca1w1d/yeA6OwqtuQkWoDxz1o6jbrc5H8h6SYBKVW
vGsCvGYJS1ckgzOkWKfSRD8n+6BcDFcZmIYzY89spOXSJxHxfHHE+RWlA6+n6Bw8
je31B1Of+aGa8cytlg42w+G93yRByHB2wQOmxc1eR8kEQ8NJ1GYosw==
=GvJC
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From rcooper at DWFORD.COM  Fri Dec  9 15:17:03 2005
From: rcooper at DWFORD.COM (Rick Cooper)
Date: Thu Jan 12 21:31:30 2006
Subject: Slightly OT - Exim / Apache
Message-ID: <mailman.17929.1137101490.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> Behalf Of Steve Campbell
> Sent: Friday, December 09, 2005 9:08 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Slightly OT - Exim / Apache
>
>
> Kai,
>
> I could use this ability here, but only find the sendmail_from
> parameter for
> Windows PHP. Could you explain how this is done or point me to something,
> please? We run multiple virtual hosts on many servers, and not only do we
> get a log entry from apache that it changed the sender, but it always
> indicates the hostname as the sender.
>
[...]

I don't know how you would do it through php.ini, I mean you could use
the -f user@domain in your sendmail line but how about simply requiring all
your virtual admins to use a valid from address? if they are using php it
can easily be added to the fourth param. Set exim to reject any sender local
part that is apache (or whatever your www user is) and set your apache user
as trusted in your exim config so it can set the from address (if the web
server is local to the mail server). I would also send them information as
to how to check the referrer to ensure that someone isn't high jacking their
forms.

I think if they understand policy is no mail from apache@ will be accepted,
and you provide them with the information as to how to set the from address
in their scripts they will comply rather quickly.

It might even be worth your while to create a mail script that uses the pear
package that they are able to include in their scripts and have your wrapper
add an X- header that is required by exim from their web service from
addresses or it won't run. For instance if you have a virtual user@xyz.com
and your wrapper adds X-VMail-from:user@xyz.com when mail hits exim with a
sender address of user@xyz.com and the X-Vmail-from: header is wrong or
missing reject the mail.

But at least require they use a real from address, hopefully something you
and your clients understand is only used in their web forms

Rick



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From alex at NKPANAMA.COM  Fri Dec  9 15:54:42 2005
From: alex at NKPANAMA.COM (Alex Neuman van der Hans)
Date: Thu Jan 12 21:31:30 2006
Subject: cannot install Mail::ClamAV perl module
Message-ID: <mailman.17930.1137101490.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Glenn Steen wrote:

>On 09/12/05, Alex Neuman van der Hans <alex@nkpanama.com> wrote:
>  
>
>>That was it. ldconfig. Anyways, I always edit the install.sh script and
>>add "--enable-milter" to be able to use clamav-milter, and remove the
>>--disable-zlib-vcheck because I *like* knowing when my zlib's out of
>>date ;).
>>    
>>
>
>Thing is, some (perhaps demented:-) distros will have the patched zlib
>installed, but will not have updated the zlib version number (weakness
>of rpm package handling stategy there, to say the least.... Has seen
>this with older versions of Mandriva). So to keep things as simple as
>possible, I think Jules is doing the right thing, more or less.
>
>  
>
I always make it a point to install zlib beforehand. Could there be, 
perhaps, a new version with zlib as part of the package? It would make 
sure everyone's *really* updated. You'd just have to add 
http://www.zlib.net/zlib-1.2.3.tar.gz to the perl-tar folder, add 
"unpackarchive blah blah" for zlib (the usual "./configure && make && 
make install" should work), and then change the ./configure 
--disable-zlib-vcheck to ./configure (--enable-milter if the user asked 
for it).

>>Would be nice to have those as a command line option, though.
>>    
>>
>
>Definitely. Choice is always good:-).
>
>  
>
>>>Did you use my easy ClamAV+SpamAssassin install package? This fixes
>>>this for you. You need to add /usr/local/lib to /etc/ld.so.conf and
>>>run ldconfig by hand if you didn't.
>>>
>>>      
>>>
>
>--
>-- Glenn
>email: glenn < dot > steen < at > gmail < dot > com
>work: glenn < dot > steen < at > ap1 < dot > se
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>  
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From campbell at CNPAPERS.COM  Fri Dec  9 16:10:58 2005
From: campbell at CNPAPERS.COM (Steve Campbell)
Date: Thu Jan 12 21:31:30 2006
Subject: Slightly OT - Exim / Apache
Message-ID: <mailman.17931.1137101490.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

----- Original Message ----- 
From: "Kai Schaetzl" <maillists@CONACTIVE.COM>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Friday, December 09, 2005 10:31 AM
Subject: Re: Slightly OT - Exim / Apache


> Steve Campbell wrote on         Fri, 9 Dec 2005 09:08:09 -0500:
>
>> I could use this ability here, but only find the sendmail_from parameter 
>> for
>> Windows PHP. Could you explain how this is done or point me to something,
>> please?
>
> You won't be able to do this on Windows unless you use a program which 
> accepts
> sendmail-like input and command parameters. The directive to use is
> php_admin_value sendmail_path "your command line here".
>
> The best way to stop this with other means is to disable mail() and 
> require
> clients to use an smtp class. There's one in PEAR, so anyone can access 
> it.
>
> Oh, I overlooked something. Of course, you could just set "php_admin_value
> sendmail_from address" in each virtual host on Windows. Should work.
>
> Kai
>
> -- 
> Kai Schätzl, Berlin, Germany
> Get your web at Conactive Internet Services: http://www.conactive.com
>
Kai,

Thanks for the reply.

I apparently mislead you though. I don't run Windows, I run Linux. I was 
saying I could only find the parameters for Windows specific PHP, and found 
nothing for Linux that is similar. But I will look up the parameter you 
mentioned above and see where that leads me.

Steve 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From campbell at CNPAPERS.COM  Fri Dec  9 16:44:41 2005
From: campbell at CNPAPERS.COM (Steve Campbell)
Date: Thu Jan 12 21:31:30 2006
Subject: OT - Sendmail accept_unresolvable domains
Message-ID: <mailman.17932.1137101490.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Can a few of you give me your preference/experience on the Sendmail feature 
accept_unresolvable_domains?

Does it help? Do any of your users complain? I'm getting a lot of 
undeliverable bounces due to  unknown users and thought this might be a nice 
way of reducing them.

Thanks

Steve Campbell
campbell@cnpapers.com
Charleston Newspapers

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mike at CAMAROSS.NET  Fri Dec  9 17:15:31 2005
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:31:30 2006
Subject: OT - Sendmail accept_unresolvable domains
Message-ID: <mailman.17933.1137101490.24926.mailscanner@lists.mailscanner.info>

MailScanner mailing list <> scribbled on Friday, December 09, 2005 10:45 AM:

> Can a few of you give me your preference/experience on the
> Sendmail feature accept_unresolvable_domains?
> 
> Does it help? Do any of your users complain? I'm getting a
> lot of undeliverable bounces due to  unknown users and
> thought this might be a nice way of reducing them.
> 
> Thanks
> 
> Steve Campbell
> campbell@cnpapers.com
> Charleston Newspapers
> 
> ------------------------ MailScanner list
> ------------------------ To unsubscribe, email
> jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!

I ALWAYS comment this out in my sendmail.mc

Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Fri Dec  9 17:30:43 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:30 2006
Subject: OT - Sendmail accept_unresolvable domains
Message-ID: <mailman.17934.1137101490.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 09/12/05, Steve Campbell <campbell@cnpapers.com> wrote:
> Can a few of you give me your preference/experience on the Sendmail feature
> accept_unresolvable_domains?
>
> Does it help? Do any of your users complain? I'm getting a lot of
> undeliverable bounces due to  unknown users and thought this might be a nice
> way of reducing them.
>
> Thanks
>
> Steve Campbell
> campbell@cnpapers.com
> Charleston Newspapers

Don't think so, sounds like it'd reject any sending host that lack an
A/MX record... And rather many do. So you'd likely shoot your own foot
with that one (IIRC there is no mandate that a sending host is
resolvable in the RFCs).

I hear milter-ahead is the wtg with sendmail, when wanting to reject
non-existing recipients.

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Fri Dec  9 17:24:56 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:30 2006
Subject: cannot install Mail::ClamAV perl module
Message-ID: <mailman.17935.1137101490.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 09/12/05, Alex Neuman van der Hans <alex@nkpanama.com> wrote:
> Glenn Steen wrote:
>
> >On 09/12/05, Alex Neuman van der Hans <alex@nkpanama.com> wrote:
> >
> >
> >>That was it. ldconfig. Anyways, I always edit the install.sh script and
> >>add "--enable-milter" to be able to use clamav-milter, and remove the
> >>--disable-zlib-vcheck because I *like* knowing when my zlib's out of
> >>date ;).
> >>
> >>
> >
> >Thing is, some (perhaps demented:-) distros will have the patched zlib
> >installed, but will not have updated the zlib version number (weakness
> >of rpm package handling stategy there, to say the least.... Has seen
> >this with older versions of Mandriva). So to keep things as simple as
> >possible, I think Jules is doing the right thing, more or less.
> >
> >
> >
> I always make it a point to install zlib beforehand. Could there be,
> perhaps, a new version with zlib as part of the package? It would make
> sure everyone's *really* updated. You'd just have to add
> http://www.zlib.net/zlib-1.2.3.tar.gz to the perl-tar folder, add
> "unpackarchive blah blah" for zlib (the usual "./configure && make &&
> make install" should work), and then change the ./configure
> --disable-zlib-vcheck to ./configure (--enable-milter if the user asked
> for it).

Hm. But that might add some ickyness WRT multiple lib versions, and
one (hopefully the one that gets used) installed from source... More
or less without the lusers^H^H^H^H^Hadmins knowledge... "There was a
bunch of things that scrolled of the screen...":-). Perhaps not the
best solution.
One could dream up a bunch of more or less workable solutions, but I'm
unsure if there is one that lack any substantial drawbacks...

Although the base problem is due to the rpm system/the distributors, I
see no really good solution.

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Fri Dec  9 18:02:14 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:30 2006
Subject: OT - Sendmail accept_unresolvable domains
Message-ID: <mailman.17936.1137101490.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Steve Campbell wrote on         Fri, 9 Dec 2005 11:44:41 -0500:

> Can a few of you give me your preference/experience on the Sendmail feature 
> accept_unresolvable_domains?

Of course, it should be OFF!

> I'm getting a lot of 
> undeliverable bounces due to  unknown users and thought this might be a nice 
> way of reducing them.

Bounces will always be resolvable. You should have this off, but it won't help 
with this.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Fri Dec  9 18:02:14 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:30 2006
Subject: Slightly OT - Exim / Apache
Message-ID: <mailman.17937.1137101490.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Steve Campbell wrote on         Fri, 9 Dec 2005 11:10:58 -0500:

> I apparently mislead you though. I don't run Windows, I run Linux.

Oh, then just put it in the virtual hosts in Apache. 
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f em@ail"

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Fri Dec  9 18:02:14 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:30 2006
Subject: OT - Sendmail accept_unresolvable domains
Message-ID: <mailman.17938.1137101490.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Glenn Steen wrote on         Fri, 9 Dec 2005 18:30:43 +0100:

> Don't think so, sounds like it'd reject any sending host that lack an 
> A/MX record... And rather many do. So you'd likely shoot your own foot 
> with that one (IIRC there is no mandate that a sending host is 
> resolvable in the RFCs).

No, this refers to the domain part of an email address (sender). This 
option should always be OFF. There's no good reason to accept a sender you 
can't reply to.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From steve.swaney at fsl.com  Fri Dec  9 17:52:47 2005
From: steve.swaney at fsl.com (Stephen Swaney)
Date: Thu Jan 12 21:31:30 2006
Subject: OT - Sendmail accept_unresolvable domains
Message-ID: <mailman.17939.1137101490.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Steve Campbell
> Sent: Friday, December 09, 2005 11:45 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: OT - Sendmail accept_unresolvable domains
> 
> Can a few of you give me your preference/experience on the Sendmail
> feature
> accept_unresolvable_domains?
> 
> Does it help? Do any of your users complain? I'm getting a lot of
> undeliverable bounces due to  unknown users and thought this might be a
> nice
> way of reducing them.
> 
> Thanks
> 
> Steve Campbell
> campbell@cnpapers.com
> Charleston Newspapers
> 

Steve,

If you're referring to the sendmail configuration option:

dnl FEATURE(`accept_unresolvable_domains')dnl

This should most definitely be disabled. All of our servers and customers
servers are configured this way and have been for years. It merely requires
that the sending server an A or MX record in DNS. 

We used to get complaints a few years back but now all legitimate mailers
(and most spammers) have DNS records. We typically see a small percentage of
rejections from this rule but now receive no complaints. 

Steve

Stephen Swaney
Fort Systems Ltd.
stephen.swaney@fsl.com
www.fsl.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From campbell at CNPAPERS.COM  Fri Dec  9 18:34:01 2005
From: campbell at CNPAPERS.COM (Steve Campbell)
Date: Thu Jan 12 21:31:30 2006
Subject: OT - Sendmail accept_unresolvable domains
Message-ID: <mailman.17940.1137101490.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Thanks all,

For some reason, I brain-farted today and was thinking this worked the other 
way around. It is commented (by default on RH distros).

I guess the milter-ahead might be the way to go. I usually see about 50 
mails waiting for these unresolvable addresses, but recently, it's climbing 
steadily. I don't know how much time in CPU cycles sendmail takes to retry 
these, but I do notice a little slowness.

Steve

----- Original Message ----- 
From: "Kai Schaetzl" <maillists@CONACTIVE.COM>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Friday, December 09, 2005 1:02 PM
Subject: Re: OT - Sendmail accept_unresolvable domains


> Glenn Steen wrote on         Fri, 9 Dec 2005 18:30:43 +0100:
>
>> Don't think so, sounds like it'd reject any sending host that lack an
>> A/MX record... And rather many do. So you'd likely shoot your own foot
>> with that one (IIRC there is no mandate that a sending host is
>> resolvable in the RFCs).
>
> No, this refers to the domain part of an email address (sender). This
> option should always be OFF. There's no good reason to accept a sender you
> can't reply to.
>
> Kai
>
> -- 
> Kai Schätzl, Berlin, Germany
> Get your web at Conactive Internet Services: http://www.conactive.com
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From campbell at CNPAPERS.COM  Fri Dec  9 18:29:59 2005
From: campbell at CNPAPERS.COM (Steve Campbell)
Date: Thu Jan 12 21:31:30 2006
Subject: Slightly OT - Exim / Apache
Message-ID: <mailman.17941.1137101490.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Kai,

Thanks. I kept finding the Windows version of the sendmail_from parm, but 
assumed the sendmail_path fell under Windows necessity also.

Steve

----- Original Message ----- 
From: "Kai Schaetzl" <maillists@CONACTIVE.COM>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Friday, December 09, 2005 1:02 PM
Subject: Re: Slightly OT - Exim / Apache


> Steve Campbell wrote on         Fri, 9 Dec 2005 11:10:58 -0500:
>
>> I apparently mislead you though. I don't run Windows, I run Linux.
>
> Oh, then just put it in the virtual hosts in Apache.
> php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f em@ail"
>
> Kai
>
> -- 
> Kai Schätzl, Berlin, Germany
> Get your web at Conactive Internet Services: http://www.conactive.com
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From eaperezh at GMAIL.COM  Fri Dec  9 20:22:53 2005
From: eaperezh at GMAIL.COM (Erick Perez)
Date: Thu Jan 12 21:31:30 2006
Subject: store and delete for spam. meaning?
Message-ID: <mailman.17942.1137101490.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

what does it mean to do:
Spam Actions = store delete
High Scoring Spam Actions = store delete

delete what where? because i can still release from quarantine.


--

-------------------------------------------
Erick Perez
Linux User 376588
http://counter.li.org/  (Get counted!!!)
Panama, Republic of Panama

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From Denis.Beauchemin at USHERBROOKE.CA  Fri Dec  9 21:08:20 2005
From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin)
Date: Thu Jan 12 21:31:30 2006
Subject: store and delete for spam. meaning?
Message-ID: <mailman.17943.1137101490.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Erick Perez wrote:

> what does it mean to do:
> Spam Actions = store delete
> High Scoring Spam Actions = store delete
>
> delete what where? because i can still release from quarantine.


Erick,

store = keep a copy on the server
delete = do not send to the recipient

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From liste-mailscanner at INGESCOM.COM  Fri Dec  9 21:31:11 2005
From: liste-mailscanner at INGESCOM.COM (Sam)
Date: Thu Jan 12 21:31:30 2006
Subject: [near solved]
Message-ID: <mailman.17944.1137101490.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-15" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi,

In fact there were missing the file : retry.lockfile in 
/var/spool/exim_input/db
This caused /etc/init.d/mailscanner restart script very long.
Now it's better but few times only now I still get :

Dec  9 21:50:37 zoe Debian-exim: Process did not exit cleanly, returned 
0 with signal 15
Dec  9 21:50:37 zoe MailScanner[21391]: MailScanner E-Mail Virus Scanner 
version 4.41.3 starting...
Dec  9 21:50:37 zoe MailScanner[21391]: MailScanner child caught a SIGHUP

When I make : ps auxw I see a process not closing at this moment ... 
that's not all the time
so I think it's enough good for some days before searching again.

Now I'm going to search how to make mailscanner working with kaspersky 5.5.
I achieved with 5.0.5 but not 5.5 even after browsing the search list 
archive.

Sam.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From cstone at AXINT.NET  Fri Dec  9 21:38:23 2005
From: cstone at AXINT.NET (Chris Stone)
Date: Thu Jan 12 21:31:30 2006
Subject: phishing increases
Message-ID: <mailman.17945.1137101490.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On Thursday 08 December 2005 11:31 pm, Dave wrote:
> Hello,
>     I'm seeing an increase in phishing atempts. I'm running MS-4.46.2 on a
> freebsd6 box and here's my phishing-relevant mailscanner.conf settings:
>
> Find Phishing Fraud = yes
> Also Find Numeric Phishing = yes
> Highlight Phishing Fraud = yes
> Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf
> Phishing Modify Subject = yes
> Phishing Subject Text = {Fraud?}
>
> In the safe sites file i haven't modified anything, is there more i can do?
> Particularly i'm seeing items from ebay, a bank which i don't do business
> with, and emails marked as postmaster undeliverable.

If you are not using ClamAV, you should add it to the mix - it picks up most 
of the phishing scams I see on my servers.


Chris

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From eaperezh at GMAIL.COM  Fri Dec  9 21:45:24 2005
From: eaperezh at GMAIL.COM (Erick Perez)
Date: Thu Jan 12 21:31:30 2006
Subject: store and delete for spam. meaning?
Message-ID: <mailman.17946.1137101490.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

thanks.

On 12/9/05, Erick Perez <eaperezh@gmail.com> wrote:
      ok

      On 12/9/05, Denis Beauchemin <
      Denis.Beauchemin@usherbrooke.ca> wrote:
            Erick Perez wrote:

            > what does it mean to do:
            > Spam Actions = store delete
            > High Scoring Spam Actions = store delete
            >
            > delete what where? because i can still release
            from quarantine.


            Erick,

            store = keep a copy on the server
            delete = do not send to the recipient

            Denis

            --
               _
              °v°   Denis Beauchemin, analyste
            /(_)\  Université de Sherbrooke, S.T.I.
              ^ ^   T: 819.821.8000x2252 F: 819.821.8045

            ------------------------ MailScanner list
            ------------------------
            To unsubscribe, email jiscmail@jiscmail.ac.uk
            with the words:
            'leave mailscanner' in the body of the email.
            Before posting, read the Wiki
            (http://wiki.mailscanner.info/ ) and
            the archives (
            http://www.jiscmail.ac.uk/lists/mailscanner.html).

            Support MailScanner development - buy the book
            off the website!




--

-------------------------------------------
Erick Perez
Linux User 376588
http://counter.li.org/  (Get counted!!!)
Panama, Republic of Panama




--

-------------------------------------------
Erick Perez
Linux User 376588
http://counter.li.org/  (Get counted!!!)
Panama, Republic of Panama

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From dmehler26 at woh.rr.com  Sat Dec 10 00:00:11 2005
From: dmehler26 at woh.rr.com (Dave)
Date: Thu Jan 12 21:31:30 2006
Subject: phishing increases
Message-ID: <mailman.17947.1137101490.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi,
    Thanks, i am using clamav as an av scanner along with bitdefender and 
f-prot.
Dave.

----- Original Message ----- 
From: "Chris Stone" <cstone@AXINT.NET>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Friday, December 09, 2005 4:38 PM
Subject: Re: phishing increases


> On Thursday 08 December 2005 11:31 pm, Dave wrote:
>> Hello,
>>     I'm seeing an increase in phishing atempts. I'm running MS-4.46.2 on 
>> a
>> freebsd6 box and here's my phishing-relevant mailscanner.conf settings:
>>
>> Find Phishing Fraud = yes
>> Also Find Numeric Phishing = yes
>> Highlight Phishing Fraud = yes
>> Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf
>> Phishing Modify Subject = yes
>> Phishing Subject Text = {Fraud?}
>>
>> In the safe sites file i haven't modified anything, is there more i can 
>> do?
>> Particularly i'm seeing items from ebay, a bank which i don't do business
>> with, and emails marked as postmaster undeliverable.
>
> If you are not using ClamAV, you should add it to the mix - it picks up 
> most
> of the phishing scams I see on my servers.
>
>
> Chris
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website! 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Sat Dec 10 09:15:50 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:30 2006
Subject: OT - Sendmail accept_unresolvable domains
Message-ID: <mailman.17948.1137101490.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 09/12/05, Kai Schaetzl <maillists@conactive.com> wrote:
> Glenn Steen wrote on         Fri, 9 Dec 2005 18:30:43 +0100:
>
> > Don't think so, sounds like it'd reject any sending host that lack an
> > A/MX record... And rather many do. So you'd likely shoot your own foot
> > with that one (IIRC there is no mandate that a sending host is
> > resolvable in the RFCs).
>
> No, this refers to the domain part of an email address (sender). This
> option should always be OFF. There's no good reason to accept a sender you
> can't reply to.
>
> Kai
>
> --
> Kai Schätzl, Berlin, Germany
> Get your web at Conactive Internet Services: http://www.conactive.com
>
Ok ... (me crawling back under my postfix-rock:-)

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn_steen at yahoo.se  Sat Dec 10 10:12:39 2005
From: glenn_steen at yahoo.se (Glenn Steen)
Date: Thu Jan 12 21:31:30 2006
Subject: Just another test...
Message-ID: <mailman.17949.1137101490.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Seems the list is in "slow mode" again (my broadband
is a DUL, so I can't complete a telnet to either of
fili or kili to determine exactly what's up....
Perhaps someone else feels up to it?).

Perhaps my yahoo account get's lucky where my gmail
account isn't:-). Anyway, Jules is on the CC... Hope
that move is soon, rather than late:-)

-- Glenn

From glenn.steen at GMAIL.COM  Sat Dec 10 09:22:23 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:30 2006
Subject: [near solved]
Message-ID: <mailman.17950.1137101490.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 10/12/05, Glenn Steen <glenn.steen@gmail.com> wrote:
> On 09/12/05, Sam <liste-mailscanner@ingescom.com> wrote:
> > Hi,
> (snip)
> > Now I'm going to search how to make mailscanner working with kaspersky 5.5.
> > I achieved with 5.0.5 but not 5.5 even after browsing the search list
> > archive.
> >
> > Sam.
> >
> Have you had a look at
> http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus:kaspersky
> (more specifically the notes for 5.5 in
> http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus:kaspersky:mailscanner_configuration)?
> I don't run kav, but obviously Nerjus do;)
.... And Chris Russel.

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Sat Dec 10 09:21:02 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:30 2006
Subject: [near solved]
Message-ID: <mailman.17951.1137101490.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 09/12/05, Sam <liste-mailscanner@ingescom.com> wrote:
> Hi,
(snip)
> Now I'm going to search how to make mailscanner working with kaspersky 5.5.
> I achieved with 5.0.5 but not 5.5 even after browsing the search list
> archive.
>
> Sam.
>
Have you had a look at
http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus:kaspersky
(more specifically the notes for 5.5 in
http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus:kaspersky:mailscanner_configuration)?
I don't run kav, but obviously Nerjus do;)

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Chris.Russell at KNOWLEDGEIT.CO.UK  Sat Dec 10 09:40:11 2005
From: Chris.Russell at KNOWLEDGEIT.CO.UK (Chris Russell)
Date: Thu Jan 12 21:31:30 2006
Subject: store and delete for spam. meaning?
Message-ID: <mailman.17952.1137101490.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

 It means quarantine but don't deliver. If you didn't add delete then the message would still be delivered.

 Whether you then release that from quarantine to be delivered is up to you.


Cheers

Chris


________________________________

From: MailScanner mailing list on behalf of Erick Perez
Sent: Fri 09/12/2005 20:22
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: store and delete for spam. meaning?


what does it mean to do:
Spam Actions = store delete
High Scoring Spam Actions = store delete

delete what where? because i can still release from quarantine.


--

-------------------------------------------
Erick Perez
Linux User 376588
http://counter.li.org/  (Get counted!!!)
Panama, Republic of Panama

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

--
This message has been scanned for viruses and dangerous content by
the Nexent Internet Anti Virus and Spam Tagging Service <http://www.knowledgeit.co.uk> 
and is believed to be clean.

The contents of this e-mail may be privileged and are confidential.
It may not be disclosed to or used by anyone other than the addressee(s), nor copied in any way. Any views or opinions presented are solely those of the author and do not necessarily represent those of Knowledge Limited.

If received in error, please advise the sender, then delete it from your system.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn_steen at YAHOO.SE  Sat Dec 10 10:12:39 2005
From: glenn_steen at YAHOO.SE (Glenn Steen)
Date: Thu Jan 12 21:31:30 2006
Subject: Just another test...
Message-ID: <mailman.17953.1137101490.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Seems the list is in "slow mode" again (my broadband
is a DUL, so I can't complete a telnet to either of
fili or kili to determine exactly what's up....
Perhaps someone else feels up to it?).

Perhaps my yahoo account get's lucky where my gmail
account isn't:-). Anyway, Jules is on the CC... Hope
that move is soon, rather than late:-)

-- Glenn

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From liste-mailscanner at INGESCOM.COM  Sat Dec 10 12:28:37 2005
From: liste-mailscanner at INGESCOM.COM (Sam)
Date: Thu Jan 12 21:31:30 2006
Subject: [kav 5.5] solved
Message-ID: <mailman.17954.1137101490.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-15" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Glenn Steen a écrit :

>On 10/12/05, Glenn Steen <glenn.steen@gmail.com> wrote:
>  
>
>>On 09/12/05, Sam <liste-mailscanner@ingescom.com> wrote:
>>    
>>
>>>Now I'm going to search how to make mailscanner working with kaspersky 5.5.
>>>I achieved with 5.0.5 but not 5.5 even after browsing the search list
>>>archive.
>>>
>>>      
>>>
>>Have you had a look at
>>http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus:kaspersky
>>(more specifically the notes for 5.5 in
>>http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus:kaspersky:mailscanner_configuration)?
>>I don't run kav, but obviously Nerjus do;)
>>    
>>

Thanks a lot, this document help me.
I was just missing access right on two files.

Thanks thanks.
Sam

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From smcguane at MAILSHIELD.COM.AU  Sat Dec 10 12:57:12 2005
From: smcguane at MAILSHIELD.COM.AU (ShaunM [MailShield])
Date: Thu Jan 12 21:31:30 2006
Subject: Error in quarantine
Message-ID: <mailman.17955.1137101490.24926.mailscanner@lists.mailscanner.info>


Guys,

 

After logging in and getting into mailwatch. I get the following error
when opening quarantine


Warning: is_file(): Stat failed for /var/spool/MailScanner/quarantine
(errno=13 - Permission denied) in
/usr/local/apache/htdocs/mailscanner/functions.php on line 925
No quarantine directories found

 

I am guessing it&#8217;s a permission thing on the directorys of
quarantine and sub directories. The user for those directories is :
mailnull and the group is mail

I tried to set those settings in the MailScanner conf file under the
quarantine permissions area but had no joy.

 

I have tried running the quarantine_permissions_repair.php script which
does it works but does not fix the problem.

 

Anything I have missed that anyone can add? Or help me to resolve this
problem?

 

Thanks

Shaun McGuane

 




-----------------------------------------------------------------------------
This message has been scanned for viruses and malicious content by
MailShield
http://www.mailshield.com.au

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From steve.swaney at fsl.com  Sat Dec 10 14:24:44 2005
From: steve.swaney at fsl.com (Stephen Swaney)
Date: Thu Jan 12 21:31:30 2006
Subject: Error in quarantine
Message-ID: <mailman.17956.1137101490.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of ShaunM [MailShield]
> Sent: Saturday, December 10, 2005 7:57 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Error in quarantine
> 
> Guys,
> 
> 
> 
> After logging in and getting into mailwatch. I get the following error
> when opening quarantine
> 
> 
> Warning: is_file(): Stat failed for /var/spool/MailScanner/quarantine
> (errno=13 - Permission denied) in
> /usr/local/apache/htdocs/mailscanner/functions.php on line 925
> No quarantine directories found
> 
> 
> 
> I am guessing it's a permission thing on the directorys of quarantine and
> sub directories. The user for those directories is : mailnull and the
> group is mail
> 
> I tried to set those settings in the MailScanner conf file under the
> quarantine permissions area but had no joy.
> 
> 
> 
> I have tried running the quarantine_permissions_repair.php script which
> does it works but does not fix the problem.
> 
> 
> 
> Anything I have missed that anyone can add? Or help me to resolve this
> problem?
> 
> 
> 
> Thanks
> 
> Shaun McGuane

Run the script called fix_quarantine_permissions in the top level directory
of the MailWatch distribution.

Steve

Stephen Swaney
Fort Systems Ltd.
stephen.swaney@fsl.com
www.fsl.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From shuttlebox at GMAIL.COM  Sat Dec 10 16:12:18 2005
From: shuttlebox at GMAIL.COM (shuttlebox)
Date: Thu Jan 12 21:31:30 2006
Subject: store and delete for spam. meaning?
Message-ID: <mailman.17957.1137101490.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 12/10/05, Chris Russell <Chris.Russell@knowledgeit.co.uk> wrote:
      It means quarantine but don't deliver. If you didn't add
      delete then the message would still be delivered.


That's not correct. To deliver you really need to add "deliver", "delete"
on the other hand is pretty much redundant because it will always be
overridden, for example if you state "deliver delete" it will be
delivered and if you state "store delete" it will be stored. It doesn't
make sense to use "delete" in combination with anything else, maybe it
was added just as alternative for those who don't want anything done with
the mail - that is not delivered, stored or anything else. I think it
adds confusion and little use.

/Peter

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From MailScanner at ecs.soton.ac.uk  Sat Dec 10 19:48:03 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:30 2006
Subject: Solaris 10 build troubles
Message-ID: <mailman.17958.1137101490.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Has anyone built ClamAV or SA on Solaris 10?

I get loads of errors in /usr/include/sys/siginfo.h which I would cut 
and paste if I could.
They are very basic parse errors.

Has anyone tried this? And succeeded?

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQA/AwUBQ5sw9BH2WUcUFbZUEQLPxQCfZCueo0OW/wOvnZSvJToKbHqYaq4An0tl
sWHpRTdA0+0cd7v1YY0TrwT/
=jBqp
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Chris.Russell at KNOWLEDGEIT.CO.UK  Sat Dec 10 19:11:08 2005
From: Chris.Russell at KNOWLEDGEIT.CO.UK (Chris Russell)
Date: Thu Jan 12 21:31:30 2006
Subject: [kav 5.5] solved
Message-ID: <mailman.17959.1137101490.24926.mailscanner@lists.mailscanner.info>

The contents of this e-mail may be privileged and are confidential.
It may not be disclosed to or used by anyone other than the addressee(s), nor copied in any way. Any views or opinions presented are solely those of the author and do not necessarily represent those of Knowledge Limited.

If received in error, please advise the sender, then delete it from your system.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!
From MailScanner at ecs.soton.ac.uk  Sat Dec 10 21:19:17 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:30 2006
Subject: store and delete for spam. meaning?
Message-ID: <mailman.17960.1137101490.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

shuttlebox wrote:

> On 12/10/05, *Chris Russell* <Chris.Russell@knowledgeit.co.uk 
> <mailto:Chris.Russell@knowledgeit.co.uk>> wrote:
>
>     It means quarantine but don't deliver. If you didn't add delete
>     then the message would still be delivered.
>
>
> That's not correct. To deliver you really need to add "deliver", 
> "delete" on the other hand is pretty much redundant because it will 
> always be overridden, for example if you state "deliver delete" it 
> will be delivered and if you state "store delete" it will be stored. 
> It doesn't make sense to use "delete" in combination with anything 
> else, maybe it was added just as alternative for those who don't want 
> anything done with the mail - that is not delivered, stored or 
> anything else. I think it adds confusion and little use.

It adds no function, but makes people feel happier. Few people are 
confused by it in my experience, it's a syntax "nicety".

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Sat Dec 10 21:21:13 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:30 2006
Subject: Solaris 10 build troubles
Message-ID: <mailman.17961.1137101490.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I solved this with a
#define ctid_t id_t
at the top of /usr/include/sys/siginfo.h

as that was what the type was trying to define. This may be fixed in a 
Solaris 10 patch but I can't connect to the updateserver right now 
(smpatch upgrade timing out).


Julian Field wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Has anyone built ClamAV or SA on Solaris 10?
>
>I get loads of errors in /usr/include/sys/siginfo.h which I would cut 
>and paste if I could.
>They are very basic parse errors.
>
>Has anyone tried this? And succeeded?
>
>- -- 
>Julian Field
>www.MailScanner.info
>Buy the MailScanner book at www.MailScanner.info/store
>Professional Support Services at www.MailScanner.biz
>MailScanner thanks transtec Computers for their support
>
>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGP Desktop 9.0.3 (Build 2932)
>
>iQA/AwUBQ5sw9BH2WUcUFbZUEQLPxQCfZCueo0OW/wOvnZSvJToKbHqYaq4An0tl
>sWHpRTdA0+0cd7v1YY0TrwT/
>=jBqp
>-----END PGP SIGNATURE-----
>
>  
>

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mgt at STELLARCORE.NET  Sun Dec 11 00:10:18 2005
From: mgt at STELLARCORE.NET (Mike Tremaine)
Date: Thu Jan 12 21:31:30 2006
Subject: Solaris 10 build troubles
Message-ID: <mailman.17962.1137101490.24926.mailscanner@lists.mailscanner.info>

On Sat, 10 Dec 2005 19:48:03 +0000, Julian Field 
>Has anyone built ClamAV or SA on Solaris 10?
>
>I get loads of errors in /usr/include/sys/siginfo.h which I would cut
>and paste if I could.
>They are very basic parse errors.
>
>Has anyone tried this? And succeeded?
>

[mgt@hypernova ~]$ clamscan -V
ClamAV 0.87.1/1207/Fri Dec  9 14:01:12 2005
[mgt@hypernova ~]$ spamassassin -V
SpamAssassin version 3.0.4
  running on Perl version 5.8.4
[mgt@hypernova ~]$ uname -a
SunOS hypernova 5.10 Generic_118822-20 sun4u sparc SUNW,UltraAX-i2


What seems to be the trouble?

-Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From G.Pentland at SOTON.AC.UK  Sun Dec 11 04:16:59 2005
From: G.Pentland at SOTON.AC.UK (Pentland G.)
Date: Thu Jan 12 21:31:30 2006
Subject: Solaris 10 build troubles
Message-ID: <mailman.17963.1137101490.24926.mailscanner@lists.mailscanner.info>

Solaris 10, sparc or intel?

Gcc or Sun's compilers?

I have both so let me know what you have, including the output of
"showrev -p" and I'll reproduce and test.

Gary

Mike Tremaine wrote:
> On Sat, 10 Dec 2005 19:48:03 +0000, Julian Field
>> Has anyone built ClamAV or SA on Solaris 10?
>> 
>> I get loads of errors in /usr/include/sys/siginfo.h which I would cut
>> and paste if I could. They are very basic parse errors.
>> 
>> Has anyone tried this? And succeeded?
>> 
> 
> [mgt@hypernova ~]$ clamscan -V
> ClamAV 0.87.1/1207/Fri Dec  9 14:01:12 2005
> [mgt@hypernova ~]$ spamassassin -V
> SpamAssassin version 3.0.4
>   running on Perl version 5.8.4
> [mgt@hypernova ~]$ uname -a
> SunOS hypernova 5.10 Generic_118822-20 sun4u sparc SUNW,UltraAX-i2
> 
> 
> What seems to be the trouble?
> 
> -Mike
> 
> ------------------------ MailScanner list ------------------------ To
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave
> mailscanner' in the body of the email. Before posting, read the Wiki
> (http://wiki.mailscanner.info/) and the archives
> (http://www.jiscmail.ac.uk/lists/mailscanner.html).    
> 
> Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From craigwhite at AZAPPLE.COM  Sun Dec 11 13:52:42 2005
From: craigwhite at AZAPPLE.COM (Craig White)
Date: Thu Jan 12 21:31:30 2006
Subject: trimming the logging
Message-ID: <mailman.17964.1137101490.24926.mailscanner@lists.mailscanner.info>

I get LogWatch every day and because of the mail volume, it is
punitively large.

**Unmatched Entries**
 I get thousands of these types of entries (undoubtedly 1 for each email
received)...

   4D7A424F84A.3BCBB to C57F424F84B : 1 Time(s)

and one of these for each email (postfix MTA - mail pulled down by
fetchmail)

**Unmatched Entries**

E6D0124F84C: hold: header Received: from unknown by CryptoWall via
esmtpp (Version 3.10.0.2.3.10.0.0) id /var/KryptoWall/smtpp/kwzNGUFt;
Sat Dec 10 01:59:47 2005 from localhost.localdomain[127.0.0.1];
from=<SRS0+s9+b+77+=@mail15.alevelhigher.com>
to=<craig@localhost.azapple.com> proto=ESMTP helo=<localhost>

and thus today's LogWatch was 9.1 megabytes which is painful to look at.

Are there any suggestions to minimize all this?

Thanks

Craig

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From chris at TAC.ESI.NET  Sun Dec 11 15:38:32 2005
From: chris at TAC.ESI.NET (Chris Hammond)
Date: Thu Jan 12 21:31:30 2006
Subject: trimming the logging
Message-ID: <mailman.17965.1137101490.24926.mailscanner@lists.mailscanner.info>

I had the same problem, go to the Logwatch web site and get the latest
version.  It has a much better output.

Chris 
 
>>> craigwhite@AZAPPLE.COM 12/11/05 8:52 am >>> 
I get LogWatch every day and because of the mail volume, it is
punitively large.

**Unmatched Entries**
 I get thousands of these types of entries (undoubtedly 1 for each email
received)...

   4D7A424F84A.3BCBB to C57F424F84B : 1 Time(s)

and one of these for each email (postfix MTA -  mail pulled down by
fetchmail)

**Unmatched Entries**

E6D0124F84C: hold: header Received: from unknown by CryptoWall via
esmtpp (Version 3.10.0.2.3.10.0.0) id /var/KryptoWall/smtpp/kwzNGUFt;
Sat Dec 10 01:59:47 2005 from localhost.localdomain[127.0.0.1];
from=<SRS0+s9+b+77+=@mail15.alevelhigher.com>
to=<craig@localhost.azapple.com> proto=ESMTP helo=<localhost>

and thus today's LogWatch was 9.1 megabytes which is painful to look at.

Are there any suggestions to minimize all this?

Thanks

Craig

------------------------  MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development -  buy the book off the website!

--  
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From smcguane at MAILSHIELD.COM.AU  Sun Dec 11 22:03:29 2005
From: smcguane at MAILSHIELD.COM.AU (ShaunM [MailShield])
Date: Thu Jan 12 21:31:30 2006
Subject: quarantine error = permission denied
Message-ID: <mailman.17966.1137101490.24926.mailscanner@lists.mailscanner.info>


Heya guys,

 

I have a problem with mailwatch and my quarantine. No matter what I try I
can not access it. This is the output error I get when using mailwatch

 

Warning: is_file(): Stat failed for /var/spool/MailScanner/quarantine

(errno=13 - Permission denied) in
/usr/local/apache/htdocs/mailscanner/functions.php on line 925 No
quarantine directories found

 

Now as for permissions. The apache is run by nobody as its owner as shown
below. I have tried making quarantine owned by the following , nobody,
apache, mailnull anyone
of these permission settings don&#8217;t work either. This is what the
settings currently look like

 

root@filter1 [/etc]# ls /var/spool/MailScanner/quarantine/ -la

total 40

drwxrwx---   10 mailnull mail         4096 Dec 11 00:00 ./

drwxr-x---    5 mailnull mail         4096 Dec 11 11:04 .../

drwxrwx---    4 mailnull mail         4096 Dec  4 00:00 20051204/

drwxrwx---    4 mailnull mail         4096 Dec  5 00:00 20051205/

drwxrwx---    8 mailnull mail         4096 Dec  6 13:59 20051206/

drwxrwx---   13 mailnull mail         4096 Dec  7 11:14 20051207/

drwxrwx---    4 mailnull mail         4096 Dec  8 00:01 20051208/

drwxrwx---    9 mailnull mail         4096 Dec  9 12:56 20051209/

drwxrwx---    7 mailnull mail         4096 Dec 10 19:53 20051210/

drwxrwx---    6 mailnull mail         4096 Dec 11 00:13 20051211/

root@filter1 [/etc]#

 

This is the settings used in MailScanner.conf

 

Run As User = mailnull

Run As Group = mail

Quarantine User = mailnull

Quarantine Group = mail

 

I have tried all different variations of the above with even blank
entries in the quarantine user and quarantine group. I still can not get
this to work.

 

If anyone has any ideas that can help it would be appreciated.

 

Thanks

Shaun

 

 

 

 




-----------------------------------------------------------------------------
This message has been scanned for viruses and malicious content by
MailShield
http://www.mailshield.com.au

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From john at OMEGADATA.NO  Sun Dec 11 22:19:50 2005
From: john at OMEGADATA.NO (John Berntsen)
Date: Thu Jan 12 21:31:30 2006
Subject: SV: quarantine error = permission denied
Message-ID: <mailman.17967.1137101490.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

@page Section1 {size: 612.0pt 792.0pt; margin: 72.0pt 90.0pt 72.0pt
90.0pt; } P.MsoNormal { FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt;
FONT-FAMILY: "Times New Roman" } LI.MsoNormal { FONT-SIZE: 12pt; MARGIN:
0cm 0cm 0pt; FONT-FAMILY: "Times New Roman" } DIV.MsoNormal { FONT-SIZE:
12pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman" } A:link {
COLOR: blue; TEXT-DECORATION: underline } SPAN.MsoHyperlink { COLOR:
blue; TEXT-DECORATION: underline } A:visited { COLOR: purple;
TEXT-DECORATION: underline } SPAN.MsoHyperlinkFollowed { COLOR: purple;
TEXT-DECORATION: underline } P { FONT-SIZE: 12pt; MARGIN-LEFT: 0cm;
MARGIN-RIGHT: 0cm; FONT-FAMILY: "Times New Roman"; mso-margin-top-alt:
auto; mso-margin-bottom-alt: auto } SPAN.EmailStyle17 { COLOR:
windowtext; FONT-FAMILY: Arial; mso-style-type: personal-compose }
DIV.Section1 { page: Section1 }
I have apache run as user wwwrun and as group www, postfix is run as user
postfix,
and here is the output of my /var/spool/MailScanner directory:
 
drwxr-xr-x   4 root    root     104 Sep  6  2004 .
drwxr-xr-x  13 root    root     360 Sep  6  2004 ..
drwx------   6 postfix postfix  144 Dec 11 21:44 incoming
drwxrwx---  63 postfix www     1512 Dec 11 04:15 quarantine
So for me this puts things in place:
 
chown -R postfix.www quarantine
chmod -R 0770 quarantine
 
So replace www by the group that your apache runs as, and you should be
fine.
 
Regards
John B

________________________________________________________________________________
Fra: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] På
vegne av ShaunM [MailShield]
Sendt: 11. desember 2005 23:03
Til: MAILSCANNER@JISCMAIL.AC.UK
Emne: quarantine error = permission denied

Heya guys,

 

I have a problem with mailwatch and my quarantine. No matter what I try I
can not access it. This is the output error I get when using mailwatch

 

Warning: is_file(): Stat failed for /var/spool/MailScanner/quarantine

(errno=13 - Permission denied) in
/usr/local/apache/htdocs/mailscanner/functions.php on line 925 No
quarantine directories found

 

Now as for permissions. The apache is run by nobody as its owner as shown
below. I have tried making quarantine owned by the following , nobody,
apache, mailnull anyone
of these permission settings don^Òt work either. This is what the
settings currently look like

 

root@filter1 [/etc]# ls /var/spool/MailScanner/quarantine/ -la

total 40

drwxrwx---   10 mailnull mail         4096 Dec 11 00:00 ./

drwxr-x---    5 mailnull mail         4096 Dec 11 11:04 .../

drwxrwx---    4 mailnull mail         4096 Dec  4 00:00 20051204/

drwxrwx---    4 mailnull mail         4096 Dec  5 00:00 20051205/

drwxrwx---    8 mailnull mail         4096 Dec  6 13:59 20051206/

drwxrwx---   13 mailnull mail         4096 Dec  7 11:14 20051207/

drwxrwx---    4 mailnull mail         4096 Dec  8 00:01 20051208/

drwxrwx---    9 mailnull mail         4096 Dec  9 12:56 20051209/

drwxrwx---    7 mailnull mail         4096 Dec 10 19:53 20051210/

drwxrwx---    6 mailnull mail         4096 Dec 11 00:13 20051211/

root@filter1 [/etc]#

 

This is the settings used in MailScanner.conf

 

Run As User = mailnull

Run As Group = mail

Quarantine User = mailnull

Quarantine Group = mail

 

I have tried all different variations of the above with even blank
entries in the quarantine user and quarantine group. I still can not get
this to work.

 

If anyone has any ideas that can help it would be appreciated.

 

Thanks

Shaun

 

 

 

 




-----------------------------------------------------------------------------
This message has been scanned for viruses and malicious content by
MailShield
http://www.mailshield.com.au

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From evanderleun at HAL9000.NL  Mon Dec 12 08:08:45 2005
From: evanderleun at HAL9000.NL (Erik van der Leun)
Date: Thu Jan 12 21:31:30 2006
Subject: filename rulesets
Message-ID: <mailman.17968.1137101490.24926.mailscanner@lists.mailscanner.info>

Hi,

Is it possible, with existing MailScanner setup, to define whether
certain filenames are allowed on a domain level.

filename.rules.conf does not state anything about userdefined configuration
files to be entered like MailScanner.conf does.

So, e.g.
   - allow .exe for domain 1
   - disallow .exe for other domains

Any thoughts?

Erik van der Leun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From raymond at PROLOCATION.NET  Mon Dec 12 08:14:21 2005
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:31:30 2006
Subject: filename rulesets
Message-ID: <mailman.17969.1137101490.24926.mailscanner@lists.mailscanner.info>

Hi!

> Is it possible, with existing MailScanner setup, to define whether
> certain filenames are allowed on a domain level.
>
> filename.rules.conf does not state anything about userdefined configuration
> files to be entered like MailScanner.conf does.
>
> So, e.g.
>  - allow .exe for domain 1
>  - disallow .exe for other domains
>
> Any thoughts?

Uhm you define a ruleset for each domain, so sure, why not.
Just make different ones....

filename.conf.rules:

FromOrTo:  *@truepianos.com /etc/MailScanner/filename.rules2.conf
FromOrTo:  default /etc/MailScanner/filename.rules.conf

And so on...

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Mon Dec 12 09:00:55 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:30 2006
Subject: filename rulesets
Message-ID: <mailman.17970.1137101490.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 12/12/05, Raymond Dijkxhoorn <raymond@prolocation.net> wrote:
> Hi!
>
> > Is it possible, with existing MailScanner setup, to define whether
> > certain filenames are allowed on a domain level.
> >
> > filename.rules.conf does not state anything about userdefined configuration
> > files to be entered like MailScanner.conf does.
> >
> > So, e.g.
> >  - allow .exe for domain 1
> >  - disallow .exe for other domains
> >
> > Any thoughts?
>
> Uhm you define a ruleset for each domain, so sure, why not.
> Just make different ones....
>
> filename.conf.rules:
>
> FromOrTo:  *@truepianos.com /etc/MailScanner/filename.rules2.conf
> FromOrTo:  default /etc/MailScanner/filename.rules.conf
>
> And so on...
>
> Bye,
> Raymond.
>
Take a look at http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:overloading
for an example of how to make this very ... convenient.

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From evanderleun at HAL9000.NL  Mon Dec 12 09:05:20 2005
From: evanderleun at HAL9000.NL (Erik van der Leun)
Date: Thu Jan 12 21:31:30 2006
Subject: filename rulesets
Message-ID: <mailman.17971.1137101490.24926.mailscanner@lists.mailscanner.info>

Thanks :)

I'm familiar with the option of defining own rulesets in seperate self-
defined configurationfiles. I just couldn't find whether configurationfiles
other than MailScanner.conf could handle such user-defined configurationfiles.

Sorry :)
Erik

On Mon, 12 Dec 2005, Glenn Steen wrote:

> On 12/12/05, Raymond Dijkxhoorn <raymond@prolocation.net> wrote:
>> Hi!
>>
>>> Is it possible, with existing MailScanner setup, to define whether
>>> certain filenames are allowed on a domain level.
>>>
>>> filename.rules.conf does not state anything about userdefined configuration
>>> files to be entered like MailScanner.conf does.
>>>
>>> So, e.g.
>>>  - allow .exe for domain 1
>>>  - disallow .exe for other domains
>>>
>>> Any thoughts?
>>
>> Uhm you define a ruleset for each domain, so sure, why not.
>> Just make different ones....
>>
>> filename.conf.rules:
>>
>> FromOrTo:  *@truepianos.com /etc/MailScanner/filename.rules2.conf
>> FromOrTo:  default /etc/MailScanner/filename.rules.conf
>>
>> And so on...
>>
>> Bye,
>> Raymond.
>>
> Take a look at http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:overloading
> for an example of how to make this very ... convenient.
>
> --
> -- Glenn
> email: glenn < dot > steen < at > gmail < dot > com
> work: glenn < dot > steen < at > ap1 < dot > se
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From shuttlebox at GMAIL.COM  Mon Dec 12 10:00:53 2005
From: shuttlebox at GMAIL.COM (shuttlebox)
Date: Thu Jan 12 21:31:30 2006
Subject: Solaris 10 build troubles
Message-ID: <mailman.17972.1137101490.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 12/10/05, Julian Field <MailScanner@ecs.soton.ac.uk> wrote:
      -----BEGIN PGP SIGNED MESSAGE-----
      Hash: SHA1

      Has anyone built ClamAV or SA on Solaris 10?

      I get loads of errors in /usr/include/sys/siginfo.h which I
      would cut
      and paste if I could.
      They are very basic parse errors.

      Has anyone tried this? And succeeded?


I use the Blastwave packages on a test system with Solaris 10 (Sparc) and
it works just fine. The system does not have a single patch added to it.

/etc/release: Solaris 10 3/05 s10_74L2a SPARC

/Peter
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From MailScanner at ecs.soton.ac.uk  Mon Dec 12 10:23:48 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:30 2006
Subject: Solaris 10 build troubles
Message-ID: <mailman.17973.1137101490.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 12 Dec 2005, at 10:00, shuttlebox wrote:

      On 12/10/05, Julian Field <MailScanner@ecs.soton.ac.uk>
      wrote:
            -----BEGIN PGP SIGNED MESSAGE-----
            Hash: SHA1

            Has anyone built ClamAV or SA on Solaris 10?

            I get loads of errors in
            /usr/include/sys/siginfo.h which I would cut
            and paste if I could.
            They are very basic parse errors.

            Has anyone tried this? And succeeded?


I use the Blastwave packages on a test system with Solaris 10
(Sparc) and it works just fine. The system does not have a single
patch added to it.

/etc/release: Solaris 10 3/05 s10_74L2a SPARC


It kept given a "Cannot parse" error on the line that does something like
typedef id_t ctid_t; (Those might be the wrong order, haven't written C
in a long time)
I fixed/hacked it into working with a 
#define ctid_t id_t
at the top of the file. Works fine now.

It's only a devel box anyway, no big deal. So long as MailScanner starts
up, that's about all I care.
-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


    [ Part 2, Application/PGP-SIGNATURE  498bytes. ]
    [ Unable to print this part. ]


From yossimor at HOTMAIL.COM  Mon Dec 12 13:24:49 2005
From: yossimor at HOTMAIL.COM (Yossi Mor)
Date: Thu Jan 12 21:31:30 2006
Subject: removed attachment and notification to recipients
Message-ID: <mailman.17974.1137101490.24926.mailscanner@lists.mailscanner.info>

Hello forum,

I am currently running MR 4.38-10 and i have a question regarding 
attachment removing from emails.

Is it possible that for certain removed attachments recipients will not be 
informed?

I got 2 specific .exe files that i have configured in the 
filename.rules.conf file and i do not want that emails with those 2 files 
will be delivered nor any notification will be send to the recipients.

Thanks,

Yossi Mor

BTW those attachments comes from many addresses

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Mon Dec 12 14:36:35 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:30 2006
Subject: removed attachment and notification to recipients
Message-ID: <mailman.17975.1137101490.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----

Try using "deny+delete" in filename.rules.conf and  
filetype.rules.conf. It may well help you.

On 12 Dec 2005, at 13:24, Yossi Mor wrote:

> Hello forum,
>
> I am currently running MR 4.38-10 and i have a question regarding
> attachment removing from emails.
>
> Is it possible that for certain removed attachments recipients will  
> not be
> informed?
>
> I got 2 specific .exe files that i have configured in the
> filename.rules.conf file and i do not want that emails with those 2  
> files
> will be delivered nor any notification will be send to the recipients.
>
> Thanks,
>
> Yossi Mor
>
> BTW those attachments comes from many addresses
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBQ52K9fw32o+k+q+hAQEH7wgAtoCgcxhzXC8OAt39Nh/nKZOCVEmNJVwG
a6T3Mmdn9LBj1HEanp6AEML4FI2yO40S9gmwC0IyRrUwE/XZT4nk8wMhUJxQrJ1f
1x5IaACnkk1mQJKTUTKJ3jdQ1x8gbdH6k9M+3TJ8+Z/dzd91t4I0QsjKuYZbpOdl
EVLDPtpIXY7Ma6kAPcyqrlyW0I//sZaKZ5C/5ncbRIPKO2uqxbUMDmKtutKr8wx7
2ifzXQjc+zETYSMaWYS2+jjRRz1S9Oa1ksFGLi9sjdHj6NmXINTB3UznwiyF+XRN
dkVYeQ8szZoo5q0s1zM7kVcqMzx+HD921mo17IbJeZah+wrBfME9fQ==
=OlTq
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Denis.Beauchemin at USHERBROOKE.CA  Mon Dec 12 15:06:57 2005
From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin)
Date: Thu Jan 12 21:31:30 2006
Subject: trimming the logging
Message-ID: <mailman.17976.1137101490.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Craig White wrote:

>I get LogWatch every day and because of the mail volume, it is
>punitively large.
>
>**Unmatched Entries**
> I get thousands of these types of entries (undoubtedly 1 for each email
>received)...
>
>   4D7A424F84A.3BCBB to C57F424F84B : 1 Time(s)
>
>and one of these for each email (postfix MTA - mail pulled down by
>fetchmail)
>
>**Unmatched Entries**
>
>E6D0124F84C: hold: header Received: from unknown by CryptoWall via
>esmtpp (Version 3.10.0.2.3.10.0.0) id /var/KryptoWall/smtpp/kwzNGUFt;
>Sat Dec 10 01:59:47 2005 from localhost.localdomain[127.0.0.1];
>from=<SRS0+s9+b+77+=@mail15.alevelhigher.com>
>to=<craig@localhost.azapple.com> proto=ESMTP helo=<localhost>
>
>and thus today's LogWatch was 9.1 megabytes which is painful to look at.
>
>Are there any suggestions to minimize all this?
>
>Thanks
>
>Craig
>  
>
Craig,

Logwatch is just a bunch of Perl scripts.  I have customized many to my 
liking.  MS' resides in /etc/log.d/scripts/services/mailscanner.  Most 
scripts have an "ignore this" section near the top of the main look.  
Just add some regex there to ignore your log entries or duplicate some 
code that counts your log entries.

After any modification I check the code for typos:
perl -I /etc/log.d/lib/ -c /etc/log.d/scripts/services/mailscanner

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mike at WOCO-K12.ORG  Mon Dec 12 16:10:08 2005
From: mike at WOCO-K12.ORG (Mike Wagner)
Date: Thu Jan 12 21:31:30 2006
Subject: Questions about installing MailScanner
Message-ID: <mailman.17977.1137101490.24926.mailscanner@lists.mailscanner.info>

I'm looking at adding MailScanner to our existing environment.  We have a
RH9 server, with Sendmail.  I've configured Sendmail to use authentication.
 I've also configured many aliases, and rely heavily on these types of
features of sendmail. 

If I install MailScanner, will I lose those functionalities of Sendmail?? 
Will everything I've configured still work, including authentication?

Any help is greatly appreciated.

-Mike Wagner

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From shuttlebox at GMAIL.COM  Mon Dec 12 16:26:04 2005
From: shuttlebox at GMAIL.COM (shuttlebox)
Date: Thu Jan 12 21:31:30 2006
Subject: Questions about installing MailScanner
Message-ID: <mailman.17978.1137101490.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 12/12/05, Mike Wagner <mike@woco-k12.org> wrote:
      I'm looking at adding MailScanner to our existing
      environment.  We have a
      RH9 server, with Sendmail.  I've configured Sendmail to use
      authentication.
      I've also configured many aliases, and rely heavily on these
      types of
      features of sendmail.

      If I install MailScanner, will I lose those functionalities
      of Sendmail??
      Will everything I've configured still work, including
      authentication?


MailScanner doesn't require any special MTA config, you just need to
separate the receive and delivery part by starting two Sendmail processes
instead of the standard combined one. MailScanner takes care of this by
disabling your Sendmail start script and providing its own. You should be
fine.

/Peter

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From MailScanner at ecs.soton.ac.uk  Mon Dec 12 16:34:53 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:30 2006
Subject: Questions about installing MailScanner
Message-ID: <mailman.17979.1137101490.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----

MailScanner doesn't interfere with the incoming SMTP at all. None of  
your functionality should be affected at all.
Don't worry.

On 12 Dec 2005, at 16:10, Mike Wagner wrote:
> I'm looking at adding MailScanner to our existing environment.  We  
> have a
> RH9 server, with Sendmail.  I've configured Sendmail to use  
> authentication.
>  I've also configured many aliases, and rely heavily on these types of
> features of sendmail.
>
> If I install MailScanner, will I lose those functionalities of  
> Sendmail??
> Will everything I've configured still work, including authentication?
>
> Any help is greatly appreciated.
>
> -Mike Wagner

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBQ52mr/w32o+k+q+hAQGSvwf/crIPexJ+SBau0BTfUXYYqxma9v4hFjBd
kDrbouwinGWAErpI9dM3rE8Txm6A8p1eh/eAN+6a/TyJx5kXExYbOrkJmQVoN5Hy
RiefZEXywUauuKgo3NaT2eHr/lQ97q4oYxD/sUuEyK2pBvrWXiCG+XQUK5Fbccce
eCczW1d+rzwc120kizgU9jDcrsnNei7sA3VFz0IBHdh8ZLJ9YyHQJUXPVAxjt23O
Nyc/V/66mLAgynCqERO1Xa2WL1/K1cny+71HFZjExb297sXhrqzJgyXrtArzowgJ
kZZeeXN5JpHMTUWzYzx6QI3b9vLAST3J2z6KfUg1dUydrLn5smsuuw==
=KdG4
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ugob at CAMO-ROUTE.COM  Mon Dec 12 16:39:30 2005
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:31:30 2006
Subject: Questions about installing MailScanner
Message-ID: <mailman.17980.1137101490.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Mike Wagner wrote:
> I'm looking at adding MailScanner to our existing environment.  We have a
> RH9 server, with Sendmail.  I've configured Sendmail to use authentication.
>  I've also configured many aliases, and rely heavily on these types of
> features of sendmail. 
> 
> If I install MailScanner, will I lose those functionalities of Sendmail?? 
> Will everything I've configured still work, including authentication?
> 
> Any help is greatly appreciated.
> 
> -Mike Wagner
> 

If there is nothing on this server already, I'd probably upgrade to 
CentOS 3 of 4 before installing MailScanner, to make sure you'll always 
have security updates.

Regards,

-- 
Ugo

-> Please don't send a copy of your reply by e-mail.  I read the list.
-> Please avoid top-posting, long signatures and HTML, and cut the 
irrelevant parts in your replies.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From batkins at TLCDELIVERS.COM  Mon Dec 12 16:58:28 2005
From: batkins at TLCDELIVERS.COM (Brian Atkins)
Date: Thu Jan 12 21:31:30 2006
Subject: Extra characters embedded in attachments
Message-ID: <mailman.17981.1137101490.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "windows-1252" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Greetings,

I've dug through the archives on this one, but wasn't able to come up with 
anything significant:

I have a user who has been attempting to receive a file (.mrc extension, 
Microsoft Visual Studio) from a party outside our organization. When the file is 
received via email, the file has an extra character (<) embedded part way 
through the code.

Originally, I thought it might be some version mismatch between the two 
developers apps, but when the same file was sent via ftp, it's OK. I ruled out 
the mail client by having a copy sent to me and one of my teammates, but the 
extra character is still there using Thunderbird or Eudora (multiple versions).

I think the issue is in Mailscanner because the same file was sent to an outside 
address and was received in good order. Any ideas on where to start looking? 
Perhaps a conf setting?

We're using Mailscanner 4.43.2-1 on Gentoo Linux (2.6.14.3 Kernel), and Sendmail 
  version 8.13.4.

Thanks,

Brian


"An adventure is never an adventure
when it^Òs happening. Challenging
experiences need time to ferment,
and adventure is simply physical
and emotional comfort recollected
in tranquility." - Tim Cahill
(Hold the Enlightenment - 2002)

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Mon Dec 12 18:28:22 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:30 2006
Subject: Extra characters embedded in attachments
Message-ID: <mailman.17982.1137101490.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "windows-1252" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

What happens if you gzip or zip the file and then send it?

Brian Atkins wrote:

> Greetings,
>
> I've dug through the archives on this one, but wasn't able to come up 
> with anything significant:
>
> I have a user who has been attempting to receive a file (.mrc 
> extension, Microsoft Visual Studio) from a party outside our 
> organization. When the file is received via email, the file has an 
> extra character (<) embedded part way through the code.
>
> Originally, I thought it might be some version mismatch between the 
> two developers apps, but when the same file was sent via ftp, it's OK. 
> I ruled out the mail client by having a copy sent to me and one of my 
> teammates, but the extra character is still there using Thunderbird or 
> Eudora (multiple versions).
>
> I think the issue is in Mailscanner because the same file was sent to 
> an outside address and was received in good order. Any ideas on where 
> to start looking? Perhaps a conf setting?
>
> We're using Mailscanner 4.43.2-1 on Gentoo Linux (2.6.14.3 Kernel), 
> and Sendmail  version 8.13.4.
>
> Thanks,
>
> Brian
>
>
> "An adventure is never an adventure
> when it^Òs happening. Challenging
> experiences need time to ferment,
> and adventure is simply physical
> and emotional comfort recollected
> in tranquility." - Tim Cahill
> (Hold the Enlightenment - 2002)
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!


-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Mon Dec 12 18:31:24 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:30 2006
Subject: Extra characters embedded in attachments
Message-ID: <mailman.17983.1137101490.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Brian Atkins wrote on         Mon, 12 Dec 2005 11:58:28 -0500:

> We're using Mailscanner 4.43.2-1

Well, you could upgrade (your mailscanner is half a year old or so) and do 
the same for ClamAV and other stuff that may touch this file. There#s no 
guarantee that it solves your problem, but without doing so, you'll never 
know if a newer version fixes this.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From steve.swaney at fsl.com  Mon Dec 12 16:28:35 2005
From: steve.swaney at fsl.com (Stephen Swaney)
Date: Thu Jan 12 21:31:30 2006
Subject: Questions about installing MailScanner
Message-ID: <mailman.17984.1137101490.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Mike Wagner
> Sent: Monday, December 12, 2005 11:10 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Questions about installing MailScanner
> 
> I'm looking at adding MailScanner to our existing environment.  We have a
> RH9 server, with Sendmail.  I've configured Sendmail to use
> authentication.
>  I've also configured many aliases, and rely heavily on these types of
> features of sendmail.
> 
> If I install MailScanner, will I lose those functionalities of Sendmail??
> Will everything I've configured still work, including authentication?
> 
> Any help is greatly appreciated.
> 
> -Mike Wagner

Actually it's just the opposite :)

MailScanner should use your sendmail configuration with no modifications.
Just install MailScanner and then:

chkconfig sendmail off
chkconfig MailScanner on
service MailScanner start

The only gotcha is that MailScanner assumes you sendmail configuration file
is /etc/mail/sendmail.cf. If it's different you'll need to modify
/etc/init.d/MailScanner

Steve

Stephen Swaney
Fort Systems Ltd.
stephen.swaney@fsl.com
www.fsl.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ugob at CAMO-ROUTE.COM  Tue Dec 13 02:37:12 2005
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:31:30 2006
Subject: Greylisting wiki article
Message-ID: <mailman.17985.1137101490.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi there,

A rather quick and easy to implement greylisting with a sendmail milter.

http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:greylisting:install:sendmail:milter-greylist

Comments welcome!
Regards,
-- 
Ugo

-> Please don't send a copy of your reply by e-mail.  I read the list.
-> Please avoid top-posting, long signatures and HTML, and cut the 
irrelevant parts in your replies.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From scs at uwb.edu.pl  Tue Dec 13 09:44:17 2005
From: scs at uwb.edu.pl ([iso-8859-2] Grzegorz Staleñczyk)
Date: Thu Jan 12 21:31:30 2006
Subject: MS 4.48.4 and rules rejected messages
Message-ID: <mailman.17986.1137101490.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-2" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hey!

In Maliscanner.conf I have:
Reject Message =  %rules-dir%/reject.messages.rules

In %rules-dir%/reject.messages.rules I have this rules:

From:   user@bad.domain.org            yes

And this work fine, user at bad.domain.org is rejected with report "rejection.report.txt"

But when in %rules-dir%/reject.messages.rules I try this:

From:   user@bad.domain.org     %rules-dir%/reject.bad.user
From:   1.2.3.4                 %rules-dir%/reject.bad.ip

I've this error in MS logs:

Syntax error in line 5 of ruleset file /opt/MailScanner/etc/rules/reject.messages.
rules

I file %rules-dir%/reject.bad.user I have this:

Bad user or bad domain - message rejected.

And  file %rules-dir%/reject.bad.ip I have this:

Bad ip - message rejected.


How can I modify  rules-dir%/reject.messages.rules to have different rejected messages
to different actions. It is possible?

Thank for help.

-- 
DZIAL SYSTEMOW KOMPUTEROWYCH I SIECI TELEINFORMATYCZNYCH
Uniwersytet w Bialymstoku

mgr in¿. Grzegorz Stalenczyk
e-mail: scs@uwb.edu.pl
tel. (085) 745 70 95
             

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From aslan at AEON.COM.BR  Tue Dec 13 13:23:50 2005
From: aslan at AEON.COM.BR (Aslan Carlos M. Ramos)
Date: Thu Jan 12 21:31:30 2006
Subject: SOPHOS MODULES SOPHOS-SAVI
Message-ID: <mailman.17987.1137101490.24926.mailscanner@lists.mailscanner.info>

Hi Group,

The Problem with the Perl Module for Antivirus Sophos are fixed or are
problems with the module?

Some last versions I've problems to run the MailScanner w/ Sophos-Savi
(PerlModule), I like this module because it's more fast than the line
command with sweep.

Thanks so Much.

-- 
Aslan Carlos M. Ramos
Aeon Technologies
(21) 2705 - 3139

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, "This is a digitally signed message part"  ]
    [ Application/PGP-SIGNATURE  492bytes. ]
    [ Unable to print this part. ]


From maillists at CONACTIVE.COM  Tue Dec 13 13:31:29 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:30 2006
Subject: Greylisting wiki article
Message-ID: <mailman.17988.1137101490.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Ugo Bellavance wrote on         Mon, 12 Dec 2005 21:37:12 -0500:

> Comments welcome!

Ugo, excellent article. It just works the same on Suse (8.* and 9.*) and CentOS4. I installed
the milter yesterday on a bunch of systems and it worked on all of them right from start.

I'm just a bit confused with this:
> Feel free to try using libsfp or libspf2 libraries. I successfully compiled the milter with libspf2 on a fedora core 1 server, but I can^Òt do it on this CentOS server. I^Òll eventually do more installs, so hopefully I^Òll be able to add SPF-enabled milter instructions, but the README does talk about it a little bit.

Do you refer to milter-spf or so? Or do you mean including spf2 in milter-greylist?

Your configure line:
/configure --libdir=/usr/local/include/spf2/

I used:
/configure --with-user=daemon --with-libspf2=/usr/local

I think if you don't use --with-libspf2 it won't link it in, so there's no spf whether
you tell it where the libraries are or not.

I would also recommend using the --with-user switch unless one wants to use what the milter
puts in as default.

I used HACK instead of FEATURE, works just the same.

> 8. Make a copy of your sendmail.cf and rebuild it. Then look at the .cf file to see if you have the right entries (see README) 
> 9. Create your sendmail.cf from sendmail.mc

Not clear what you want to say with that. Isn't both the same?

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From aslan at AEON.COM.BR  Tue Dec 13 13:30:31 2005
From: aslan at AEON.COM.BR (Aslan Carlos M. Ramos)
Date: Thu Jan 12 21:31:30 2006
Subject: White Spam List
Message-ID: <mailman.17989.1137101490.24926.mailscanner@lists.mailscanner.info>

Hi Group (again!),
I've configured a MailScanner with a Spam White List, I have some domain
in this list.
But my question is, if MailScanner query a SBL+XBL and found a Ip
Address to Sender there, they mark with { Spam ? } anyway, then the
domain a sender in there white list  ?

thanks so much, sorry my english it's very poor =) 

-- 
Aslan Carlos M. Ramos
Aeon Technologies
(21) 2705 - 3139

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, "This is a digitally signed message part"  ]
    [ Application/PGP-SIGNATURE  492bytes. ]
    [ Unable to print this part. ]


From ugob at CAMO-ROUTE.COM  Tue Dec 13 14:03:28 2005
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:31:31 2006
Subject: Greylisting wiki article
Message-ID: <mailman.17990.1137101490.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "windows-1252" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Kai Schaetzl wrote:
> Ugo Bellavance wrote on         Mon, 12 Dec 2005 21:37:12 -0500:
> 
>> Comments welcome!
> 
> Ugo, excellent article. It just works the same on Suse (8.* and 9.*) and CentOS4. I installed
> the milter yesterday on a bunch of systems and it worked on all of them right from start.
> 
> I'm just a bit confused with this:
>> Feel free to try using libsfp or libspf2 libraries. I successfully compiled the milter with libspf2 on a fedora core 1 server, but I can^Òt do it on this CentOS server. I^Òll eventually do more installs, so hopefully I^Òll be able to add SPF-enabled milter instructions, but the README does talk about it a little bit.
> 
> Do you refer to milter-spf or so? Or do you mean including spf2 in milter-greylist?

Compiling milter-greylist with spf support.  I'll edit that line soon.

> 
> Your configure line:
> /configure --libdir=/usr/local/include/spf2/
> 
> I used:
> /configure --with-user=daemon --with-libspf2=/usr/local
> 
> I think if you don't use --with-libspf2 it won't link it in, so there's no spf whether
> you tell it where the libraries are or not.

Ah!  Thanks for pointing this out.  That must be the reason why the 
milter didn't seem to honor SPF-compliant messages!

> 
> I would also recommend using the --with-user switch unless one wants to use what the milter
> puts in as default.

The user should run as an unprivileged user I guess?

> 
> I used HACK instead of FEATURE, works just the same.
> 

Ok,

>> 8. Make a copy of your sendmail.cf and rebuild it. Then look at the .cf file to see if you have the right entries (see README) 
>> 9. Create your sendmail.cf from sendmail.mc
> 
> Not clear what you want to say with that. Isn't both the same?

Kind of.  I'll edit that.  It was just way too late ;)

Thanks a lot Kai!
> 
> Kai
> 
-- 
Ugo

-> Please don't send a copy of your reply by e-mail.  I read the list.
-> Please avoid top-posting, long signatures and HTML, and cut the 
irrelevant parts in your replies.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Dave  Tue Dec 13 15:32:33 2005
From: Dave (Dave)
Date: Thu Jan 12 21:31:31 2006
Subject: SpamCop
Message-ID: <mailman.17991.1137101491.24926.mailscanner@lists.mailscanner.info>

Recently, I had to tell Sendmail not to use SpamCop
to block e-mail :-(  What do I need to MailScanner to rate
ScamCop tagged mail as a weight of 4?

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From michele at BLACKNIGHT.IE  Tue Dec 13 16:14:19 2005
From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:31:31 2006
Subject: SpamCop
Message-ID: <mailman.17992.1137101491.24926.mailscanner@lists.mailscanner.info>

Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem
<> said on 13 December 2005 15:33:

> Recently, I had to tell Sendmail not to use SpamCop to block e-mail
> :-(  What do I need to MailScanner to rate ScamCop tagged mail as a
> weight of 4?  

Put in a custom rule file for SA in /etc/mail/spamassassin/ or put a custom
score in your spamassassin.prefs.conf



Mr Michele Neylon
Blacknight Solutions
Hosting & Colocation, Brand Protection
http://www.blacknight.ie/
Tel. 1850 927 280
Intl. +353 (0) 59  9183072
UK: 0870 163 0607
Direct Dial: +353 (0)59 9183090
Fax. +353 (0) 59  9164239

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mkettler at EVI-INC.COM  Tue Dec 13 16:46:08 2005
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:31:31 2006
Subject: SpamCop
Message-ID: <mailman.17993.1137101491.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem wrote:
> Recently, I had to tell Sendmail not to use SpamCop
> to block e-mail :-(  What do I need to MailScanner to rate
> ScamCop tagged mail as a weight of 4?
> 

Mailscanner can't do that. If you want weighting, it's spamassassin you need to
configure.


SA by default checks spamcop using the rule RCVD_IN_BL_SPAMCOP_NET. So you just
need a score statement to over-ride this.

/etc/mail/spamassassin/local.cf:

score RCVD_IN_BL_SPAMCOP_NET 4.0

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Dave  Tue Dec 13 16:53:04 2005
From: Dave (Dave)
Date: Thu Jan 12 21:31:31 2006
Subject: SpamCop
Message-ID: <mailman.17994.1137101491.24926.mailscanner@lists.mailscanner.info>

On Tue, Dec 13, 2005 at 11:46:08AM -0500, Matt Kettler wrote:
> Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem wrote:
> > Recently, I had to tell Sendmail not to use SpamCop
> > to block e-mail :-(  What do I need to MailScanner to rate
> > ScamCop tagged mail as a weight of 4?
> > 
> 
> Mailscanner can't do that. If you want weighting, it's spamassassin you need to
> configure.
> 
> 
> SA by default checks spamcop using the rule RCVD_IN_BL_SPAMCOP_NET. So you just
> need a score statement to over-ride this.
> 
> /etc/mail/spamassassin/local.cf:
> 
> score RCVD_IN_BL_SPAMCOP_NET 4.0

Done, thank you.

> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From max at KIPNESS.COM  Tue Dec 13 17:09:41 2005
From: max at KIPNESS.COM (Max Kipness)
Date: Thu Jan 12 21:31:31 2006
Subject: Troubleshooting slow processing
Message-ID: <mailman.17995.1137101491.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

As of yesterday, processing through MailScanner has slowed to a crawl.
Nothing to my knowledge has changed on the MailScanner server in any way.

Basically it appears like MailScanner is processing fine, but then not
handing off the messages to Sendmail. There are hundreds of messages in
the Sendmail inbound queue (mqueue.in) sits at about 700 - 800 messages,
then the MailScanner will fill to 90 and sit there for the longest time,
then it will fill to about 120 and dump some messages to the sendmail
outbound queue (mqueue). Other than that the Sendmail outbound queue just
sits at zero for long periods.

I created a realtime app that tracks the message queue, and here is a
snapshot of what it basically has looked liked for hours:

Mail Queues (In order Processed)
-------------------------------
Sendmail Inbound Queue          731
MailScanner Inbound Queue:      90
Sendmail Outbound Queue:        0

CPU Load: 74

3 Second interval

Hit CTRL-C to drop to shell...

Any ideas of what the problem might be, or how to troubleshoot? Why aren't
the 90 mails just being dumped into mqueue? Based on the message log
they've been scanned.

Thanks,
Max

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From b_kiziltan at HOTMAIL.COM  Tue Dec 13 17:03:50 2005
From: b_kiziltan at HOTMAIL.COM (Bahadir Kiziltan)
Date: Thu Jan 12 21:31:31 2006
Subject: Denying attachments
Message-ID: <mailman.17996.1137101491.24926.mailscanner@lists.mailscanner.info>

Hi,

Using MailScanner version 4.47.4 with postfix, bitdefender, clamav and spam 
enabled on Fedora Core 4 box. Also monitoring and reporting via MailWatch. 
The results are incredible, at least for us.

I have a minor issue in denying files attached to mail messages. All the 
files mentioned have zip extension sized below 1KB but actually they're text 
files with the following more or less the similar content.

------
Your attachment "mailtext.zip" contained viruses:
         "W32.Sober.X@mm!zip",
         and "W32.Sober.X@mm" at location "File-packed_dataInfo.exe
It was deleted and replaced with this text file.
------

------
Your attachment "downloadm.zip" contained viruses:
         "W32.Sober.X@mm!zip",
         and "W32.Sober.X@mm" at location "File-packed_dataInfo.exe
It was deleted and replaced with this text file.
------

According to the maillog, such attachment comes to the MTA as is. Sure, not 
modified by MailScanner.

Set the directive "Minimum Attachment Size" to 1024, they are all denied 
successfully but also with the "delivered and read" confirmation messages.

What do you recommend in order to deny such file(s) more effectively?

Thanks.
Bahadir.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From lbergman at WTXS.NET  Tue Dec 13 17:22:45 2005
From: lbergman at WTXS.NET (Lewis Bergman)
Date: Thu Jan 12 21:31:31 2006
Subject: Troubleshooting slow processing
Message-ID: <mailman.17997.1137101491.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Max Kipness wrote:
> As of yesterday, processing through MailScanner has slowed to a crawl.
> Nothing to my knowledge has changed on the MailScanner server in any way.
> 
> Basically it appears like MailScanner is processing fine, but then not
> handing off the messages to Sendmail. There are hundreds of messages in
> the Sendmail inbound queue (mqueue.in) sits at about 700 - 800 messages,
> then the MailScanner will fill to 90 and sit there for the longest time,
> then it will fill to about 120 and dump some messages to the sendmail
> outbound queue (mqueue). Other than that the Sendmail outbound queue just
> sits at zero for long periods.
> 
> I created a realtime app that tracks the message queue, and here is a
> snapshot of what it basically has looked liked for hours:
> 
> Mail Queues (In order Processed)
> -------------------------------
> Sendmail Inbound Queue          731
> MailScanner Inbound Queue:      90
> Sendmail Outbound Queue:        0
> 
> CPU Load: 74
> 
> 3 Second interval
We had a problem like this a while back. It ended up to be related to 
some malformed spam the mail server received after we stopped spam 
scanning on the old mail server and moved that function to new MX 
servers. I can't remember excatly what was wrong except that all the 
messages with the issue were several days older than all the legit 
email. I used find and execed to rm to remove the old files and useage 
dropped to below 1% and mail started processing normally. Sorry I can't 
remember any more details.

-- 
Lewis Bergman
Texas Communications
4309 Maple St.
Abilene, TX 79602-8044
Off. 325-691-1301
Cell 325-439-0533
fax  325-695-6841

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Tue Dec 13 17:24:50 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:31 2006
Subject: Denying attachments
Message-ID: <mailman.17998.1137101491.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Is it your MailScanner replacing the viruses with the text files, or 
someone else's earlier in the mail path?
If it's your one doing it, then you probably just want to make sure you have
Silent Viruses = All-Viruses
so that virus-infected messages are just quietly dropped.

Bahadir Kiziltan wrote:

> Hi,
>
> Using MailScanner version 4.47.4 with postfix, bitdefender, clamav and 
> spam enabled on Fedora Core 4 box. Also monitoring and reporting via 
> MailWatch. The results are incredible, at least for us.
>
> I have a minor issue in denying files attached to mail messages. All 
> the files mentioned have zip extension sized below 1KB but actually 
> they're text files with the following more or less the similar content.
>
> ------
> Your attachment "mailtext.zip" contained viruses:
>         "W32.Sober.X@mm!zip",
>         and "W32.Sober.X@mm" at location "File-packed_dataInfo.exe
> It was deleted and replaced with this text file.
> ------
>
> ------
> Your attachment "downloadm.zip" contained viruses:
>         "W32.Sober.X@mm!zip",
>         and "W32.Sober.X@mm" at location "File-packed_dataInfo.exe
> It was deleted and replaced with this text file.
> ------
>
> According to the maillog, such attachment comes to the MTA as is. 
> Sure, not modified by MailScanner.
>
> Set the directive "Minimum Attachment Size" to 1024, they are all 
> denied successfully but also with the "delivered and read" 
> confirmation messages.
>
> What do you recommend in order to deny such file(s) more effectively?
>
> Thanks.
> Bahadir.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!


-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Tue Dec 13 17:21:55 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:31 2006
Subject: Troubleshooting slow processing
Message-ID: <mailman.17999.1137101491.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Your most likely culprit is DCC or Razor. Try disabling them  both in 
spam.assassin.prefs.conf
use_dcc 0
use_razor2 0
and then restart MailScanner and see if that helps.

Also, the newest beta release of MailScanner will let you know what is 
going on through its listing in "ps", so "ps ax | grep MailScanner" will 
tell you what all your MailScanner processes are doing.

Max Kipness wrote:

>As of yesterday, processing through MailScanner has slowed to a crawl.
>Nothing to my knowledge has changed on the MailScanner server in any way.
>
>Basically it appears like MailScanner is processing fine, but then not
>handing off the messages to Sendmail. There are hundreds of messages in
>the Sendmail inbound queue (mqueue.in) sits at about 700 - 800 messages,
>then the MailScanner will fill to 90 and sit there for the longest time,
>then it will fill to about 120 and dump some messages to the sendmail
>outbound queue (mqueue). Other than that the Sendmail outbound queue just
>sits at zero for long periods.
>
>I created a realtime app that tracks the message queue, and here is a
>snapshot of what it basically has looked liked for hours:
>
>Mail Queues (In order Processed)
>-------------------------------
>Sendmail Inbound Queue          731
>MailScanner Inbound Queue:      90
>Sendmail Outbound Queue:        0
>
>CPU Load: 74
>
>3 Second interval
>
>Hit CTRL-C to drop to shell...
>
>Any ideas of what the problem might be, or how to troubleshoot? Why aren't
>the 90 mails just being dumped into mqueue? Based on the message log
>they've been scanned.
>
>Thanks,
>Max
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>  
>

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mike at CAMAROSS.NET  Tue Dec 13 17:27:22 2005
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:31:31 2006
Subject: Troubleshooting slow processing
Message-ID: <mailman.18000.1137101491.24926.mailscanner@lists.mailscanner.info>

MailScanner mailing list <> scribbled on Tuesday, December 13, 2005 11:23
AM:

> Max Kipness wrote:
>> As of yesterday, processing through MailScanner has slowed
> to a crawl.
>> Nothing to my knowledge has changed on the MailScanner
> server in any way.
>> 
>> Basically it appears like MailScanner is processing fine,
> but then not
>> handing off the messages to Sendmail. There are hundreds of
> messages
>> in the Sendmail inbound queue (mqueue.in) sits at about 700 - 800
>> messages, then the MailScanner will fill to 90 and sit
> there for the
>> longest time, then it will fill to about 120 and dump some
> messages to
>> the sendmail outbound queue (mqueue). Other than that the Sendmail
>> outbound queue just sits at zero for long periods.
>> 
>> I created a realtime app that tracks the message queue, and
> here is a
>> snapshot of what it basically has looked liked for hours:
>> 
>> Mail Queues (In order Processed)
>> -------------------------------
>> Sendmail Inbound Queue          731
>> MailScanner Inbound Queue:      90
>> Sendmail Outbound Queue:        0
>> 
>> CPU Load: 74
>> 
>> 3 Second interval
> We had a problem like this a while back. It ended up to be
> related to some malformed spam the mail server received after
> we stopped spam scanning on the old mail server and moved
> that function to new MX servers. I can't remember excatly
> what was wrong except that all the messages with the issue
> were several days older than all the legit email. I used find
> and execed to rm to remove the old files and useage dropped
> to below 1% and mail started processing normally. Sorry I
> can't remember any more details.

I had a similar problem on one server.  It seems that MailScanner kept
processing the same messages over and over again.  These were High Scoring
Spams which MS should have deleted according to my rules.  What I ended up
doing was change the ruleset to forward the high scoring spam to /dev/null.
The problem has never come up again after that change.

Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Tue Dec 13 17:31:29 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:31 2006
Subject: Greylisting wiki article
Message-ID: <mailman.18001.1137101491.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Ugo Bellavance wrote on         Tue, 13 Dec 2005 09:03:28 -0500:

> The user should run as an unprivileged user I guess?

You don't like the daemon user? Of course, one can use user one likes. The 
milter uses smmsp or so by default and that's not available on many 
systems, at least not on mine.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From shuttlebox at GMAIL.COM  Tue Dec 13 21:30:39 2005
From: shuttlebox at GMAIL.COM (shuttlebox)
Date: Thu Jan 12 21:31:31 2006
Subject: Troubleshooting slow processing
Message-ID: <mailman.18002.1137101491.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 12/13/05, Max Kipness <max@kipness.com> wrote:
      Any ideas of what the problem might be, or how to
      troubleshoot? Why aren't
      the 90 mails just being dumped into mqueue? Based on the
      message log
      they've been scanned.


Sendmail has throttling features that might stop it receiving and/or
delivering during high load averages. You should shut down MailScanner
and Sendmail and look for zombie processes that stay alive afterwards.
I've had a few problems with DCC and Clam. Kill them if you find any. To
deliver the 90 mails that are already in the outbound queue issue
"sendmail -q" on the prompt. Add -v if you want to see the progress. Have
you thought about that having 90 outbound is not uncommon due to spammers
not receiving mail themselves. Mail therefor floats in the queue for five
days before being deleted, you should be able to see strange domain names
when using mailq if that's the case.

/Peter

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From mailscanner at ecs.soton.ac.uk  Tue Dec 13 23:37:43 2005
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:31 2006
Subject: Christmas is coming...
Message-ID: <mailman.18003.1137101491.24926.mailscanner@lists.mailscanner.info>

Subtlety never was my strong point :-)

Anyone looking for anything to buy me for Christmas may like to know  
that I have updated my Amazon.co.uk wish list. They're all nice and  
cheap, don't worry!
Thanks for all your contributions, as ever!

I hope you all have a great Christmas and a merry New Year. Best  
wishes for 2006, and I wish you all a spam- and virus-free year.

Have an extra one for the pear tree,
Best wishes,
Jules.

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From michele at BLACKNIGHT.IE  Wed Dec 14 00:00:57 2005
From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight)
Date: Thu Jan 12 21:31:31 2006
Subject: Christmas is coming...
Message-ID: <mailman.18004.1137101491.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:
> Subtlety never was my strong point :-)
> 
> Anyone looking for anything to buy me for Christmas may like to know 
> that I have updated my Amazon.co.uk wish list. They're all nice and 
> cheap, don't worry!
> Thanks for all your contributions, as ever!
> 
> I hope you all have a great Christmas and a merry New Year. Best  wishes
> for 2006, and I wish you all a spam- and virus-free year.
> 
> Have an extra one for the pear tree,
> Best wishes,
> Jules.
> 

And the dumb question of the day.... where is the wishlist?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Wed Dec 14 00:51:39 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:31 2006
Subject: Christmas is coming...
Message-ID: <mailman.18005.1137101491.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Michele Neylon :: Blacknight spake the following on 12/13/2005 4:00 PM:
> Julian Field wrote:
> 
>>Subtlety never was my strong point :-)
>>
>>Anyone looking for anything to buy me for Christmas may like to know 
>>that I have updated my Amazon.co.uk wish list. They're all nice and 
>>cheap, don't worry!
>>Thanks for all your contributions, as ever!
>>
>>I hope you all have a great Christmas and a merry New Year. Best  wishes
>>for 2006, and I wish you all a spam- and virus-free year.
>>
>>Have an extra one for the pear tree,
>>Best wishes,
>>Jules.
>>
> 
> 
> And the dumb question of the day.... where is the wishlist?
> 
http://www.amazon.co.uk/gp/registry/registry.html/203-2309423-4918345?id=1W99HT2WWW5PB


-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Wed Dec 14 00:53:20 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:31 2006
Subject: Christmas is coming...
Message-ID: <mailman.18006.1137101491.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field spake the following on 12/13/2005 3:37 PM:
> Subtlety never was my strong point :-)
> 
> Anyone looking for anything to buy me for Christmas may like to know 
> that I have updated my Amazon.co.uk wish list. They're all nice and 
> cheap, don't worry!
Except for the Mac Mini with bluetooth and 512 M ram!

> Thanks for all your contributions, as ever!
> 
> I hope you all have a great Christmas and a merry New Year. Best  wishes
> for 2006, and I wish you all a spam- and virus-free year.
> 
> Have an extra one for the pear tree,
> Best wishes,
> Jules.
> 


-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Wed Dec 14 08:58:03 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:31 2006
Subject: Christmas is coming...
Message-ID: <mailman.18007.1137101491.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----


On 14 Dec 2005, at 00:53, Scott Silva wrote:

> Julian Field spake the following on 12/13/2005 3:37 PM:
>> Subtlety never was my strong point :-)
>>
>> Anyone looking for anything to buy me for Christmas may like to know
>> that I have updated my Amazon.co.uk wish list. They're all nice and
>> cheap, don't worry!
> Except for the Mac Mini with bluetooth and 512 M ram!

That's why they call it a wish list :-)
I'm going to hold out for the next Mini with all the media centre  
stuff, then convince work they want to buy me 1...

>
>> Thanks for all your contributions, as ever!
>>
>> I hope you all have a great Christmas and a merry New Year. Best   
>> wishes
>> for 2006, and I wish you all a spam- and virus-free year.
>>
>> Have an extra one for the pear tree,
>> Best wishes,
>> Jules.
>>
>
>
> -- 
>
> /-----------------------\           |~~\_____/~~\__  |
> | MailScanner; The best |___________ \N1____====== )-+
> | protection on the net!|                   ~~~|/~~  |
> \-----------------------/                      ()
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBQ5/enfw32o+k+q+hAQHYugf/cxhNLAGij0Ak36dUz5jwZpBO94z/Sbo9
BC8ts9QhXKg0TAiJX1o94//fizpU2Dr8DZG6vz3z7CVITUrjaJT25gKW/2F9JkY8
sXX/0ZPo3s1X29gx0WQABEXDMM2yxZSdjXYDR2la7bv++qPDaXudPD2KlAt9+UdR
D0+ZVpnDkJvpGfiXWgpf/gwq6jBzbHrdeBrftAk4wDO3H5PKTlpNIadVyf5YHI/Q
tXGd4dgm5Wwo4EJY8okxPS7WVvBHug3IE1jRhn7CE8C22QrlQrk0fqJfbY3H9Hdv
bSmqRvIFEcwBXptrf9nNU1egPvXpl22i/mDlGRLkj+Tx+Mqnn8PCcg==
=2Ano
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From martinh at SOLID-STATE-LOGIC.COM  Wed Dec 14 10:11:39 2005
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:31:31 2006
Subject: SOPHOS MODULES SOPHOS-SAVI
Message-ID: <mailman.18008.1137101491.24926.mailscanner@lists.mailscanner.info>

Hi

From garry at GLENDOWN.DE  Wed Dec 14 10:24:54 2005
From: garry at GLENDOWN.DE (Garry Glendown)
Date: Thu Jan 12 21:31:31 2006
Subject: Whitelisting file types
Message-ID: <mailman.18010.1137101491.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi,

one of our customers has complained about not receiving binaries from a
certain sender domain directly, but have to click an attached link to
download the potentially dangerous file (d'uh) ... how can I define
sender/receiver domain so that no file checks are done for mails
matching those? Somehow I must be missing an appropriate function in the
mailscanner.conf ...

Tnx, -garry

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From P.G.M.Peters at UTWENTE.NL  Wed Dec 14 10:44:40 2005
From: P.G.M.Peters at UTWENTE.NL (Peter Peters)
Date: Thu Jan 12 21:31:31 2006
Subject: Feature Idea: MailScanner process name
Message-ID: <mailman.18011.1137101491.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jeff A. Earickson wrote on 8-12-2005 20:11:
> I take the contrary point of view -- I log everything for all processes
> (sendmail, MailScanner, popper, etc) into one file.  All facilities
> and loglevels from syslogd.conf point to the same file.  Yes the
> file is gigantic on my mail server (about 100 MB/day, rotated daily),
> but everything is in one place waiting for grep to reveal what I want. 
> What happened to a mail message?  Grep for the msgid and see
> both sendmail and MailScanner actions.  Want to know about a user?
> Grep for userid to see sendmail, MailScanner, and POP actions.  Easy.
> Behold the power of grep.

I even changed maillogconvert to show some mailscanner info instead of
the usual "-".

- --
Peter Peters, senior beheerder (Security)
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente,  Postbus 217,  7500 AE  Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDn/eYMbmy+DDgnIURAtMgAJ0UmQdMsfpOPXxwxKhC/x0zLIbNwQCfdE2o
mbmkRqKHHUBbXBu5juyy52w=
=6GN/
-----END PGP SIGNATURE-----

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From P.G.M.Peters at UTWENTE.NL  Wed Dec 14 11:17:08 2005
From: P.G.M.Peters at UTWENTE.NL (Peter Peters)
Date: Thu Jan 12 21:31:31 2006
Subject: MailScanner: Beta release 4.49.1 -- process name feature
Message-ID: <mailman.18012.1137101491.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Julian Field wrote on 9-12-2005 11:53:

> Download the -2 release, this should be fixed already.

The -1 version didn't start MS on my Suse SLES 4 (?). But
check_mailscanner showed a different PID eacht time I checked. I
downloaded and installed -2 and it is working now (on a test machine):

 1638 ?        Ss     0:00 MailScanner: starting children
 1639 ?        S      0:02  \_ MailScanner: waiting for messages
 1640 ?        S      0:02  \_ MailScanner: waiting for messages
 1654 ?        S      0:02  \_ MailScanner: waiting for messages
 1656 ?        S      0:02  \_ MailScanner: waiting for messages
 1658 ?        S      0:02  \_ MailScanner: waiting for messages
 1659 ?        S      0:02  \_ MailScanner: waiting for messages
 1660 ?        S      0:02  \_ MailScanner: waiting for messages
 1661 ?        S      0:02  \_ MailScanner: waiting for messages
 1662 ?        S      0:02  \_ MailScanner: waiting for messages
 1663 ?        S      0:02  \_ MailScanner: waiting for messages

Does MS keep saying "starting children" even if all children are started?

- --
Peter Peters, senior beheerder (Security)
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente,  Postbus 217,  7500 AE  Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDn/80Mbmy+DDgnIURAtuvAKD4PcqIEdNKPi9sVchitVDUhvsnKgCeJjyT
QQ98li/vob9CkO1AG2KeXUk=
=1zzp
-----END PGP SIGNATURE-----

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Wed Dec 14 11:31:22 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:31 2006
Subject: Christmas is coming...
Message-ID: <mailman.18013.1137101491.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

What about that disk? No more?

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Wed Dec 14 11:48:41 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:31 2006
Subject: Christmas is coming...
Message-ID: <mailman.18014.1137101491.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----

I was just looking for your email address so I could tell you, you  
beat me to it!

It's a 1.8" (presumably IDE) disk inside. Currently a 40Gb though  
either 60Gb or 80Gb are now available.

Thanks!

On 14 Dec 2005, at 11:31, Kai Schaetzl wrote:

> What about that disk? No more?
>
> Kai
>
> -- 
> Kai Schätzl, Berlin, Germany
> Get your web at Conactive Internet Services: http://www.conactive.com
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBQ6AGnPw32o+k+q+hAQG4KAf/bdxzPVSO2QnQ4dJ4PELhwXj7QIDeYQnp
YsZmKGdyy9SqCZhTTB9LuGOxn4GsHNXWbVTaOmTlbrO/itpS9zkBGljaQLbLtmVS
vmsOzfCS8r910Z6/RnPDxjm7Q3oYf14oBkEK0p5NuMK9f4LoGw5CY/xT9xwSHIwd
xD42iwU4VrCunJsysLzR8PEwxgZOpQZsg+vonjJralf0RWUQIOsCJt5FSCplCPib
dcb8N/knd9aSrBtDWLEGLl+aIH7NoYW+ZSTmrVP+JRWGFv0XyuSM33YQWUim9quh
zksBPXOMYc3bmRjqBtbGb2Jw5BjF37yS/Rb+ydRDceeW3h6HlEHg5Q==
=0Xlh
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Wed Dec 14 12:07:19 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:31 2006
Subject: MailScanner: Beta release 4.49.1 -- process name feature
Message-ID: <mailman.18015.1137101491.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----

On 14 Dec 2005, at 11:17, Peter Peters wrote:

> * PGP Signed by an unverified key: 12/14/05 at 11:17:08
>
> Julian Field wrote on 9-12-2005 11:53:
>
>> Download the -2 release, this should be fixed already.
>
> The -1 version didn't start MS on my Suse SLES 4 (?). But
> check_mailscanner showed a different PID eacht time I checked. I
> downloaded and installed -2 and it is working now (on a test machine):
>
>  1638 ?        Ss     0:00 MailScanner: starting children
>  1639 ?        S      0:02  \_ MailScanner: waiting for messages
>  1640 ?        S      0:02  \_ MailScanner: waiting for messages
>  1654 ?        S      0:02  \_ MailScanner: waiting for messages
>  1656 ?        S      0:02  \_ MailScanner: waiting for messages
>  1658 ?        S      0:02  \_ MailScanner: waiting for messages
>  1659 ?        S      0:02  \_ MailScanner: waiting for messages
>  1660 ?        S      0:02  \_ MailScanner: waiting for messages
>  1661 ?        S      0:02  \_ MailScanner: waiting for messages
>  1662 ?        S      0:02  \_ MailScanner: waiting for messages
>  1663 ?        S      0:02  \_ MailScanner: waiting for messages
>
> Does MS keep saying "starting children" even if all children are  
> started?

I need to take a look at this. Effectively what it's actually doing  
is waiting for children to die, I must have put the $0 in slightly  
the wrong place.
- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBQ6AK+fw32o+k+q+hAQEXCwf9HFnqOXZ7c3qw7edzGXo15dqaAdKlMk8T
ag6S0H3WpsLvTP/eeawNX5D6n+tqmdjm5V1o7QpoL37Q+7ps8iswGwbmjHOwZicf
K8CglHKNf16fcpnZlkUoaYkXGBTgsFs4SvzpnBXeOJg5gVLl3cSUABEFDUJXR8xB
W0TQ4KTyR9OSgoMXBZFGzuo012PlDw8oHTyvX14dpYrih95v9J09DQWEkMAXQhC2
PHHcKLXDkj6riO8ajAEJ1+PSeeaTUnGVJSapywOdT554CYtxRYD3V2HiHQC3Zx51
aRlUrXwWJJ28XFia1IvBx/2AEjEIKl/melCRHeWBEWnTgFCXFWtPlA==
=/Zzh
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Wed Dec 14 13:08:19 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:31 2006
Subject: MailScanner: Beta release 4.49.1 -- process name feature
Message-ID: <mailman.18016.1137101491.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Peter Peters wrote on         Wed, 14 Dec 2005 12:17:08 +0100:

> > Download the -2 release, this should be fixed already. 
>  
> The -1 version didn't start MS on my Suse SLES 4 (?).

Looking at the Suse machine it's indeed -1 that I tried to install on it. 
May try -2 now.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Wed Dec 14 13:08:20 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:31 2006
Subject: Christmas is coming...
Message-ID: <mailman.18017.1137101491.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote on         Wed, 14 Dec 2005 11:48:41 +0000:

> It's a 1.8" (presumably IDE) disk inside. Currently a 40Gb though   
> either 60Gb or 80Gb are now available.

I checked in my usual shops in Germany and the only one I can find is a 60 
GB Toshiba disk at EU 189,-- or 177,--. That's frankly a bit more than I 
wanted to spend. Don't know how it is in UK shops. I'm willing to take up 
half of that if someone else is willing to take up the other half.
Since 60 doesn't boost your space so much I'd wait for a 80 GB drive if 
you can. My offer stands for longer.
On the other side you should also be careful about heat, be it 60 or 80, 
it may add extra heat to your system. Wouldn't it be better for testing on 
various OS's and distributions to have a really fast workstation system 
with ample space, so you can run virtual machines on it instead of a 
laptop which is usally limited in some way?
Or an external drive?

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From b_kiziltan at HOTMAIL.COM  Wed Dec 14 13:22:34 2005
From: b_kiziltan at HOTMAIL.COM (Bahadir Kiziltan)
Date: Thu Jan 12 21:31:31 2006
Subject: Denying attachments
Message-ID: <mailman.18018.1137101491.24926.mailscanner@lists.mailscanner.info>

No, they're changed somehow before arriving to my MS.

"Silent Viruses" directive has already been set as you suggested.

Can MS replace the infected files with the text content?


>From: Julian Field <MailScanner@ECS.SOTON.AC.UK>
>Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
>To: MAILSCANNER@JISCMAIL.AC.UK
>Subject: Re: Denying attachments
>Date: Tue, 13 Dec 2005 17:24:50 +0000
>
>Is it your MailScanner replacing the viruses with the text files, or 
>someone else's earlier in the mail path?
>If it's your one doing it, then you probably just want to make sure you 
>have
>Silent Viruses = All-Viruses
>so that virus-infected messages are just quietly dropped.
>
>Bahadir Kiziltan wrote:
>
>>Hi,
>>
>>Using MailScanner version 4.47.4 with postfix, bitdefender, clamav and 
>>spam enabled on Fedora Core 4 box. Also monitoring and reporting via 
>>MailWatch. The results are incredible, at least for us.
>>
>>I have a minor issue in denying files attached to mail messages. All the 
>>files mentioned have zip extension sized below 1KB but actually they're 
>>text files with the following more or less the similar content.
>>
>>------
>>Your attachment "mailtext.zip" contained viruses:
>>         "W32.Sober.X@mm!zip",
>>         and "W32.Sober.X@mm" at location "File-packed_dataInfo.exe
>>It was deleted and replaced with this text file.
>>------
>>
>>------
>>Your attachment "downloadm.zip" contained viruses:
>>         "W32.Sober.X@mm!zip",
>>         and "W32.Sober.X@mm" at location "File-packed_dataInfo.exe
>>It was deleted and replaced with this text file.
>>------
>>
>>According to the maillog, such attachment comes to the MTA as is. Sure, 
>>not modified by MailScanner.
>>
>>Set the directive "Minimum Attachment Size" to 1024, they are all denied 
>>successfully but also with the "delivered and read" confirmation messages.
>>
>>What do you recommend in order to deny such file(s) more effectively?
>>
>>Thanks.
>>Bahadir.
>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>Support MailScanner development - buy the book off the website!
>
>
>--
>Julian Field
>www.MailScanner.info
>Buy the MailScanner book at www.MailScanner.info/store
>Professional Support Services at www.MailScanner.biz
>MailScanner thanks transtec Computers for their support
>
>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
>--
>This message has been scanned for viruses and
>dangerous content by MailScanner, and is
>believed to be clean.
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Wed Dec 14 13:58:33 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:31 2006
Subject: Christmas is coming...
Message-ID: <mailman.18019.1137101491.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----

On 14 Dec 2005, at 13:08, Kai Schaetzl wrote:

> Julian Field wrote on         Wed, 14 Dec 2005 11:48:41 +0000:
>
>> It's a 1.8" (presumably IDE) disk inside. Currently a 40Gb though
>> either 60Gb or 80Gb are now available.
>
> I checked in my usual shops in Germany and the only one I can find  
> is a 60
> GB Toshiba disk at EU 189,-- or 177,--. That's frankly a bit more  
> than I
> wanted to spend. Don't know how it is in UK shops. I'm willing to  
> take up
> half of that if someone else is willing to take up the other half.

That would be great, thanks.

> Since 60 doesn't boost your space so much I'd wait for a 80 GB  
> drive if
> you can. My offer stands for longer.

I think that is a very good idea. Hopefully a 80Gb will appear on the  
market soon. I will use an external USB drive until then.

> On the other side you should also be careful about heat, be it 60  
> or 80,
> it may add extra heat to your system. Wouldn't it be better for  
> testing on
> various OS's and distributions to have a really fast workstation  
> system
> with ample space, so you can run virtual machines on it instead of a
> laptop which is usally limited in some way?
> Or an external drive?

I prefer to work at home on a laptop, and that's where most of the  
MailScanner work has to happen so that I can do my day job as well.  
That way I can have a glass of brandy (or Chablis) and watch the TV  
too (though I've got TV in my office at work now too :-)
And if I  work on a laptop I can take it all with me when I go and  
hide for a week at my parents' place in Wales. It makes a lovely  
change of scenery, sit in the garden with cows looking over your  
shoulder and breathing down your neck!

>
> Kai
>
> -- 
> Kai Schätzl, Berlin, Germany
> Get your web at Conactive Internet Services: http://www.conactive.com
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBQ6AlC/w32o+k+q+hAQHkjwf/U3RZNE1jec3lZVGjclbh/QXBOthVbwh3
t/DPciCoutkiNhTRgS/cyf+ujnqPIXdk7kBUsYQH4golFuOn/SklwizfBVwoWWOq
B7jKEO3oUnTkY/MgUVh/3pQ7MVSP25SjLCSxy4+//2OKOLdPxFxLsfsoiR14wZJ3
Kb7KqYX74AS/K/bTSXojPOEQVlg15frehgfGQVEQFcvWP4oy+UIk5uDilByYJgNN
h3Y4Sk7GQHaNjNNDiHROqk6BBrLr8oFllaag7ziFRD48HEW2bn4Q4HgjNFtWs+p5
huqS3BZdqzXd8lZpvzYNBPCxMqkPRf4veAuLeyD2vvig2FffjSVHWg==
=fNI3
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From liste-mailscanner at INGESCOM.COM  Wed Dec 14 14:07:56 2005
From: liste-mailscanner at INGESCOM.COM (Sam)
Date: Thu Jan 12 21:31:31 2006
Subject: Strange scoring problem
Message-ID: <mailman.18020.1137101491.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi,

- Debian sarge stable 3.1
- mailscanner 4.41.3-2 (deb)
- spamassassin 3.0.3-1
- exim : 4.50-8

I've found strange scoring problem this night for a mail and after 
searching a little it appears to achieve several times :
For one message, it seems that it was the default score rules file that 
was used instead of the one of mailscanner for SA.

Symptom : A message was not marked as Spam. Looking at headers showing 
me this : BAYES_95 3.00
But I never used this score for BAYES_95 wich is taken from default 
spamassassin file in the /usr/share/spamassassin folder.
In /etc/MailScanner/spam.assassin.prefs.conf I defined :
score BAYES_00 -6.0
score BAYES_20 0.0
score BAYES_50 6.0
score BAYES_80 7.0
score BAYES_99 8.0

And this works well for all messages I've seen, except this one.
I've you got an idea why mailscanner used scores taken from 
/usr/share/mailscanner/50_scores.cf instead of 
/etc/MailScanner/spa.assassin.prefs.conf just for this mail ???
In syslog, I've just seen that there were two messages batch ... the 
other messages was marked with the good score.

Thanks.
Sam.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Marc.Dufresne at PARKS.ON.CA  Wed Dec 14 14:11:57 2005
From: Marc.Dufresne at PARKS.ON.CA (Marc Dufresne)
Date: Thu Jan 12 21:31:31 2006
Subject: SA-LEARN Keeps crashing at DBM.pm Line 624
Message-ID: <mailman.18021.1137101491.24926.mailscanner@lists.mailscanner.info>

FreeBSD 5.4 
Perl 5.8.7
MailScanner 4.44.6
SA3.1

Does anyone have any ideas on how to resolve this issue. Searched the
net and I can't find anything.

Over the last couple of days, when I try to run sa-learn against my
spam mailbox, I receive the following error:

sa-learn --spam --force-expire --mbox /var/mail/spammail
bayes: expire_old_tokens: Out of memory during ridiculously large
request at
/usr/local/lib/perl5/site_perl/5.8.7/Mail/SpamAssassin/BayesStore/DBM.pm
line 624.

Here are my stats for 

sa-learn --dump magic
0.000          0          3          0  non-token data: bayes db
version
0.000          0       3016          0  non-token data: nspam
0.000          0      11613          0  non-token data: nham
0.000          0     309357          0  non-token data: ntokens
0.000          0 1133683248          0  non-token data: oldest atime
0.000          0 1134569167          0  non-token data: newest atime
0.000          0          0          0  non-token data: last journal
sync atime
0.000          0 1134029107          0  non-token data: last expiry
atime
0.000          0     345600          0  non-token data: last expire
atime delta
0.000          0      90997          0  non-token data: last expire
reduction count

Any ideas????


Marc Dufresne, Corporate IT Officer
St. Lawrence Parks Commission
13740 County Road 2
Morrisburg, ON  K0C 1X0

E-mail: Marc.Dufresne@parks.on.ca
Voice: 613-543-3704  Ext#2455
Fax: 613-543-2847
Corporate website: www.parks.on.ca

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, Text/PLAIN (Name: "Marc Dufresne.vcf")  20 lines. ]
    [ Unable to print this part. ]


From glenn.steen at GMAIL.COM  Wed Dec 14 14:19:21 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:31 2006
Subject: Denying attachments
Message-ID: <mailman.18022.1137101491.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 14/12/05, Bahadir Kiziltan <b_kiziltan@hotmail.com> wrote:
> No, they're changed somehow before arriving to my MS.

As one could suspect. This means that the files are actually harmless
text files. Kind of pointless, to boot, but there it is... You're
"suffering" for someone elses dumbness:-).

> "Silent Viruses" directive has already been set as you suggested.

Since they're not viruses, this doesn't come into play.

> Can MS replace the infected files with the text content?

As said. Not really viruses;).

What you can do is either use postfix (via a body check, consult the
anti-UCE stuff at http://www.postfix.org) to drop the mails entirely,
or ... why not let SA handle them: set a huge spamscore on a rule
guaranteed to match them?

> >From: Julian Field <MailScanner@ECS.SOTON.AC.UK>
> >Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
> >To: MAILSCANNER@JISCMAIL.AC.UK
> >Subject: Re: Denying attachments
> >Date: Tue, 13 Dec 2005 17:24:50 +0000
> >
> >Is it your MailScanner replacing the viruses with the text files, or
> >someone else's earlier in the mail path?
> >If it's your one doing it, then you probably just want to make sure you
> >have
> >Silent Viruses = All-Viruses
> >so that virus-infected messages are just quietly dropped.
> >
> >Bahadir Kiziltan wrote:
> >
> >>Hi,
> >>
> >>Using MailScanner version 4.47.4 with postfix, bitdefender, clamav and
> >>spam enabled on Fedora Core 4 box. Also monitoring and reporting via
> >>MailWatch. The results are incredible, at least for us.
> >>
> >>I have a minor issue in denying files attached to mail messages. All the
> >>files mentioned have zip extension sized below 1KB but actually they're
> >>text files with the following more or less the similar content.
> >>
> >>------
> >>Your attachment "mailtext.zip" contained viruses:
> >>         "W32.Sober.X@mm!zip",
> >>         and "W32.Sober.X@mm" at location "File-packed_dataInfo.exe
> >>It was deleted and replaced with this text file.
> >>------
> >>
> >>------
> >>Your attachment "downloadm.zip" contained viruses:
> >>         "W32.Sober.X@mm!zip",
> >>         and "W32.Sober.X@mm" at location "File-packed_dataInfo.exe
> >>It was deleted and replaced with this text file.
> >>------
> >>
> >>According to the maillog, such attachment comes to the MTA as is. Sure,
> >>not modified by MailScanner.
> >>
> >>Set the directive "Minimum Attachment Size" to 1024, they are all denied
> >>successfully but also with the "delivered and read" confirmation messages.
> >>
> >>What do you recommend in order to deny such file(s) more effectively?
> >>
> >>Thanks.
> >>Bahadir.
> >>
> >>------------------------ MailScanner list ------------------------
> >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> >>'leave mailscanner' in the body of the email.
> >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >>
> >>Support MailScanner development - buy the book off the website!
> >
> >
> >--
> >Julian Field
> >www.MailScanner.info
> >Buy the MailScanner book at www.MailScanner.info/store
> >Professional Support Services at www.MailScanner.biz
> >MailScanner thanks transtec Computers for their support
> >
> >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> >
> >
> >--
> >This message has been scanned for viruses and
> >dangerous content by MailScanner, and is
> >believed to be clean.
> >
> >------------------------ MailScanner list ------------------------
> >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> >'leave mailscanner' in the body of the email.
> >Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> >Support MailScanner development - buy the book off the website!
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>


--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From liste-mailscanner at INGESCOM.COM  Wed Dec 14 15:03:54 2005
From: liste-mailscanner at INGESCOM.COM (Sam)
Date: Thu Jan 12 21:31:31 2006
Subject: Strange scoring problem
Message-ID: <mailman.18023.1137101491.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Sam a écrit :

> Hi,
> - Debian sarge stable 3.1
> - mailscanner 4.41.3-2 (deb)
> - spamassassin 3.0.3-1
> - exim : 4.50-8
> I've found strange scoring problem this night for a mail and after 
> searching a little it appears to achieve several times :
> For one message, it seems that it was the default score rules file 
> that was used instead of the one of mailscanner for SA.
> Symptom : A message was not marked as Spam. Looking at headers showing 
> me this : BAYES_95 3.00
> But I never used this score for BAYES_95 wich is taken from default 
> spamassassin file in the /usr/share/spamassassin folder.
> In /etc/MailScanner/spam.assassin.prefs.conf I defined :
> score BAYES_00 -6.0
> score BAYES_20 0.0
> score BAYES_50 6.0
> score BAYES_80 7.0
> score BAYES_99 8.0
> And this works well for all messages I've seen, except this one.
> I've you got an idea why mailscanner used scores taken from 
> /usr/share/mailscanner/50_scores.cf instead of 
> /etc/MailScanner/spa.assassin.prefs.conf just for this mail ???
> In syslog, I've just seen that there were two messages batch ... the 
> other messages was marked with the good score.
> Thanks.
> Sam.

Perharps I have to define all the scores ... if one score is not defined 
in spam.assassin.prefs.conf, it is taken from /usr/share/mailscanner ?
I thought mailscanner take the scores from spam.assassin.prefs.conf for 
calculating the unknown scores ... it doesn't appear to be that.

Sorry.
Sam.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From bpumphrey at WOODMACLAW.COM  Wed Dec 14 15:24:06 2005
From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey)
Date: Thu Jan 12 21:31:31 2006
Subject: Christmas is coming...
Message-ID: <mailman.18024.1137101491.24926.mailscanner@lists.mailscanner.info>

Snip

> I prefer to work at home on a laptop, and that's where most of the
> MailScanner work has to happen so that I can do my day job as well.
> That way I can have a glass of brandy (or Chablis) and watch the TV
> too (though I've got TV in my office at work now too :-)
> And if I  work on a laptop I can take it all with me when I go and
> hide for a week at my parents' place in Wales. It makes a lovely
> change of scenery, sit in the garden with cows looking over your
> shoulder and breathing down your neck!
> 

Snip


Wales!  A while back at the Pleasanton Scottish games in Pleasanton,
California I looked up the origin of my name = Pumphrey.  I read that it
was from Wales.  Anyway, interesting to me, but maybe not anyone here :)

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From shuttlebox at GMAIL.COM  Wed Dec 14 15:28:40 2005
From: shuttlebox at GMAIL.COM (shuttlebox)
Date: Thu Jan 12 21:31:31 2006
Subject: Strange scoring problem
Message-ID: <mailman.18025.1137101491.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 12/14/05, Sam <liste-mailscanner@ingescom.com> wrote:
      Perharps I have to define all the scores ... if one score is
      not defined
      in spam.assassin.prefs.conf, it is taken from
      /usr/share/mailscanner ?
      I thought mailscanner take the scores from
      spam.assassin.prefs.conf for
      calculating the unknown scores ... it doesn't appear to be
      that.


You're right about that. Your changes will override the default so you
need to set a score for BAYES95 as well.

/Peter

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From maillists at CONACTIVE.COM  Wed Dec 14 15:31:18 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:31 2006
Subject: Strange scoring problem
Message-ID: <mailman.18026.1137101491.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Sam wrote on         Wed, 14 Dec 2005 16:03:54 +0100:

> Perharps I have to define all the scores ... if one score is not defined 
> in spam.assassin.prefs.conf, it is taken from /usr/share/mailscanner ? 
> I thought mailscanner take the scores from spam.assassin.prefs.conf for 
> calculating the unknown scores ... it doesn't appear to be that.

Scores are taken from any *.cf file in the spamassassin config dirs, which 
are /etc/mail/spamassassin and /usr/share/spamassassin by default. Do not 
change anything in the latter, that is what comes with the distribution. I 
really suggest reading the SA documentation and subscribing to the SA list 
and may it just be for reading. If you want to tweak something it's likely 
the SA side and not MS.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Wed Dec 14 15:37:59 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:31 2006
Subject: Strange scoring problem
Message-ID: <mailman.18027.1137101491.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Sam wrote on         Wed, 14 Dec 2005 15:07:56 +0100:

> score BAYES_00 -6.0 
> score BAYES_20 0.0 
> score BAYES_50 6.0 
> score BAYES_80 7.0 
> score BAYES_99 8.0

It is strongly suggested to use custom scores that do not boost a message 
to spam alone. Frankly, BAYES_50 6.0 is bound for disaster since 50 means 
Bayes doesn't know if it is ham or spam. You are tweaking at the wrong 
end. I really suggest reading more up about SA.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From b_kiziltan at HOTMAIL.COM  Wed Dec 14 15:42:02 2005
From: b_kiziltan at HOTMAIL.COM (Bahadir Kiziltan)
Date: Thu Jan 12 21:31:31 2006
Subject: Denying attachments
Message-ID: <mailman.18028.1137101491.24926.mailscanner@lists.mailscanner.info>

Yes, I know all clean :-).

>why not let SA handle them: set a huge spamscore on a rule
>guaranteed to match them?

This is what i give it a try.

Thanks.


>From: Glenn Steen <glenn.steen@GMAIL.COM>
>Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
>To: MAILSCANNER@JISCMAIL.AC.UK
>Subject: Re: Denying attachments
>Date: Wed, 14 Dec 2005 15:19:21 +0100
>
>On 14/12/05, Bahadir Kiziltan <b_kiziltan@hotmail.com> wrote:
> > No, they're changed somehow before arriving to my MS.
>
>As one could suspect. This means that the files are actually harmless
>text files. Kind of pointless, to boot, but there it is... You're
>"suffering" for someone elses dumbness:-).
>
> > "Silent Viruses" directive has already been set as you suggested.
>
>Since they're not viruses, this doesn't come into play.
>
> > Can MS replace the infected files with the text content?
>
>As said. Not really viruses;).
>
>What you can do is either use postfix (via a body check, consult the
>anti-UCE stuff at http://www.postfix.org) to drop the mails entirely,
>or ... why not let SA handle them: set a huge spamscore on a rule
>guaranteed to match them?
>
> > >From: Julian Field <MailScanner@ECS.SOTON.AC.UK>
> > >Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
> > >To: MAILSCANNER@JISCMAIL.AC.UK
> > >Subject: Re: Denying attachments
> > >Date: Tue, 13 Dec 2005 17:24:50 +0000
> > >
> > >Is it your MailScanner replacing the viruses with the text files, or
> > >someone else's earlier in the mail path?
> > >If it's your one doing it, then you probably just want to make sure you
> > >have
> > >Silent Viruses = All-Viruses
> > >so that virus-infected messages are just quietly dropped.
> > >
> > >Bahadir Kiziltan wrote:
> > >
> > >>Hi,
> > >>
> > >>Using MailScanner version 4.47.4 with postfix, bitdefender, clamav and
> > >>spam enabled on Fedora Core 4 box. Also monitoring and reporting via
> > >>MailWatch. The results are incredible, at least for us.
> > >>
> > >>I have a minor issue in denying files attached to mail messages. All 
>the
> > >>files mentioned have zip extension sized below 1KB but actually 
>they're
> > >>text files with the following more or less the similar content.
> > >>
> > >>------
> > >>Your attachment "mailtext.zip" contained viruses:
> > >>         "W32.Sober.X@mm!zip",
> > >>         and "W32.Sober.X@mm" at location "File-packed_dataInfo.exe
> > >>It was deleted and replaced with this text file.
> > >>------
> > >>
> > >>------
> > >>Your attachment "downloadm.zip" contained viruses:
> > >>         "W32.Sober.X@mm!zip",
> > >>         and "W32.Sober.X@mm" at location "File-packed_dataInfo.exe
> > >>It was deleted and replaced with this text file.
> > >>------
> > >>
> > >>According to the maillog, such attachment comes to the MTA as is. 
>Sure,
> > >>not modified by MailScanner.
> > >>
> > >>Set the directive "Minimum Attachment Size" to 1024, they are all 
>denied
> > >>successfully but also with the "delivered and read" confirmation 
>messages.
> > >>
> > >>What do you recommend in order to deny such file(s) more effectively?
> > >>
> > >>Thanks.
> > >>Bahadir.
> > >>
> > >>------------------------ MailScanner list ------------------------
> > >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> > >>'leave mailscanner' in the body of the email.
> > >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> > >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> > >>
> > >>Support MailScanner development - buy the book off the website!
> > >
> > >
> > >--
> > >Julian Field
> > >www.MailScanner.info
> > >Buy the MailScanner book at www.MailScanner.info/store
> > >Professional Support Services at www.MailScanner.biz
> > >MailScanner thanks transtec Computers for their support
> > >
> > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> > >
> > >
> > >--
> > >This message has been scanned for viruses and
> > >dangerous content by MailScanner, and is
> > >believed to be clean.
> > >
> > >------------------------ MailScanner list ------------------------
> > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> > >'leave mailscanner' in the body of the email.
> > >Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> > >
> > >Support MailScanner development - buy the book off the website!
> >
> > ------------------------ MailScanner list ------------------------
> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> > Support MailScanner development - buy the book off the website!
> >
>
>
>--
>-- Glenn
>email: glenn < dot > steen < at > gmail < dot > com
>work: glenn < dot > steen < at > ap1 < dot > se
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From liste-mailscanner at INGESCOM.COM  Wed Dec 14 16:03:29 2005
From: liste-mailscanner at INGESCOM.COM (Sam)
Date: Thu Jan 12 21:31:31 2006
Subject: Strange scoring problem
Message-ID: <mailman.18029.1137101491.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Kai Schaetzl a écrit :

>Sam wrote on         Wed, 14 Dec 2005 15:07:56 +0100:
>  
>
>>score BAYES_00 -6.0 
>>score BAYES_20 0.0 
>>score BAYES_50 6.0 
>>score BAYES_80 7.0 
>>score BAYES_99 8.0
>>    
>>
>It is strongly suggested to use custom scores that do not boost a message 
>to spam alone. Frankly, BAYES_50 6.0 is bound for disaster since 50 means 
>Bayes doesn't know if it is ham or spam. You are tweaking at the wrong 
>end. I really suggest reading more up about SA.
>
>Kai
>  
>
Thanks a lot for your answer,

I've tried to custom this scores beacause they gave good result for the 
moment.
Our office in France only receive french email.
A few french email have some line with english legal notices ... that's all

For a few weeks with 500/800 messages per days I only got 1 message 
marked as spam by error.
more than 90 % of spams are marked as BAYES_99 (that's why I did not 
notice the BAYES_95 error before)

But I'm just newbie with mailscanner/SA ... so I will be carefull with 
what I do custom.

Thanks for your help.
Sam.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From liste-mailscanner at INGESCOM.COM  Wed Dec 14 16:06:17 2005
From: liste-mailscanner at INGESCOM.COM (Sam)
Date: Thu Jan 12 21:31:31 2006
Subject: Strange scoring problem
Message-ID: <mailman.18030.1137101491.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

shuttlebox a écrit :

> On 12/14/05, *Sam* <liste-mailscanner@ingescom.com 
> <mailto:liste-mailscanner@ingescom.com>> wrote:
>
>     Perharps I have to define all the scores ... if one score is not
>     defined
>     in spam.assassin.prefs.conf, it is taken from /usr/share/mailscanner ?
>     I thought mailscanner take the scores from
>     spam.assassin.prefs.conf for
>     calculating the unknown scores ... it doesn't appear to be that.
>
>
> You're right about that. Your changes will override the default so you 
> need to set a score for BAYES95 as well.
> /Peter


Ok, I'm going to change this one too.
As told by KS, I know that I have to do it carefully.

Thanks.
Sam.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Wed Dec 14 15:54:11 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:31 2006
Subject: Whitelisting file types
Message-ID: <mailman.18031.1137101491.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Garry Glendown spake the following on 12/14/2005 2:24 AM:
> Hi,
> 
> one of our customers has complained about not receiving binaries from a
> certain sender domain directly, but have to click an attached link to
> download the potentially dangerous file (d'uh) ... how can I define
> sender/receiver domain so that no file checks are done for mails
> matching those? Somehow I must be missing an appropriate function in the
> mailscanner.conf ...
> 
> Tnx, -garry
> 
http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:overloading

A good place to start!

-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From shuttlebox at GMAIL.COM  Wed Dec 14 16:18:29 2005
From: shuttlebox at GMAIL.COM (shuttlebox)
Date: Thu Jan 12 21:31:31 2006
Subject: Strange scoring problem
Message-ID: <mailman.18032.1137101491.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 12/14/05, Sam <liste-mailscanner@ingescom.com> wrote:
      I've tried to custom this scores beacause they gave good
      result for the
      moment.
      Our office in France only receive french email.
      A few french email have some line with english legal notices
      ... that's all

      For a few weeks with 500/800 messages per days I only got 1
      message
      marked as spam by error.
      more than 90 % of spams are marked as BAYES_99 (that's why I
      did not
      notice the BAYES_95 error before)


It's important that you know what the name of the rule means. The two
digits marks the probability of the mail being spam. That's why BAYES_50
should have a score of 0, because it can't be determined if it's spam or
ham. If you look at the original scores below that is very obvious (the
4th column of scores is the one you should look at).

score BAYES_00 0.0001 0.0001 -2.312 -2.599
score BAYES_05 0.0001 0.0001 -1.110 -1.110
score BAYES_20 0.0001 0.0001 -0.740 -0.740
score BAYES_40 0.0001 0.0001 -0.185 -0.185
score BAYES_50 0.0001 0.0001 0.001 0.001
score BAYES_60 0.0001 0.0001 1.0 1.0
score BAYES_80 0.0001 0.0001 2.0 2.0
score BAYES_95 0.0001 0.0001 3.0 3.0
score BAYES_99 0.0001 0.0001 3.5 3.5

Make sure you use the SURBL-rules, they are by far my best spam catchers.

/Peter
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From ssilva at SGVWATER.COM  Wed Dec 14 15:59:41 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:31 2006
Subject: SA-LEARN Keeps crashing at DBM.pm Line 624
Message-ID: <mailman.18033.1137101491.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Marc Dufresne spake the following on 12/14/2005 6:11 AM:
> FreeBSD 5.4 
> Perl 5.8.7
> MailScanner 4.44.6
> SA3.1
> 
> Does anyone have any ideas on how to resolve this issue. Searched the
> net and I can't find anything.
> 
> Over the last couple of days, when I try to run sa-learn against my
> spam mailbox, I receive the following error:
> 
> sa-learn --spam --force-expire --mbox /var/mail/spammail
> bayes: expire_old_tokens: Out of memory during ridiculously large
> request at
> /usr/local/lib/perl5/site_perl/5.8.7/Mail/SpamAssassin/BayesStore/DBM.pm
> line 624.
> 
> Here are my stats for 
> 
> sa-learn --dump magic
> 0.000          0          3          0  non-token data: bayes db
> version
> 0.000          0       3016          0  non-token data: nspam
> 0.000          0      11613          0  non-token data: nham
> 0.000          0     309357          0  non-token data: ntokens
> 0.000          0 1133683248          0  non-token data: oldest atime
> 0.000          0 1134569167          0  non-token data: newest atime
> 0.000          0          0          0  non-token data: last journal
> sync atime
> 0.000          0 1134029107          0  non-token data: last expiry
> atime
> 0.000          0     345600          0  non-token data: last expire
> atime delta
> 0.000          0      90997          0  non-token data: last expire
> reduction count
> 
> Any ideas????
Try and not run the --force-expire and the learn -ham in the same
command. Run them separately instead.
sa-learn --force-expire
sa-learn --spam --mbox /var/mail/spammail

-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From rpoe at PLATTESHERIFF.ORG  Wed Dec 14 16:38:27 2005
From: rpoe at PLATTESHERIFF.ORG (Rob Poe)
Date: Thu Jan 12 21:31:31 2006
Subject: Question - milter-sender
Message-ID: <mailman.18034.1137101491.24926.mailscanner@lists.mailscanner.info>

Does anyone use this?  How useful is it?  

If it's useful / someone has more of a clue than me, any good pointers on a howto for installation on RHEL/CentOS/Fedora?

I'm lost :)  Thanks

Rob



----------------------------------------------------------------------------
CONFIDENTIALITY NOTICE
This e-mail message and all documents that accompany it are intended only
for the use of the individual or entity to which addressed, and may contain
information that is privileged, confidential or exempt from disclosure under
applicable law. If the reader is not the intended recipient, any disclosure,
distribution or other use of this e-mail message is prohibited. If you have
received this e-mail message in error, please notify the sender immediately.
Thank you.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From liste-mailscanner at INGESCOM.COM  Wed Dec 14 16:44:01 2005
From: liste-mailscanner at INGESCOM.COM (Sam)
Date: Thu Jan 12 21:31:31 2006
Subject: Strange scoring problem
Message-ID: <mailman.18035.1137101491.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

shuttlebox a écrit :

> It's important that you know what the name of the rule means. The two 
> digits marks the probability of the mail being spam. That's why 
> BAYES_50 should have a score of 0, because it can't be determined if 
> it's spam or ham. If you look at the original scores below that is 
> very obvious (the 4th column of scores is the one you should look at).
> score BAYES_00 0.0001 0.0001 -2.312 -2.599
> score BAYES_05 0.0001 0.0001 -1.110 -1.110
> score BAYES_20 0.0001 0.0001 -0.740 -0.740
> score BAYES_40 0.0001 0.0001 -0.185 -0.185
> score BAYES_50 0.0001 0.0001 0.001 0.001
> score BAYES_60 0.0001 0.0001 1.0 1.0
> score BAYES_80 0.0001 0.0001 2.0 2.0
> score BAYES_95 0.0001 0.0001 3.0 3.0
> score BAYES_99 0.0001 0.0001 3.5 3.5
>
> Make sure you use the SURBL-rules, they are by far my best spam catchers.


Ok, I anderstand and I'm going to follow what you're saying.

Thanks.
Sam.

P.S
I'm on the spamassassin mailing-liste now ;-)

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mike at CAMAROSS.NET  Wed Dec 14 16:50:36 2005
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:31:31 2006
Subject: Question - milter-sender
Message-ID: <mailman.18036.1137101491.24926.mailscanner@lists.mailscanner.info>

 

> -----Original Message-----
> From: MailScanner mailing list 
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rob Poe
> Sent: Wednesday, December 14, 2005 10:38 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Question - milter-sender
> 
> Does anyone use this?  How useful is it?  
> 
> If it's useful / someone has more of a clue than me, any good 
> pointers on a howto for installation on RHEL/CentOS/Fedora?
> 
> I'm lost :)  Thanks
> 
> Rob
> 

I use it on all of my sendmail servers and couldn't imagine life without it!
Installation is very straightforward...just read the docs.

Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Wed Dec 14 18:10:48 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:31 2006
Subject: Whitelisting file types
Message-ID: <mailman.18037.1137101491.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have had a suggestion for a new feature, for the filename and 
filetype.rules.conf controls.
A simple ruleset (normal one) that lists regexps for filenames to be 
allowed, and one for filenames to be banned.
Both of these would be read (in allowed then denied order) before the 
filename.rules.conf file, together with a possibly ruleset controlling it.
The same would be done for filetype.rules.conf as well.

So you would have a
Allowed Filenames = %rules-dir%/allowed.filenames.rules
Denied Filenames = %rules-dir%/denied.filenames.rules
and the same for Filetypes.

This should be fairly easy to implement and will make most configuration 
of this feature an enormous amount easier.

What do people think?

May happen this weekend, if not before.

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQA/AwUBQ6BgKRH2WUcUFbZUEQJsQwCg5+QVaA8H2jatr3BL60QRZ6zoqJkAoKFM
z+7b2/IkBevrT3Lq1JNRs8tJ
=tggb
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Wed Dec 14 18:31:20 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:31 2006
Subject: Strange scoring problem
Message-ID: <mailman.18038.1137101491.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Sam wrote on         Wed, 14 Dec 2005 17:03:29 +0100:

> more than 90 % of spams are marked as BAYES_99 (that's why I did not 
> notice the BAYES_95 error before)

Anyway, a value of 4 should be enough to boost it over the 5 threshold 
since surely a few other rules (specifically URI) will hit as well. That's 
the whole idea of scoring: don't categorize with just one rule.
If you get some mail in where BAYES can't say if it is spammy or not it 
will assign 50 and it gets filed as spam. Depending on what you do with 
spam it may just be a nuisance or you may be really sorry because it got 
deleted ;-)
Besides the sa-talk list there's also a great wiki at 
wiki.spamassassin.org where you can find a lot of tips.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Denis.Beauchemin at USHERBROOKE.CA  Wed Dec 14 18:38:56 2005
From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin)
Date: Thu Jan 12 21:31:31 2006
Subject: Whitelisting file types
Message-ID: <mailman.18039.1137101491.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>I have had a suggestion for a new feature, for the filename and 
>filetype.rules.conf controls.
>A simple ruleset (normal one) that lists regexps for filenames to be 
>allowed, and one for filenames to be banned.
>Both of these would be read (in allowed then denied order) before the 
>filename.rules.conf file, together with a possibly ruleset controlling it.
>The same would be done for filetype.rules.conf as well.
>
>So you would have a
>Allowed Filenames = %rules-dir%/allowed.filenames.rules
>Denied Filenames = %rules-dir%/denied.filenames.rules
>and the same for Filetypes.
>
>This should be fairly easy to implement and will make most configuration 
>of this feature an enormous amount easier.
>
>What do people think?
>
>  
>

Julian,

I don't think I would use it (I'm happy with filename.rules.conf as it 
is now), but I don't mind as long as it doesn't confuse people.  
Wouldn't this make people wonder about where to put allow/deny rules?

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Wed Dec 14 18:53:25 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:31 2006
Subject: Whitelisting file types
Message-ID: <mailman.18040.1137101491.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Denis Beauchemin wrote:

> Julian Field wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> I have had a suggestion for a new feature, for the filename and 
>> filetype.rules.conf controls.
>> A simple ruleset (normal one) that lists regexps for filenames to be 
>> allowed, and one for filenames to be banned.
>> Both of these would be read (in allowed then denied order) before the 
>> filename.rules.conf file, together with a possibly ruleset 
>> controlling it.
>> The same would be done for filetype.rules.conf as well.
>>
>> So you would have a
>> Allowed Filenames = %rules-dir%/allowed.filenames.rules
>> Denied Filenames = %rules-dir%/denied.filenames.rules
>> and the same for Filetypes.
>>
>> This should be fairly easy to implement and will make most 
>> configuration of this feature an enormous amount easier.
>>
>> What do people think?
>>
>>  
>>
>
> Julian,
>
> I don't think I would use it (I'm happy with filename.rules.conf as it 
> is now), but I don't mind as long as it doesn't confuse people.  
> Wouldn't this make people wonder about where to put allow/deny rules?

It would just be in addition to what there is now. It would make it a 
lot easier to configure (partic via web interface) as there would be 
straightforward rulesets to configure allowed+denied filenames and 
filetypes. It's basically for that market. The existing stuff would be 
parsed as it is now.

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQA/AwUBQ6BqJhH2WUcUFbZUEQJ2+wCggUYLkeaa6DmenKypkqblqgssdYMAn23Z
Gn6vIAbFNLZe85On5E7x9Ttj
=hsOs
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Wed Dec 14 18:58:58 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:31 2006
Subject: Christmas is coming...
Message-ID: <mailman.18041.1137101491.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Kai Schaetzl wrote:

>Julian Field wrote on         Wed, 14 Dec 2005 13:58:33 +0000:
>
>  
>
>>>Since 60 doesn't boost your space so much I'd wait for a 80 GB   
>>>drive if 
>>>you can. My offer stands for longer. 
>>>      
>>>
>> 
>>I think that is a very good idea. Hopefully a 80Gb will appear on the   
>>market soon. I will use an external USB drive until then.
>>    
>>
>
>Ok, come back to me whenever you like. We will then need to work something 
>out in terms of payment. If I paid in full I thought I just order it in a 
>UK shop with CC and let it ship to you. But if two or more people pay it 
>that gets more complicated, but I'm sure we can work something out.
>  
>
I'm sure Paypal can come to the rescue. If no-one turns up to pay the 
other half, I'll pay the 2nd half myself (or bill it to work).

Any idea when an 80Gb 1.8" might arrive? I haven't seen anything about 
this in quite a long time.

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQA/AwUBQ6BrcxH2WUcUFbZUEQKxhgCguMMw5O8lTJqAIlU6j4GHV26stJMAn2aF
J55Duei29rPIDPffOG2/vyX1
=jEXc
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Marc.Dufresne at PARKS.ON.CA  Wed Dec 14 19:03:36 2005
From: Marc.Dufresne at PARKS.ON.CA (Marc Dufresne)
Date: Thu Jan 12 21:31:31 2006
Subject: SA-LEARN Keeps crashing at DBM.pm Line 624
Message-ID: <mailman.18042.1137101491.24926.mailscanner@lists.mailscanner.info>

I have done that and it still crashes. 

I found a link that inidcates its a Perl
bug(http://minaret.biz/tips/perl.html). 

Should I apply this patch eventhough I installed MailScanner with
InsallClamSA?

I don't have a sv.c file on the system, and I never patched Perl before
and don't know if I should. 

If I should, someone will have to show me how!!





Marc Dufresne, Corporate IT Officer
St. Lawrence Parks Commission
13740 County Road 2
Morrisburg, ON  K0C 1X0

E-mail: Marc.Dufresne@parks.on.ca
Voice: 613-543-3704  Ext#2455
Fax: 613-543-2847
Corporate website: www.parks.on.ca

>>> ssilva@SGVWATER.COM 12/14/2005 10:59 AM >>>
Marc Dufresne spake the following on 12/14/2005 6:11 AM:
> FreeBSD 5.4 
> Perl 5.8.7
> MailScanner 4.44.6
> SA3.1
> 
> Does anyone have any ideas on how to resolve this issue. Searched
the
> net and I can't find anything.
> 
> Over the last couple of days, when I try to run sa-learn against my
> spam mailbox, I receive the following error:
> 
> sa-learn --spam --force-expire --mbox /var/mail/spammail
> bayes: expire_old_tokens: Out of memory during ridiculously large
> request at
>
/usr/local/lib/perl5/site_perl/5.8.7/Mail/SpamAssassin/BayesStore/DBM.pm
> line 624.
> 
> Here are my stats for 
> 
> sa-learn --dump magic
> 0.000          0          3          0  non-token data: bayes db
> version
> 0.000          0       3016          0  non-token data: nspam
> 0.000          0      11613          0  non-token data: nham
> 0.000          0     309357          0  non-token data: ntokens
> 0.000          0 1133683248          0  non-token data: oldest atime
> 0.000          0 1134569167          0  non-token data: newest atime
> 0.000          0          0          0  non-token data: last journal
> sync atime
> 0.000          0 1134029107          0  non-token data: last expiry
> atime
> 0.000          0     345600          0  non-token data: last expire
> atime delta
> 0.000          0      90997          0  non-token data: last expire
> reduction count
> 
> Any ideas????
Try and not run the --force-expire and the learn -ham in the same
command. Run them separately instead.
sa-learn --force-expire
sa-learn --spam --mbox /var/mail/spammail

-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, Text/PLAIN (Name: "Marc Dufresne.vcf")  20 lines. ]
    [ Unable to print this part. ]


From Kevin_Miller at CI.JUNEAU.AK.US  Wed Dec 14 19:19:03 2005
From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller)
Date: Thu Jan 12 21:31:31 2006
Subject: Whitelisting file types
Message-ID: <mailman.18043.1137101491.24926.mailscanner@lists.mailscanner.info>

Julian Field wrote:

> It would just be in addition to what there is now. It would make it a
> lot easier to configure (partic via web interface) as there would be
> straightforward rulesets to configure allowed+denied filenames and
> filetypes. It's basically for that market. The existing stuff would be
> parsed as it is now.

So, just to be clear, it wouldn't focus on extensions like the current
filename rules do now, but would rather be a place where one could add
in a specific full file name like 'FileFromCorporateHQ.exe' where you
could whitelist an otherwise banned file? (Or block otherwise allowed
files.)

I take it that the file wouldn't restrict entries to a regex - i.e.,
mere mortals could enter a vanilla filename and it would be dealt with
appropriately?

I think that would be a handy feature for receiving program updates from
venders and such.  Nobody seems to know how to use ftp anymore.  Sigh...

...Kevin
-- 
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Wed Dec 14 19:25:02 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:31 2006
Subject: SA-LEARN Keeps crashing at DBM.pm Line 624
Message-ID: <mailman.18044.1137101491.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

You are going to have to download and recompile a new copy of Perl from 
scratch. I wonder why other people haven't hit this?

Marc Dufresne wrote:

>I have done that and it still crashes. 
>
>I found a link that inidcates its a Perl
>bug(http://minaret.biz/tips/perl.html). 
>
>Should I apply this patch eventhough I installed MailScanner with
>InsallClamSA?
>
>I don't have a sv.c file on the system, and I never patched Perl before
>and don't know if I should. 
>
>If I should, someone will have to show me how!!
>
>
>
>
>
>Marc Dufresne, Corporate IT Officer
>St. Lawrence Parks Commission
>13740 County Road 2
>Morrisburg, ON  K0C 1X0
>
>E-mail: Marc.Dufresne@parks.on.ca
>Voice: 613-543-3704  Ext#2455
>Fax: 613-543-2847
>Corporate website: www.parks.on.ca
>
>  
>
>>>>ssilva@SGVWATER.COM 12/14/2005 10:59 AM >>>
>>>>        
>>>>
>Marc Dufresne spake the following on 12/14/2005 6:11 AM:
>  
>
>>FreeBSD 5.4 
>>Perl 5.8.7
>>MailScanner 4.44.6
>>SA3.1
>>
>>Does anyone have any ideas on how to resolve this issue. Searched
>>    
>>
>the
>  
>
>>net and I can't find anything.
>>
>>Over the last couple of days, when I try to run sa-learn against my
>>spam mailbox, I receive the following error:
>>
>>sa-learn --spam --force-expire --mbox /var/mail/spammail
>>bayes: expire_old_tokens: Out of memory during ridiculously large
>>request at
>>
>>    
>>
>/usr/local/lib/perl5/site_perl/5.8.7/Mail/SpamAssassin/BayesStore/DBM.pm
>  
>
>>line 624.
>>
>>Here are my stats for 
>>
>>sa-learn --dump magic
>>0.000          0          3          0  non-token data: bayes db
>>version
>>0.000          0       3016          0  non-token data: nspam
>>0.000          0      11613          0  non-token data: nham
>>0.000          0     309357          0  non-token data: ntokens
>>0.000          0 1133683248          0  non-token data: oldest atime
>>0.000          0 1134569167          0  non-token data: newest atime
>>0.000          0          0          0  non-token data: last journal
>>sync atime
>>0.000          0 1134029107          0  non-token data: last expiry
>>atime
>>0.000          0     345600          0  non-token data: last expire
>>atime delta
>>0.000          0      90997          0  non-token data: last expire
>>reduction count
>>
>>Any ideas????
>>    
>>
>Try and not run the --force-expire and the learn -ham in the same
>command. Run them separately instead.
>sa-learn --force-expire
>sa-learn --spam --mbox /var/mail/spammail
>
>  
>
>------------------------------------------------------------------------
>
>BEGIN:VCARD
>VERSION:2.1
>X-GWTYPE:USER
>FN:Marc Dufresne
>TEL;WORK:613-543-3704
>ORG:;Information Technology
>TEL;PREF;FAX:613-543-2847
>EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca
>N:Dufresne;Marc
>TITLE:Corporate IT Officer
>END:VCARD
>
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>  
>

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQA/AwUBQ6BxjxH2WUcUFbZUEQKi/ACgrw91UpBePsCTcJAzX2FTl18cx+YAoOVn
390dtRkMSugKzfFNhNF6a1uA
=ZpCY
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jkf at ecs.soton.ac.uk  Wed Dec 14 19:31:22 2005
From: jkf at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:31 2006
Subject: Whitelisting file types
Message-ID: <mailman.18045.1137101491.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Kevin Miller wrote:

>Julian Field wrote:
>
>  
>
>>It would just be in addition to what there is now. It would make it a
>>lot easier to configure (partic via web interface) as there would be
>>straightforward rulesets to configure allowed+denied filenames and
>>filetypes. It's basically for that market. The existing stuff would be
>>parsed as it is now.
>>    
>>
>
>So, just to be clear, it wouldn't focus on extensions like the current
>filename rules do now, but would rather be a place where one could add
>in a specific full file name like 'FileFromCorporateHQ.exe' where you
>could whitelist an otherwise banned file? (Or block otherwise allowed
>files.)
>  
>
It would be regexps, so you could put in anything.

>I take it that the file wouldn't restrict entries to a regex - i.e.,
>mere mortals could enter a vanilla filename and it would be dealt with
>appropriately?
>  
>
A valid filename is more or less a valid regexp anyway (bar the "."s)

>I think that would be a handy feature for receiving program updates from
>venders and such.  Nobody seems to know how to use ftp anymore.  Sigh...
>
>...Kevin
>  
>

- -- 
Julian Field                Teaching Systems Manager
jkf@ecs.soton.ac.uk         Electronics & Computer Science
Tel. 023 8059 2817          University of Southampton
                            Southampton SO17 1BJ


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQA/AwUBQ6BzChH2WUcUFbZUEQK+VwCffUA0TWIyZaP9D/zqnajTnP+k1RgAoPni
fjg82hSdSW37oBsJgFIDsaUg
=mjTM
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Marc.Dufresne at PARKS.ON.CA  Wed Dec 14 21:13:52 2005
From: Marc.Dufresne at PARKS.ON.CA (Marc Dufresne)
Date: Thu Jan 12 21:31:31 2006
Subject: SA-LEARN Keeps crashing at DBM.pm Line 624
Message-ID: <mailman.18046.1137101491.24926.mailscanner@lists.mailscanner.info>

Since I'm running FreeBSD 5.4 what's the simplest and most efficient way
of recompiling Perl-5.8.7?

I'm asking this since Perl integrates with so many services. I wnat to
make sure its done correctly.




Marc Dufresne, Corporate IT Officer
St. Lawrence Parks Commission
13740 County Road 2
Morrisburg, ON  K0C 1X0

E-mail: Marc.Dufresne@parks.on.ca
Voice: 613-543-3704  Ext#2455
Fax: 613-543-2847
Corporate website: www.parks.on.ca

>>> MailScanner@ECS.SOTON.AC.UK 12/14/2005 2:25 PM >>>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

You are going to have to download and recompile a new copy of Perl from

scratch. I wonder why other people haven't hit this?

Marc Dufresne wrote:

>I have done that and it still crashes. 
>
>I found a link that inidcates its a Perl
>bug(http://minaret.biz/tips/perl.html). 
>
>Should I apply this patch eventhough I installed MailScanner with
>InsallClamSA?
>
>I don't have a sv.c file on the system, and I never patched Perl
before
>and don't know if I should. 
>
>If I should, someone will have to show me how!!
>
>
>
>
>
>Marc Dufresne, Corporate IT Officer
>St. Lawrence Parks Commission
>13740 County Road 2
>Morrisburg, ON  K0C 1X0
>
>E-mail: Marc.Dufresne@parks.on.ca 
>Voice: 613-543-3704  Ext#2455
>Fax: 613-543-2847
>Corporate website: www.parks.on.ca 
>
>  
>
>>>>ssilva@SGVWATER.COM 12/14/2005 10:59 AM >>>
>>>>        
>>>>
>Marc Dufresne spake the following on 12/14/2005 6:11 AM:
>  
>
>>FreeBSD 5.4 
>>Perl 5.8.7
>>MailScanner 4.44.6
>>SA3.1
>>
>>Does anyone have any ideas on how to resolve this issue. Searched
>>    
>>
>the
>  
>
>>net and I can't find anything.
>>
>>Over the last couple of days, when I try to run sa-learn against my
>>spam mailbox, I receive the following error:
>>
>>sa-learn --spam --force-expire --mbox /var/mail/spammail
>>bayes: expire_old_tokens: Out of memory during ridiculously large
>>request at
>>
>>    
>>
>/usr/local/lib/perl5/site_perl/5.8.7/Mail/SpamAssassin/BayesStore/DBM.pm
>  
>
>>line 624.
>>
>>Here are my stats for 
>>
>>sa-learn --dump magic
>>0.000          0          3          0  non-token data: bayes db
>>version
>>0.000          0       3016          0  non-token data: nspam
>>0.000          0      11613          0  non-token data: nham
>>0.000          0     309357          0  non-token data: ntokens
>>0.000          0 1133683248          0  non-token data: oldest atime
>>0.000          0 1134569167          0  non-token data: newest atime
>>0.000          0          0          0  non-token data: last journal
>>sync atime
>>0.000          0 1134029107          0  non-token data: last expiry
>>atime
>>0.000          0     345600          0  non-token data: last expire
>>atime delta
>>0.000          0      90997          0  non-token data: last expire
>>reduction count
>>
>>Any ideas????
>>    
>>
>Try and not run the --force-expire and the learn -ham in the same
>command. Run them separately instead.
>sa-learn --force-expire
>sa-learn --spam --mbox /var/mail/spammail
>
>  
>
>------------------------------------------------------------------------
>
>BEGIN:VCARD
>VERSION:2.1
>X-GWTYPE:USER
>FN:Marc Dufresne
>TEL;WORK:613-543-3704
>ORG:;Information Technology
>TEL;PREF;FAX:613-543-2847
>EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca 
>N:Dufresne;Marc
>TITLE:Corporate IT Officer
>END:VCARD
>
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>  
>

- -- 
Julian Field
www.MailScanner.info 
Buy the MailScanner book at www.MailScanner.info/store 
Professional Support Services at www.MailScanner.biz 
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQA/AwUBQ6BxjxH2WUcUFbZUEQKi/ACgrw91UpBePsCTcJAzX2FTl18cx+YAoOVn
390dtRkMSugKzfFNhNF6a1uA
=ZpCY
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, Text/PLAIN (Name: "Marc Dufresne.vcf")  20 lines. ]
    [ Unable to print this part. ]


From liste-mailscanner at INGESCOM.COM  Wed Dec 14 21:20:49 2005
From: liste-mailscanner at INGESCOM.COM (Sam)
Date: Thu Jan 12 21:31:31 2006
Subject: Strange scoring problem
Message-ID: <mailman.18047.1137101491.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-15" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Kai Schaetzl a écrit :
> Sam wrote on         Wed, 14 Dec 2005 17:03:29 +0100:
>>more than 90 % of spams are marked as BAYES_99 (that's why I did not 
>>notice the BAYES_95 error before)
> 
> Anyway, a value of 4 should be enough to boost it over the 5 threshold 
> since surely a few other rules (specifically URI) will hit as well. That's 
> the whole idea of scoring: don't categorize with just one rule.
> If you get some mail in where BAYES can't say if it is spammy or not it 
> will assign 50 and it gets filed as spam. Depending on what you do with 
> spam it may just be a nuisance or you may be really sorry because it got 
> deleted ;-)
> Besides the sa-talk list there's also a great wiki at 
> wiki.spamassassin.org where you can find a lot of tips.
> Kai

In fact, because of libnet-perl-dns missing on my sarge, all the rbl 
wasn't activated that's why I nedded to custom score rules.
But now RBL are activated, I better understand what you explain me.
A Lot of spam are marked with RBL ... good.

Just one last question about pyzor (& razor & dcc) :

As the fact it works on the hash of mail ... can I consider that if a 
mail is marked as pyzor-positive I can surely drop it ???

Thanks.
Sam.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Wed Dec 14 22:53:40 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:31 2006
Subject: SA-LEARN Keeps crashing at DBM.pm Line 624
Message-ID: <mailman.18048.1137101491.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Marc Dufresne wrote on         Wed, 14 Dec 2005 16:13:52 -0500:

> Since I'm running FreeBSD 5.4 what's the simplest and most efficient way 
> of recompiling Perl-5.8.7?

I wouldn't do it, it can fail. Did you try Scott's suggestion?

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Wed Dec 14 22:53:40 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:31 2006
Subject: Strange scoring problem
Message-ID: <mailman.18049.1137101491.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Sam wrote on         Wed, 14 Dec 2005 22:20:49 +0100:

> As the fact it works on the hash of mail ... can I consider that if a 
> mail is marked as pyzor-positive I can surely drop it ???

I'm not using any of these. I can only speculate that they *can* be wrong, 
so "dropping" might not be the right thing. Just leave them at the default 
scoring.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Wed Dec 14 23:32:35 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:31 2006
Subject: SA-LEARN Keeps crashing at DBM.pm Line 624
Message-ID: <mailman.18050.1137101491.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Kai Schaetzl spake the following on 12/14/2005 2:53 PM:
> Marc Dufresne wrote on         Wed, 14 Dec 2005 16:13:52 -0500:
> 
> 
>>Since I'm running FreeBSD 5.4 what's the simplest and most efficient way 
>>of recompiling Perl-5.8.7?
> 
> 
> I wouldn't do it, it can fail. Did you try Scott's suggestion?
> 
> Kai
> 
Freebsd 5.4 at one time had perl 5.8.6. I haven't had the time to play
with the BSD's, but maybe you can go back a version.
Many FreeBSD guru's  float around this list. Maybe something will show
up tomorrow as many are probably home for the evening.


-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Marc.Dufresne at PARKS.ON.CA  Thu Dec 15 03:25:05 2005
From: Marc.Dufresne at PARKS.ON.CA (Marc Dufresne)
Date: Thu Jan 12 21:31:31 2006
Subject: SA-LEARN Keeps crashing at DBM.pm Line 624
Message-ID: <mailman.18051.1137101491.24926.mailscanner@lists.mailscanner.info>

Your correct about Perl 5.8.6. That's when I first encountered the
error. Couldn't find any solution to fix my problem, so in order to
resolve my issue and to keep my ports on FreeBSD current, I installed
Portmanager. 

Portmanager upgraded Perl to 5.8.7. In order for my apps to see the new
version of Perl, I had to run 

perl-after-upgrade 
perl-after-upgrade -f 

This utility tells all apps where the new Perl is.

Even after the upgrade and everything was working perfectly, I ran
sa-learn again. I still received the same error.




Marc Dufresne, Corporate IT Officer
St. Lawrence Parks Commission
13740 County Road 2
Morrisburg, ON  K0C 1X0

E-mail: Marc.Dufresne@parks.on.ca
Voice: 613-543-3704  Ext#2455
Fax: 613-543-2847
Corporate website: www.parks.on.ca

>>> ssilva@SGVWATER.COM 12/14/2005 6:32 pm >>>
Kai Schaetzl spake the following on 12/14/2005 2:53 PM:
> Marc Dufresne wrote on         Wed, 14 Dec 2005 16:13:52 -0500:
> 
> 
>>Since I'm running FreeBSD 5.4 what's the simplest and most efficient
way 
>>of recompiling Perl-5.8.7?
> 
> 
> I wouldn't do it, it can fail. Did you try Scott's suggestion?
> 
> Kai
> 
Freebsd 5.4 at one time had perl 5.8.6. I haven't had the time to play
with the BSD's, but maybe you can go back a version.
Many FreeBSD guru's  float around this list. Maybe something will show
up tomorrow as many are probably home for the evening.


-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, Text/PLAIN (Name: "Marc Dufresne.vcf")  20 lines. ]
    [ Unable to print this part. ]


From P.G.M.Peters at utwente.nl  Thu Dec 15 11:03:28 2005
From: P.G.M.Peters at utwente.nl (Peter Peters)
Date: Thu Jan 12 21:31:31 2006
Subject: MailScanner: Beta release 4.49.1 -- process name feature
Message-ID: <mailman.18052.1137101491.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Peter Peters wrote on 14-12-2005 12:17:

> The -1 version didn't start MS on my Suse SLES 4 (?). But
> check_mailscanner showed a different PID eacht time I checked. I
> downloaded and installed -2 and it is working now (on a test machine):

I have a problem with the -2. /etc/init.d/MailScanner stop does not stop
 MailScanner.

check_mailscanner does show the correct PID's but they doesn't seem to
get killed.

I made a small change to /etc/init.d/MailScanner:

- --- /home/mailadmin/MailScanner 2005-12-15 12:01:56.371429671 +0100
+++ /etc/init.d/MailScanner     2005-12-15 12:00:22.756980166 +0100
@@ -152,7 +152,7 @@
           killproc -p $srvoutpid -TERM $SENDMAIL
          rc_status
        fi
- -       killproc -p $mspid -TERM /usr/bin/MailScanner
+       killproc -p $mspid -TERM MailScanner
         rc_status -v
         # Clear out all the old pid files
         rm -f $mspid

- --
Peter Peters, senior beheerder (Security)
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente,  Postbus 217,  7500 AE  Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDoU1wMbmy+DDgnIURAs5WAKDVt+/dvSIgYGhFvD9Wlzd4xsItvQCgqrgT
ropOeJ+zz0aHE1hnQu2bpGQ=
=LaT/
-----END PGP SIGNATURE-----


From P.G.M.Peters at UTWENTE.NL  Thu Dec 15 11:03:28 2005
From: P.G.M.Peters at UTWENTE.NL (Peter Peters)
Date: Thu Jan 12 21:31:31 2006
Subject: MailScanner: Beta release 4.49.1 -- process name feature
Message-ID: <mailman.18053.1137101491.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Peter Peters wrote on 14-12-2005 12:17:

> The -1 version didn't start MS on my Suse SLES 4 (?). But
> check_mailscanner showed a different PID eacht time I checked. I
> downloaded and installed -2 and it is working now (on a test machine):

I have a problem with the -2. /etc/init.d/MailScanner stop does not stop
 MailScanner.

check_mailscanner does show the correct PID's but they doesn't seem to
get killed.

I made a small change to /etc/init.d/MailScanner:

- --- /home/mailadmin/MailScanner 2005-12-15 12:01:56.371429671 +0100
+++ /etc/init.d/MailScanner     2005-12-15 12:00:22.756980166 +0100
@@ -152,7 +152,7 @@
           killproc -p $srvoutpid -TERM $SENDMAIL
          rc_status
        fi
- -       killproc -p $mspid -TERM /usr/bin/MailScanner
+       killproc -p $mspid -TERM MailScanner
         rc_status -v
         # Clear out all the old pid files
         rm -f $mspid

- --
Peter Peters, senior beheerder (Security)
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente,  Postbus 217,  7500 AE  Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDoU1wMbmy+DDgnIURAs5WAKDVt+/dvSIgYGhFvD9Wlzd4xsItvQCgqrgT
ropOeJ+zz0aHE1hnQu2bpGQ=
=LaT/
-----END PGP SIGNATURE-----

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From martinh at SOLID-STATE-LOGIC.COM  Thu Dec 15 10:47:46 2005
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:31:31 2006
Subject: SA-LEARN Keeps crashing at DBM.pm Line 624
Message-ID: <mailman.18054.1137101491.24926.mailscanner@lists.mailscanner.info>

Marc

Try asking on the sa-users list......or the freebsd-questions list

--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Marc Dufresne
> Sent: 14 December 2005 14:12
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: [MAILSCANNER] SA-LEARN Keeps crashing at DBM.pm Line 624
> 
> FreeBSD 5.4
> Perl 5.8.7
> MailScanner 4.44.6
> SA3.1
> 
> Does anyone have any ideas on how to resolve this issue. Searched the
> net and I can't find anything.
> 
> Over the last couple of days, when I try to run sa-learn against my
> spam mailbox, I receive the following error:
> 
> sa-learn --spam --force-expire --mbox /var/mail/spammail
> bayes: expire_old_tokens: Out of memory during ridiculously large
> request at
> /usr/local/lib/perl5/site_perl/5.8.7/Mail/SpamAssassin/BayesStore/DBM.pm
> line 624.
> 
> Here are my stats for
> 
> sa-learn --dump magic
> 0.000          0          3          0  non-token data: bayes db
> version
> 0.000          0       3016          0  non-token data: nspam
> 0.000          0      11613          0  non-token data: nham
> 0.000          0     309357          0  non-token data: ntokens
> 0.000          0 1133683248          0  non-token data: oldest atime
> 0.000          0 1134569167          0  non-token data: newest atime
> 0.000          0          0          0  non-token data: last journal
> sync atime
> 0.000          0 1134029107          0  non-token data: last expiry
> atime
> 0.000          0     345600          0  non-token data: last expire
> atime delta
> 0.000          0      90997          0  non-token data: last expire
> reduction count
> 
> Any ideas????
> 
> 
> Marc Dufresne, Corporate IT Officer
> St. Lawrence Parks Commission
> 13740 County Road 2
> Morrisburg, ON  K0C 1X0
> 
> E-mail: Marc.Dufresne@parks.on.ca
> Voice: 613-543-3704  Ext#2455
> Fax: 613-543-2847
> Corporate website: www.parks.on.ca
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Marc.Dufresne at PARKS.ON.CA  Thu Dec 15 13:28:38 2005
From: Marc.Dufresne at PARKS.ON.CA (Marc Dufresne)
Date: Thu Jan 12 21:31:31 2006
Subject: SA-LEARN Keeps crashing at DBM.pm Line 624
Message-ID: <mailman.18055.1137101491.24926.mailscanner@lists.mailscanner.info>

Will do.


Marc Dufresne, Corporate IT Officer
St. Lawrence Parks Commission
13740 County Road 2
Morrisburg, ON  K0C 1X0

E-mail: Marc.Dufresne@parks.on.ca
Voice: 613-543-3704  Ext#2455
Fax: 613-543-2847
Corporate website: www.parks.on.ca

>>> martinh@SOLID-STATE-LOGIC.COM 12/15/2005 5:47 AM >>>
Marc

Try asking on the sa-users list......or the freebsd-questions list

--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]
On
> Behalf Of Marc Dufresne
> Sent: 14 December 2005 14:12
> To: MAILSCANNER@JISCMAIL.AC.UK 
> Subject: [MAILSCANNER] SA-LEARN Keeps crashing at DBM.pm Line 624
> 
> FreeBSD 5.4
> Perl 5.8.7
> MailScanner 4.44.6
> SA3.1
> 
> Does anyone have any ideas on how to resolve this issue. Searched
the
> net and I can't find anything.
> 
> Over the last couple of days, when I try to run sa-learn against my
> spam mailbox, I receive the following error:
> 
> sa-learn --spam --force-expire --mbox /var/mail/spammail
> bayes: expire_old_tokens: Out of memory during ridiculously large
> request at
>
/usr/local/lib/perl5/site_perl/5.8.7/Mail/SpamAssassin/BayesStore/DBM.pm
> line 624.
> 
> Here are my stats for
> 
> sa-learn --dump magic
> 0.000          0          3          0  non-token data: bayes db
> version
> 0.000          0       3016          0  non-token data: nspam
> 0.000          0      11613          0  non-token data: nham
> 0.000          0     309357          0  non-token data: ntokens
> 0.000          0 1133683248          0  non-token data: oldest atime
> 0.000          0 1134569167          0  non-token data: newest atime
> 0.000          0          0          0  non-token data: last journal
> sync atime
> 0.000          0 1134029107          0  non-token data: last expiry
> atime
> 0.000          0     345600          0  non-token data: last expire
> atime delta
> 0.000          0      90997          0  non-token data: last expire
> reduction count
> 
> Any ideas????
> 
> 
> Marc Dufresne, Corporate IT Officer
> St. Lawrence Parks Commission
> 13740 County Road 2
> Morrisburg, ON  K0C 1X0
> 
> E-mail: Marc.Dufresne@parks.on.ca 
> Voice: 613-543-3704  Ext#2455
> Fax: 613-543-2847
> Corporate website: www.parks.on.ca 
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be
clean.	

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, Text/PLAIN (Name: "Marc Dufresne.vcf")  20 lines. ]
    [ Unable to print this part. ]


From P.G.M.Peters at UTWENTE.NL  Thu Dec 15 14:54:54 2005
From: P.G.M.Peters at UTWENTE.NL (Peter Peters)
Date: Thu Jan 12 21:31:31 2006
Subject: feature request: proxy
Message-ID: <mailman.18056.1137101491.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I am working on installing a new set of mailservers. Only connections in
and out on port 25 will be allowed. So no possibility to get firus
signatures except via the proxy. Now I need to add the proxy
configuration to all autoupdate scripts.

Can this be a configuration in MailScanner.conf?
So MS can download the phishing whitelist via the proxy too.

Too bad clamav needs the proxy in its own comfiguration (so it claims).

- --
Peter Peters, senior beheerder (Security)
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente,  Postbus 217,  7500 AE  Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDoYO+Mbmy+DDgnIURAvJGAJ93fy/Vx4z867dX61IRKtbNnPH2ZwCaAhOE
vEQTyimkXiXrTZmFB1XbuGI=
=O8IB
-----END PGP SIGNATURE-----

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Thu Dec 15 15:09:59 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:31 2006
Subject: feature request: proxy
Message-ID: <mailman.18057.1137101491.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----


On 15 Dec 2005, at 14:54, Peter Peters wrote:

> * PGP Signed by an unverified key: 12/15/05 at 14:54:54
>
> I am working on installing a new set of mailservers. Only  
> connections in
> and out on port 25 will be allowed. So no possibility to get firus
> signatures except via the proxy. Now I need to add the proxy
> configuration to all autoupdate scripts.
>
> Can this be a configuration in MailScanner.conf?

How should I do this?

> So MS can download the phishing whitelist via the proxy too.

The script that downloads the phishing whitelist (and merges in all  
your changes) is very simple. Take a look at it and you'll see how to  
modify it to use a proxy. Feel free to post a modified version  
including proxy support.

>
> Too bad clamav needs the proxy in its own comfiguration (so it  
> claims).
>
> --
> Peter Peters, senior beheerder (Security)
> Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
> Universiteit Twente,  Postbus 217,  7500 AE  Enschede
> telefoon: 053 - 489 2301, fax: 053 - 489 2383, http:// 
> www.utwente.nl/itbe
>
> * P.G.M. Peters <P.G.M.Peters@utwente.nl>
> * 0x30E09C85 - Unverified (L)
>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBQ6GHS/w32o+k+q+hAQHYpwf/Utcj37UXdcfqQ2dwEkOD/Y4N6tCzj01Y
hEvGXKRQrI/8BH2hqlrSUMny7PeYQBvBtRHu86MBN596mSwbU9Uhx18u7+rEfmcs
NvN422bR3f3I6Uptr4jGmMhIe1ZL0v/uYii5nwR7Rk/uJm9KYlslDw209SJ64RJR
L7dF8deNSrssLnXPt/nQYB6BtE9uEFOisVw+p/14vSKf4GlKX4s/QVORYKJXJK/H
hY5BwcKp2TI0DwGNWKbpXuCccNDgFSiPEx5IX/gYxMj9RjeB/0IV05iwKcJy5fJj
cNoT6T31oSGLW1Oa92kMMj8bajWV7b+YzvaiwcMP6n8iK8agl/sBtQ==
=cZHX
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From carl.andrews at CRACKERBARREL.COM  Thu Dec 15 15:15:08 2005
From: carl.andrews at CRACKERBARREL.COM (Carl Andrews)
Date: Thu Jan 12 21:31:32 2006
Subject: MailScanner in "Sys Admin" Magazine
Message-ID: <mailman.18058.1137101491.24926.mailscanner@lists.mailscanner.info>

Thought you might all be interested. I got my January 2006 (Volume 15
Number 1) issue of Sys Admin yesterday and there is an article about
"Phishing Solutions - by Chris Brenton" on Pages 14-18. If you get your
hands on a copy of the magazine you might want to read this article,
MailScanner is the favored solution.

http://www.samag.com/current/

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From P.G.M.Peters at UTWENTE.NL  Thu Dec 15 15:27:01 2005
From: P.G.M.Peters at UTWENTE.NL (Peter Peters)
Date: Thu Jan 12 21:31:32 2006
Subject: feature request: proxy
Message-ID: <mailman.18059.1137101492.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Julian Field wrote on 15-12-2005 16:09:

>>>I am working on installing a new set of mailservers. Only  
>>>connections in
>>>and out on port 25 will be allowed. So no possibility to get firus
>>>signatures except via the proxy. Now I need to add the proxy
>>>configuration to all autoupdate scripts.
>>>
>>>Can this be a configuration in MailScanner.conf?
> 
> How should I do this?

/usr/sbin/update_virus_scanners calls the autoupdate scripts using
configuration parameters in /etc/MailScanner/virus.scanners.conf.
Perhaps update_virus_scanners could check for proxy information in that
file and pass it on to the autoupdate scripts.

>>>So MS can download the phishing whitelist via the proxy too.
> 
> The script that downloads the phishing whitelist (and merges in all  
> your changes) is very simple. Take a look at it and you'll see how to  
> modify it to use a proxy. Feel free to post a modified version  
> including proxy support.

I see the phishing script uses wget. That is already configured to use
the proxy because I had to do that for downloading MS itself.

- --
Peter Peters, senior beheerder (Security)
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente,  Postbus 217,  7500 AE  Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDoYtFMbmy+DDgnIURAoIQAJ44XL7RAuBD+ly1iA2gkbJRmBOOnwCg71uV
00UB6/7WWKMK2XGDaw/rJPc=
=qvS5
-----END PGP SIGNATURE-----

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From t.d.lee at DURHAM.AC.UK  Thu Dec 15 15:43:18 2005
From: t.d.lee at DURHAM.AC.UK (David Lee)
Date: Thu Jan 12 21:31:32 2006
Subject: feature request: proxy
Message-ID: <mailman.18060.1137101492.24926.mailscanner@lists.mailscanner.info>

On Thu, 15 Dec 2005, Julian Field wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
>
>
> On 15 Dec 2005, at 14:54, Peter Peters wrote:
>
> > * PGP Signed by an unverified key: 12/15/05 at 14:54:54
> >
> > I am working on installing a new set of mailservers. Only
> > connections in
> > and out on port 25 will be allowed. So no possibility to get firus
> > signatures except via the proxy. Now I need to add the proxy
> > configuration to all autoupdate scripts.
> >
> > Can this be a configuration in MailScanner.conf?
>
> How should I do this?
>
> > So MS can download the phishing whitelist via the proxy too.
>
> The script that downloads the phishing whitelist (and merges in all
> your changes) is very simple. Take a look at it and you'll see how to
> modify it to use a proxy. Feel free to post a modified version
> including proxy support.

Julian: A couple of months ago you and I chatted about the possibility of
using an RBL-like mechanism for dynamic lookup of the whitelist. I still
have the test domain running for this (with data as of around October
10th) at:
   whitephish.mailscanner.dur.ac.uk

(This would allow (a) fast updates (b) better access from email machines
behind firewalls not now needing outbound www/ftp access.)

Are you still interested in pursuing this?


-- 

:  David Lee                                I.T. Service          :
:  Senior Systems Programmer                Computer Centre       :
:                                           Durham University     :
:  http://www.dur.ac.uk/t.d.lee/            South Road            :
:                                           Durham DH1 3LE        :
:  Phone: +44 191 334 2752                  U.K.                  :

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jkf at ecs.soton.ac.uk  Thu Dec 15 17:04:35 2005
From: jkf at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:32 2006
Subject: MailScanner in "Sys Admin" Magazine
Message-ID: <mailman.18061.1137101492.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----

Any chance someone could scan it and mail me a PDF please?
The salary survey would be interesting to read too :-)

Thanks guys.

On 15 Dec 2005, at 15:15, Carl Andrews wrote:

> Thought you might all be interested. I got my January 2006 (Volume 15
> Number 1) issue of Sys Admin yesterday and there is an article about
> "Phishing Solutions - by Chris Brenton" on Pages 14-18. If you get  
> your
> hands on a copy of the magazine you might want to read this article,
> MailScanner is the favored solution.
>
> http://www.samag.com/current/
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!

- -- 
Julian Field
jkf@ecs.soton.ac.uk
Teaching Systems Manager
Electronics & Computer Science
University of Southampton
SO17 1BJ, UK


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBQ6GiJfw32o+k+q+hAQGOQAf+Kt/nadL11w7qaz7iVehp14mUfBTZMvAh
XcKpKg57zge29JIJsh34QKjPbGudhAC8xTK+YFouogwN4W1sdpMi9yYz2T4bxHjT
pCQzl4CKZsg642RDgtLxH28L568LDjTeSD+qjJ71zSA6wawswFmsoA7GBgh8TzkY
Ky777a0V58xuob9YvlZXFzlDzUui/fwFFvI1j9BWSSx+dW8e9TvLxRXP22aAxOd/
QVolFtC343honKXVWfkMwPCqwKkCerG+QlRR6zm0K6hs5DGkxudRMAFK6ueMqMTa
EPZkntXBKNY5jctfj6Alz3sLfVDFwYwlOOD42HePFvTRVwK5MuehiQ==
=31pF
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Kevin_Miller at CI.JUNEAU.AK.US  Thu Dec 15 17:52:50 2005
From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller)
Date: Thu Jan 12 21:31:32 2006
Subject: MailScanner in "Sys Admin" Magazine
Message-ID: <mailman.18062.1137101492.24926.mailscanner@lists.mailscanner.info>

Julian Field wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> Any chance someone could scan it and mail me a PDF please?
> The salary survey would be interesting to read too :-)
> 

It might be neat if you were able to get permission from SysAdmin
magazine to post the article on the MailScanner web site.  Free
advertising for them, and a nice plug for MailScanner...


...Kevin
-- 
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From phachey at CITY.CORNWALL.ON.CA  Thu Dec 15 17:52:49 2005
From: phachey at CITY.CORNWALL.ON.CA (Philip Hachey)
Date: Thu Jan 12 21:31:32 2006
Subject: Problem with ALL_TRUSTED since 4.48
Message-ID: <mailman.18063.1137101492.24926.mailscanner@lists.mailscanner.info>

Prior to upgrading to 4.48, I would never get an ALL_TRUSTED in the spam
reports of received message because I had the line "trusted_networks
<ip-of-local-host-interface>" in spam.assassin.prefs.conf.

Now, I get ALL_TRUSTED falsely subtracting from the spam score of all sorts
of messages (but not every message).

I have gone so far as to enter the following three lines in BOTH
/etc/mail/spamassassin/local.cf AND
/etc/MailScanner/spam.assassin.prefs.conf (which is linked to by
/etc/mail/spamassassin/mailscanner.cf):

clear_trusted_networks
trusted_networks <ip-of-local-host-interface>
score ALL_TRUSTED 0

But I still get ALL_TRUSTED cropping up with a score of -1.80.  It's not
consistent, however, and I can't see anything of noteworthy difference
between those that have it and those that don't -- they're all coming from
outside of our network.

Our logs, which go back months, indicate zero ALL_TRUSTED triggers before
the 4.48 upgrade, and thousands since.  Is anyone else noticing this?  Would
the change of how MailScanner calls SA have any impact on this?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mkettler at EVI-INC.COM  Thu Dec 15 18:19:00 2005
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:31:32 2006
Subject: Problem with ALL_TRUSTED since 4.48
Message-ID: <mailman.18064.1137101492.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Philip Hachey wrote:
> Prior to upgrading to 4.48, I would never get an ALL_TRUSTED in the spam
> reports of received message because I had the line "trusted_networks
> <ip-of-local-host-interface>" in spam.assassin.prefs.conf.
> 
> Now, I get ALL_TRUSTED falsely subtracting from the spam score of all sorts
> of messages (but not every message).
> 
> I have gone so far as to enter the following three lines in BOTH
> /etc/mail/spamassassin/local.cf AND
> /etc/MailScanner/spam.assassin.prefs.conf (which is linked to by
> /etc/mail/spamassassin/mailscanner.cf):
> 
> clear_trusted_networks
> trusted_networks <ip-of-local-host-interface>
> score ALL_TRUSTED 0
> 
> But I still get ALL_TRUSTED cropping up with a score of -1.80. 


At that point, I'd resort to running spamassassin --lint and make sure SA is
actually able to make sense of your config files.

If that doesn't help, try adding -D and see what "site rules dir" SA is using
and make sure it's /etc/mail/spamassassassin.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mauriciopcavalcanti at HOTMAIL.COM  Thu Dec 15 18:36:19 2005
From: mauriciopcavalcanti at HOTMAIL.COM (Mauricio Portilho Cavalcanti)
Date: Thu Jan 12 21:31:32 2006
Subject: 2 e-mail in white or blacklist
Message-ID: <mailman.18065.1137101492.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi,
1) I made a web interface to insert and remove e-mails in white/blacklist.
If someone puts de same e-mail twice, I think MS will treat as
white/blacklist and no problem.

From: fulano@domain.com.br yes
From: fulano@domain.com.br yes

Am I right?

2) If I put @domain,com.br (",") in white/blacklist... how MS will treat
this?

Thanks in advance,
Mauricio. 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Thu Dec 15 18:55:17 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:32 2006
Subject: 2 e-mail in white or blacklist
Message-ID: <mailman.18066.1137101492.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mauricio Portilho Cavalcanti wrote:

>Hi,
>1) I made a web interface to insert and remove e-mails in white/blacklist.
>If someone puts de same e-mail twice, I think MS will treat as
>white/blacklist and no problem.
>
>From: fulano@domain.com.br yes
>From: fulano@domain.com.br yes
>
>Am I right?
>  
>
Yes, that shouldn't cause any problem, but it will slow things down as 
the ruleset is bigger than necessary.

>2) If I put @domain,com.br (",") in white/blacklist... how MS will treat
>this?
>  
>
It won't match domain.com.br, it will end up being effectively ignored 
as , will never appear in an address.

>Thanks in advance,
>Mauricio. 
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>  
>

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQA/AwUBQ6G8FhH2WUcUFbZUEQIOTACfYR991YaxRiNRbkIA+M3avMSgBnsAn0Yu
KTtLUE+pRolP1GmAmHHL025Y
=vI61
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From liste-mailscanner at INGESCOM.COM  Thu Dec 15 18:56:38 2005
From: liste-mailscanner at INGESCOM.COM (Sam)
Date: Thu Jan 12 21:31:32 2006
Subject: Strange scoring problem
Message-ID: <mailman.18067.1137101492.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-15" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Kai Schaetzl a écrit :
> Sam wrote on         Wed, 14 Dec 2005 22:20:49 +0100:
>>As the fact it works on the hash of mail ... can I consider that if a 
>>mail is marked as pyzor-positive I can surely drop it ???
> 
> I'm not using any of these. I can only speculate that they *can* be wrong, 
> so "dropping" might not be the right thing. Just leave them at the default 
> scoring.
> Kai

ok, thank you a lot for your helpfull answers.

Samuel.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mailscanner at ELIQUID.COM  Thu Dec 15 19:38:19 2005
From: mailscanner at ELIQUID.COM (Wess Bechard)
Date: Thu Jan 12 21:31:32 2006
Subject: 2 e-mail in white or blacklist
Message-ID: <mailman.18068.1137101492.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "utf-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Mauricio,

You may want to clean up the code that inserts and removes emails from
your white/blacklists.  As Julian mentioned, if you have a large number
of emails, you will waste resources processing the same emails over and
over.

I wrote a similar function in PHP.  My PHP Mail app simply calls this
function with an email address, and a remove flag if you are removing an
email address. 

This code snippit was written for the MailScanner whiltelist.

function spam($email, $remove = NULL) {
$filename = "/etc/MailScanner/rules/spam.whitelist.rules";
// We will read the values into an array, add or delete data, then
re-write the spam filter rules.
// If $remove = 1, delete the email, if not set, add the email.


// Read original values from spam filtering list...
$fp = fopen($filename, "r");
$initial_file = fread($fp, filesize($filename));
fclose($fp);

// Process and parse original file. 
         //Create an array element for each line in the
spam.whitelist.rules file.
$new_list = array();
$data = explode("\n", $initial_file);
$clean = array();

for ($i = 0; $i < sizeof($data); $i++) {
$data[$i] = $data[$i];
$line = explode(" ", $data[$i]);
$clean[$i][0] = $line[0];
$clean[$i][1] = $line[1];
$clean[$i][2] = $line[2];
}

if ($remove == '1') {
            // If deleting, rebuild array of email addresses, but do not
include the email address provided.
for ($i = 0; $i < sizeof($clean); $i++) {
if (stristr($clean[$i][1], $email) === FALSE)  {
if (!$clean[$i][1] == '') {
array_push($new_list, $clean[$i]);
}
}
}
} else {
                // No remove flag set.  We can add the provided email to
the array of addresses.
for ($i = 0; $i < sizeof($clean); $i++) {
if (stristr($clean[$i][1], $email) === FALSE)  {
if (!$clean[$i][1] == '') {
array_push($new_list, $clean[$i]);
}
}
}
$array_size = sizeof($new_list);
$new_list[$array_size][0] = "To:";
$new_list[$array_size][1] = $email;
$new_list[$array_size][2] = "no";
}

// Write back array of email addresses to file.

if (!$fp = fopen($filename, "w+")) {
echo "ERROR! Could not open whitelist file.";
} else {
foreach($new_list as $current) {
fwrite($fp, $current[0] . " " . $current[1] . " " . $current[2] . "\n");
}
fclose($fp);
}
}








On Thu, 2005-12-15 at 18:55 +0000, Julian Field wrote:

 -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mauricio Portilho Cavalcanti wrote:

>Hi,
>1) I made a web interface to insert and remove e-mails in white/blacklist.
>If someone puts de same e-mail twice, I think MS will treat as
>white/blacklist and no problem.
>
>From: fulano@domain.com.br yes
>From: fulano@domain.com.br yes
>
>Am I right?
>  
>
Yes, that shouldn't cause any problem, but it will slow things down as 
the ruleset is bigger than necessary.

>2) If I put @domain,com.br (",") in white/blacklist... how MS will treat
>this?
>  
>
It won't match domain.com.br, it will end up being effectively ignored 
as , will never appear in an address.

>Thanks in advance,
>Mauricio. 
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>  
>

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQA/AwUBQ6G8FhH2WUcUFbZUEQIOTACfYR991YaxRiNRbkIA+M3avMSgBnsAn0Yu
KTtLUE+pRolP1GmAmHHL025Y
=vI61
-----END PGP SIGNATURE-----


___________________________________________

Wess Bechard
Information Technology Manager
eliquidMEDIA International Inc.
Visit: www.eliquid.com
Office: 519.973.1930  -  1.800.561.7525
Fax: 519.253.0337
Cell: 519.791.9492
___________________________________________
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From MailScanner at ecs.soton.ac.uk  Thu Dec 15 20:11:43 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:32 2006
Subject: [Fwd: IFCC-FBI Criminal Complaint (Warning: E-mail viruses
    detected)]
Message-ID: <mailman.18069.1137101492.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Had to share this with you folks. I get these from time to time, and 
think they are most amusing. This one is even more officious than most, 
so I got a better laugh out of it than normal.

I Philip Rocnjava (or whatever his name might be) thinks he is really 
big and impressive. Reminds me of large cars as a substitute for a 
small.... (you get the rest :-)

I wonder if he sent anything to "HostWizard" as well (see the headers 
below)?

- -------- Original Message --------
Subject: 	IFCC-FBI Criminal Complaint (Warning: E-mail viruses detected)
Date: 	Thu, 15 Dec 2005 19:36:14 GMT
From: 	email <phillip@rocnjava.com>
To: 	abuse@mailscanner.info
CC: 	spam@uce.gov



A formal IFCC-FBI criminal complaint has been filed against 
your service in response to your malicious criminal behaviour. 

We are fully committed to prosecuting you to the fullest extent 
of the law and will assist in every way to expedite your journey 
to your new prison cell.

Each incident of spam that you send here automatically 
launches a complaint to the United States Federal Trade 
Commission, FBI, internet blacklists, and every ISP who 
enables you in your continued nuisance and criminal conduct.

Your are hereby notified that you, as well as any internet 
service provider who assists you, is liable for consequential 
damages, cost of labor hours, court costs, attorney fees, and 
any related expense in recouping the cost of time spent in 
obtaining a cessation of your harassement.

You *Will Be* caught. You *Will Be* exposed. The financial 
gain you have made from this activity will be forfieted.

Be prepared to pay fines and accept prison time.

You should think about the effect upon your family and friends 
as you prepare for the imminent consequences of your 
actions. Are they deserving of what you are inflicting upon 
them?

I strongly suggest that you remove my email address from your 
spam lists immediatedly. Anything that you send here has 
already been, is continuing to be, and will be used as 
evidence against you.

Internet service providers, your actions in supporting these 
individuals are not unnoticed, they are logged and made a 
permanent public record in the form of public internet 
blacklists. You run the very high risk of being exposed and 
boycotted. This system of sharing logged public records has 
resulted in many ISPs being rendered ineffective and going out 
of business with great losses as a result of public disfavor. You 
are doing a great disservice to your own community and the 
public. The results of your harboring this nuisance and criminal 
activity is damaging even to your own company and your 
personal livelihood.


signed,
Fully Committed

Return-path: <>
Envelope-to: phillip@rocnjava.com
Delivery-date: Thu, 15 Dec 2005 00:13:55 +0000
Received: from rocnjava by Server28.fastbighost.com with local-bsmtp (Exim 4.52) id 1Emgkr-00040W-Ro for phillip@rocnjava.com; Thu, 15 Dec 2005 00:13:55 +0000
X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on  Server28.fastbighost.com
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=4.0 tests=INFO_TLD autolearn=no  version=3.1.0
Received: from [207.44.164.22] (helo=secure.hostwizard.ws) by Server28.fastbighost.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.52) id 1Emgkr-000406-Is for phillip@rocnjava.com; Thu, 15 Dec 2005 00:13:53 +0000
X-ClientAddr: 127.0.0.1
Received: from secure.hostwizard.ws (localhost.localdomain [127.0.0.1]) by secure.hostwizard.ws (8.12.11/8.12.11) with ESMTP id jBF0EeIF004366 for <phillip@rocnjava.com>; Wed, 14 Dec 2005 18:14:40 -0600
Received: (from root@localhost) by secure.hostwizard.ws (8.12.11/8.12.11/Submit) id jBF0Ee5H004361; Wed, 14 Dec 2005 18:14:40 -0600
Date: Wed, 14 Dec 2005 18:14:40 -0600
Message-Id: <200512150014.jBF0Ee5H004361@secure.hostwizard.ws>
From: "MailScanner" <postmaster@secure.hostwizard.ws>
To: phillip@rocnjava.com
Subject: Warning: E-mail viruses detected
X-HostWizard-MailScanner: generated, Found to be clean
X-HostWizard-MailScanner-Information: Please contact the ISP for more information
X-MailScanner-From: 

Our virus detector has just been triggered by a message you sent:-
  To: jim@aps-technology.com
  Subject: hi, ive a new mail address
  Date: Wed Dec 14 18:14:40 2005

One or more of the attachments (File-packed_da.exe, File-packed_dataInfo.exe) are on
the list of unacceptable attachments for this site and will not have
been delivered.

Consider renaming the files to avoid this constraint.

The virus detector said this about the message:
Report: MailScanner: Executable DOS/Windows programs are dangerous in email (File-packed_da.exe)
Report: MailScanner: Executable DOS/Windows programs are dangerous in email (File-packed_dataInfo.exe)
MailScanner: Executable DOS/Windows programs are dangerous in email (File-packed_da.exe)
MailScanner: Executable DOS/Windows programs are dangerous in email (File-packed_dataInfo.exe)


- -- 
MailScanner
Email Virus Scanner
www.mailscanner.info
MailScanner thanks transtec Computers for their support





- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQA/AwUBQ6HOABH2WUcUFbZUEQK3MwCgt3/QntkwSS87PJon9AMT4eWchFkAoOGy
1GCfsHkwshGu6f0M73eaKUgD
=Qg6b
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ewallig at AEROCONTRACTORS.COM  Thu Dec 15 20:38:26 2005
From: ewallig at AEROCONTRACTORS.COM (Ed Wallig)
Date: Thu Jan 12 21:31:32 2006
Subject: [Fwd: IFCC-FBI Criminal Complaint (Warning: E-mail viruses
    detected)]
Message-ID: <mailman.18070.1137101492.24926.mailscanner@lists.mailscanner.info>

That'll just make the spammers hijack more computers.... 

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Julian Field
Sent: Thursday, December 15, 2005 3:12 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: [Fwd: IFCC-FBI Criminal Complaint (Warning: E-mail viruses
detected)]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Had to share this with you folks. I get these from time to time, and think
they are most amusing. This one is even more officious than most, so I got a
better laugh out of it than normal.

I Philip Rocnjava (or whatever his name might be) thinks he is really big
and impressive. Reminds me of large cars as a substitute for a small....
(you get the rest :-)

I wonder if he sent anything to "HostWizard" as well (see the headers
below)?

- -------- Original Message --------
Subject: 	IFCC-FBI Criminal Complaint (Warning: E-mail viruses
detected)
Date: 	Thu, 15 Dec 2005 19:36:14 GMT
From: 	email <phillip@rocnjava.com>
To: 	abuse@mailscanner.info
CC: 	spam@uce.gov



A formal IFCC-FBI criminal complaint has been filed against your service in
response to your malicious criminal behaviour. 

We are fully committed to prosecuting you to the fullest extent of the law
and will assist in every way to expedite your journey to your new prison
cell.

Each incident of spam that you send here automatically launches a complaint
to the United States Federal Trade Commission, FBI, internet blacklists, and
every ISP who enables you in your continued nuisance and criminal conduct.

Your are hereby notified that you, as well as any internet service provider
who assists you, is liable for consequential damages, cost of labor hours,
court costs, attorney fees, and any related expense in recouping the cost of
time spent in obtaining a cessation of your harassement.

You *Will Be* caught. You *Will Be* exposed. The financial gain you have
made from this activity will be forfieted.

Be prepared to pay fines and accept prison time.

You should think about the effect upon your family and friends as you
prepare for the imminent consequences of your actions. Are they deserving of
what you are inflicting upon them?

I strongly suggest that you remove my email address from your spam lists
immediatedly. Anything that you send here has already been, is continuing to
be, and will be used as evidence against you.

Internet service providers, your actions in supporting these individuals are
not unnoticed, they are logged and made a permanent public record in the
form of public internet blacklists. You run the very high risk of being
exposed and boycotted. This system of sharing logged public records has
resulted in many ISPs being rendered ineffective and going out of business
with great losses as a result of public disfavor. You are doing a great
disservice to your own community and the public. The results of your
harboring this nuisance and criminal activity is damaging even to your own
company and your personal livelihood.


signed,
Fully Committed

Return-path: <>
Envelope-to: phillip@rocnjava.com
Delivery-date: Thu, 15 Dec 2005 00:13:55 +0000
Received: from rocnjava by Server28.fastbighost.com with local-bsmtp (Exim
4.52) id 1Emgkr-00040W-Ro for phillip@rocnjava.com; Thu, 15 Dec 2005
00:13:55 +0000
X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on
Server28.fastbighost.com
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=4.0 tests=INFO_TLD autolearn=no
version=3.1.0
Received: from [207.44.164.22] (helo=secure.hostwizard.ws) by
Server28.fastbighost.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.52) id
1Emgkr-000406-Is for phillip@rocnjava.com; Thu, 15 Dec 2005 00:13:53 +0000
X-ClientAddr: 127.0.0.1
Received: from secure.hostwizard.ws (localhost.localdomain [127.0.0.1]) by
secure.hostwizard.ws (8.12.11/8.12.11) with ESMTP id jBF0EeIF004366 for
<phillip@rocnjava.com>; Wed, 14 Dec 2005 18:14:40 -0600
Received: (from root@localhost) by secure.hostwizard.ws
(8.12.11/8.12.11/Submit) id jBF0Ee5H004361; Wed, 14 Dec 2005 18:14:40 -0600
Date: Wed, 14 Dec 2005 18:14:40 -0600
Message-Id: <200512150014.jBF0Ee5H004361@secure.hostwizard.ws>
From: "MailScanner" <postmaster@secure.hostwizard.ws>
To: phillip@rocnjava.com
Subject: Warning: E-mail viruses detected
X-HostWizard-MailScanner: generated, Found to be clean
X-HostWizard-MailScanner-Information: Please contact the ISP for more
information
X-MailScanner-From: 

Our virus detector has just been triggered by a message you sent:-
  To: jim@aps-technology.com
  Subject: hi, ive a new mail address
  Date: Wed Dec 14 18:14:40 2005

One or more of the attachments (File-packed_da.exe,
File-packed_dataInfo.exe) are on the list of unacceptable attachments for
this site and will not have been delivered.

Consider renaming the files to avoid this constraint.

The virus detector said this about the message:
Report: MailScanner: Executable DOS/Windows programs are dangerous in email
(File-packed_da.exe)
Report: MailScanner: Executable DOS/Windows programs are dangerous in email
(File-packed_dataInfo.exe)
MailScanner: Executable DOS/Windows programs are dangerous in email
(File-packed_da.exe)
MailScanner: Executable DOS/Windows programs are dangerous in email
(File-packed_dataInfo.exe)


- --
MailScanner
Email Virus Scanner
www.mailscanner.info
MailScanner thanks transtec Computers for their support





- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQA/AwUBQ6HOABH2WUcUFbZUEQK3MwCgt3/QntkwSS87PJon9AMT4eWchFkAoOGy
1GCfsHkwshGu6f0M73eaKUgD
=Qg6b
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, Application/X-PKCS7-SIGNATURE  6.1KB. ]
    [ Unable to print this part. ]


From mkettler at EVI-INC.COM  Thu Dec 15 20:43:58 2005
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:31:32 2006
Subject: [Fwd: IFCC-FBI Criminal Complaint (Warning: E-mail viruses
    detected)]
Message-ID: <mailman.18071.1137101492.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:
> Had to share this with you folks. I get these from time to time, and
> think they are most amusing. This one is even more officious than most,
> so I got a better laugh out of it than normal.


Agreed, clearly it's the admin of secure.hostwizard.ws who should be arrested
and prosecuted for configuring mailscanner without virus detection to avoid
autoresponding. :)


Unfortunately, while I am half joking, I'm only half joking.

I don't think they should be criminally investigated, unless they unleashed
enough of a flood of notices to actually DoS the victim site. However, I do
think they are dangerously misconfigured and deserve the same LARTing and
disrespect as the admin of an open-relay mailserver that a spammer abused.

I view mis-directed  Challenge-Responses, virus notices, and post-delivery spam
notices as indirect spamming through deliberate, and willfully malicious,
misconfiguration. Such admins are trying to solve their email problems by
foisting the problem into the mailboxes others. I get enough spam and viruses
without getting notices for all of theirs too.

I myself do not take kindly to being imposed upon by such systems. I'm sure a
few list members here can attest they have gotten my warnings that I'll
blacklist their server if they don't cease sending me notices for undetected
viruses. And I do have a good number of servers 550'ed for persistently sending
me such notices.

My own policy is I send a LART after 2 mis-directed notices, and blacklist if
they keep coming in 24 hours after the LART. Of course, if I get a deluge I'll
blacklist them without waiting for 24 hours as a defensive measure. My general
removal policy is roughly 1 week, but I'm lazy about it so it could be more or
less often.

Just some food-for-thought on the other side of the coin.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dnsadmin at 1BIGTHINK.COM  Thu Dec 15 20:50:18 2005
From: dnsadmin at 1BIGTHINK.COM (dnsadmin 1bigthink.com)
Date: Thu Jan 12 21:31:32 2006
Subject: Q: about vacation messages
Message-ID: <mailman.18072.1137101492.24926.mailscanner@lists.mailscanner.info>

Hello All,

I have a question about .procmail vacation autoresponders and how 
they will relate to spam and directory harvest attacks:

If I place an autoresponder in place, will it respond before going 
through the scrutiny of my sendmail access list and the MailScanner 
and SpamAssassin engines?

Thanks,
Glenn

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mike at CAMAROSS.NET  Thu Dec 15 20:51:09 2005
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:31:32 2006
Subject: about vacation messages
Message-ID: <mailman.18073.1137101492.24926.mailscanner@lists.mailscanner.info>

MailScanner mailing list <> scribbled on :

> Hello All,
> 
> I have a question about .procmail vacation autoresponders and
> how they will relate to spam and directory harvest attacks:
> 
> If I place an autoresponder in place, will it respond before
> going through the scrutiny of my sendmail access list and the
> MailScanner and SpamAssassin engines?
> 
> Thanks,
> Glenn
> 
> ------------------------ MailScanner list
> ------------------------ To unsubscribe, email
> jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!

procmail is the lda, so it would be processed my sendmail's access lists and
MailScanner before being handed off to procmail for final delivery to the
user.

Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mkettler at EVI-INC.COM  Thu Dec 15 20:56:13 2005
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:31:32 2006
Subject: Q: about vacation messages
Message-ID: <mailman.18074.1137101492.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

dnsadmin 1bigthink.com wrote:
> Hello All,
> 
> I have a question about .procmail vacation autoresponders and how they
> will relate to spam and directory harvest attacks:
> 
> If I place an autoresponder in place, will it respond before going
> through the scrutiny of my sendmail access list and the MailScanner and
> SpamAssassin engines?

No. Procmail happens right before the message is delivered to the mailbox, so
it's after sendmail and MailScanner are done with it.

Making sure you don't respond to viruses and spam is a good first step, but
generally not enough.

For example, you need to make sure you don't respond to any mailing list
messages, as that will raise the ire of many.

In general, it's best to only respond to messages that have your address in the
To: or Cc: header of the message. It's also a good idea to check for Precedence:
list or Precedence: bulk and avoid responding to those.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From henker at S-H-COM.DE  Thu Dec 15 21:27:53 2005
From: henker at S-H-COM.DE (Steffan Henke)
Date: Thu Jan 12 21:31:32 2006
Subject: Q: about vacation messages
Message-ID: <mailman.18075.1137101492.24926.mailscanner@lists.mailscanner.info>

On Thu, 15 Dec 2005, Matt Kettler wrote:

> In general, it's best to only respond to messages that have your address in the
> To: or Cc: header of the message. It's also a good idea to check for Precedence:
> list or Precedence: bulk and avoid responding to those.


man procmailex

gives a great example of a "vacation" that also ensures you don't send 
responses if a recipient has already received a vacation msg.
I have seen way too many autoresponders that respond to autoresponders 
and back again, especially during the christmas holidays season...

Regards,

Steffan

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dnsadmin at 1BIGTHINK.COM  Thu Dec 15 21:50:19 2005
From: dnsadmin at 1BIGTHINK.COM (dnsadmin 1bigthink.com)
Date: Thu Jan 12 21:31:32 2006
Subject: Q: about vacation messages
Message-ID: <mailman.18076.1137101492.24926.mailscanner@lists.mailscanner.info>

At 04:27 PM 12/15/2005, you wrote:

>On Thu, 15 Dec 2005, Matt Kettler wrote:
>
>>In general, it's best to only respond to messages that have your 
>>address in the
>>To: or Cc: header of the message. It's also a good idea to check 
>>for Precedence:
>>list or Precedence: bulk and avoid responding to those.
>
>
>man procmailex
>
>gives a great example of a "vacation" that also ensures you don't 
>send responses if a recipient has already received a vacation msg.
>I have seen way too many autoresponders that respond to 
>autoresponders and back again, especially during the christmas 
>holidays season...
>
>Regards,
>
>Steffan

Thanks for all responses! Will study promailex before deployment!

Thanks,
Glenn

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dnsadmin at 1BIGTHINK.COM  Thu Dec 15 21:52:46 2005
From: dnsadmin at 1BIGTHINK.COM (dnsadmin 1bigthink.com)
Date: Thu Jan 12 21:31:32 2006
Subject: Will milter-greylist solve my directory harvest attacks?
Message-ID: <mailman.18077.1137101492.24926.mailscanner@lists.mailscanner.info>

Hello All,

I've implemented as much restriction, as tolerable by my users, 
within the MTA (sendmail) and still get some hammering directory 
harvest attacks.

Will milter-greylist help?

TIA!

Glenn

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jase at SENSIS.COM  Thu Dec 15 22:00:45 2005
From: jase at SENSIS.COM (Desai, Jason)
Date: Thu Jan 12 21:31:32 2006
Subject: Other blocked content ruleset
Message-ID: <mailman.18078.1137101492.24926.mailscanner@lists.mailscanner.info>

Drew Marshall wrote:
> On Mon, December 5, 2005 21:29, Drew Marshall wrote:
 
>> i.e. I want to *not* send a notification for attachments that are too
>> small but I do still want to send notifications for any of the other
>> blocked content. As you can see, could some one fill in my blank
>> space and stop my maillog filling with 'Syntax error in first field
>> in line 3 of ruleset' as my wall can't take my more head bashing!
> 
> I really must stop replying to myself!
> 
> I still haven't found any answer to this. Anyone got any clues?
> Julian, please?
> 
> Drew

Drew,

Sorry for the late reply - still catching up on the list.  I just dealt
with this recently.  Here's what I did.  I modified languages.conf,
changing AttachmentTooSmall to be "Attachment is too small (too-small)".
For completeness, I changed AttachmentTooLarge in the same way.  Then I
modified MailScanner.conf, and added "too-small" to the list of Silent
Viruses.  This seems to prevent notifications.  You don't have to use
"too-small", you could use some other string which has no spaces in
AttachmentTooSmall and Silent Viruses.

Hope this helps.

Jase

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mkettler at EVI-INC.COM  Thu Dec 15 22:19:12 2005
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:31:32 2006
Subject: Will milter-greylist solve my directory harvest attacks?
Message-ID: <mailman.18079.1137101492.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

dnsadmin 1bigthink.com wrote:
> Hello All,
> 
> I've implemented as much restriction, as tolerable by my users, within
> the MTA (sendmail) and still get some hammering directory harvest attacks.
> 
> Will milter-greylist help?

Somewhat, but you'll get hammered with a really large greylist database.

Really to deal with dictionary attacks there's a few quick sendmail features you
can use to help.

The BAD_RCPT_THROTTLE options is probably the most effective here. Here's a
quick sendmail.mc fragment for it:

#after 15 invalid recipients, start slowing them down with
#1 second sleeps
define(`confBAD_RCPT_THROTTLE',15)

You might also want to consider MAX_RCPTS_PER_MESSAGE, MAX_DAEMON_CHILDREN, and
CONNECTION_RATE_THROTTLE.

I'd also strongly suggest making sure that PRIVACY_FLAGS has either goaway or
novrfy,noexpn.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From shuttlebox at GMAIL.COM  Thu Dec 15 22:30:34 2005
From: shuttlebox at GMAIL.COM (shuttlebox)
Date: Thu Jan 12 21:31:32 2006
Subject: Will milter-greylist solve my directory harvest attacks?
Message-ID: <mailman.18080.1137101492.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 12/15/05, Matt Kettler <mkettler@evi-inc.com> wrote:
      The BAD_RCPT_THROTTLE options is probably the most effective
      here. Here's a
      quick sendmail.mc fragment for it:

      #after 15 invalid recipients, start slowing them down with
      #1 second sleeps
      define(`confBAD_RCPT_THROTTLE',15)


But the gateway doesn't know if the recipient is valid or not, only if it
can deliver it to the next server. Do you mean together with
milter-sender or similar?

/Peter

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From mkettler at EVI-INC.COM  Thu Dec 15 22:36:52 2005
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:31:32 2006
Subject: Will milter-greylist solve my directory harvest attacks?
Message-ID: <mailman.18081.1137101492.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

shuttlebox wrote:
> On 12/15/05, *Matt Kettler* <mkettler@evi-inc.com
> <mailto:mkettler@evi-inc.com>> wrote:
> 
>     The BAD_RCPT_THROTTLE options is probably the most effective here.
>     Here's a
>     quick sendmail.mc <http://sendmail.mc> fragment for it:
> 
>     #after 15 invalid recipients, start slowing them down with
>     #1 second sleeps
>     define(`confBAD_RCPT_THROTTLE',15)
> 
> 
> But the gateway doesn't know if the recipient is valid or not, only if
> it can deliver it to the next server. Do you mean together with
> milter-sender or similar?


What do you mean by "can deliver it to the next server"?

Does it really know it can deliver that address to the next server? or does it
just know it should forward the domain to the next server?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mkettler at EVI-INC.COM  Thu Dec 15 22:38:01 2005
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:31:32 2006
Subject: Will milter-greylist solve my directory harvest attacks?
Message-ID: <mailman.18082.1137101492.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

shuttlebox wrote:
> On 12/15/05, *Matt Kettler* <mkettler@evi-inc.com
> <mailto:mkettler@evi-inc.com>> wrote:
> 
>     The BAD_RCPT_THROTTLE options is probably the most effective here.
>     Here's a
>     quick sendmail.mc <http://sendmail.mc> fragment for it:
> 
>     #after 15 invalid recipients, start slowing them down with
>     #1 second sleeps
>     define(`confBAD_RCPT_THROTTLE',15)
> 
> 
> But the gateway doesn't know if the recipient is valid or not, only if
> it can deliver it to the next server. Do you mean together with
> milter-sender or similar?

Further follow-up.. milter-sender is the exact opposite of what we're talking
about here. That validates the sender, not the recipient.

Perhaps milter-ahead could be used here, but not milter-sender.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From shuttlebox at gmail.com  Thu Dec 15 22:48:48 2005
From: shuttlebox at gmail.com (shuttlebox)
Date: Thu Jan 12 21:31:32 2006
Subject: Will milter-greylist solve my directory harvest attacks?
Message-ID: <mailman.18083.1137101492.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 12/15/05, Matt Kettler <mkettler@evi-inc.com> wrote:
      Further follow-up.. milter-sender is the exact opposite of
      what we're talking
      about here. That validates the sender, not the recipient.

      Perhaps milter-ahead could be used here, but not
      milter-sender.


I don't use any of them but obviously milter-ahead sounds like a better
fit. I still don't see how you can invalidate recipients on a relay
without it though. Sendmail uses its mailertable file to see if it can
deliver to, for example, an Exchange server further in, it can not
validate the left side of the mail address and will send everything to
Exchange.

/Peter

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From MailScanner at ecs.soton.ac.uk  Thu Dec 15 23:04:26 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:32 2006
Subject: [Fwd: IFCC-FBI Criminal Complaint (Warning: E-mail viruses
    detected)]
Message-ID: <mailman.18084.1137101492.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Don't worry, I have already sent a polite little request for them to 
reconfigure their MailScanner. Hopefully they will take some notice.

Matt Kettler wrote:

>Julian Field wrote:
>  
>
>>Had to share this with you folks. I get these from time to time, and
>>think they are most amusing. This one is even more officious than most,
>>so I got a better laugh out of it than normal.
>>    
>>
>
>
>Agreed, clearly it's the admin of secure.hostwizard.ws who should be arrested
>and prosecuted for configuring mailscanner without virus detection to avoid
>autoresponding. :)
>
>
>Unfortunately, while I am half joking, I'm only half joking.
>
>I don't think they should be criminally investigated, unless they unleashed
>enough of a flood of notices to actually DoS the victim site. However, I do
>think they are dangerously misconfigured and deserve the same LARTing and
>disrespect as the admin of an open-relay mailserver that a spammer abused.
>
>I view mis-directed  Challenge-Responses, virus notices, and post-delivery spam
>notices as indirect spamming through deliberate, and willfully malicious,
>misconfiguration. Such admins are trying to solve their email problems by
>foisting the problem into the mailboxes others. I get enough spam and viruses
>without getting notices for all of theirs too.
>  
>
- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support	

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQA/AwUBQ6H2fBH2WUcUFbZUEQLziACfaFMu7m3j5EVNrm3U3pBPwZefQxQAoJAU
bixTxXQRZt7hR2gOfOpbBsxn
=9X9q
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dnsadmin at 1BIGTHINK.COM  Thu Dec 15 23:04:05 2005
From: dnsadmin at 1BIGTHINK.COM (dnsadmin 1bigthink.com)
Date: Thu Jan 12 21:31:32 2006
Subject: Will milter-greylist solve my directory harvest attacks?
Message-ID: <mailman.18085.1137101492.24926.mailscanner@lists.mailscanner.info>

At 05:19 PM 12/15/2005, you wrote:

      dnsadmin 1bigthink.com wrote:
      > Hello All,
      >
      > I've implemented as much restriction, as tolerable by my
      users, within
      > the MTA (sendmail) and still get some hammering directory
      harvest attacks.
      >
      > Will milter-greylist help?

      Somewhat, but you'll get hammered with a really large
      greylist database.

      Really to deal with dictionary attacks there's a few quick
      sendmail features you
      can use to help.

      The BAD_RCPT_THROTTLE options is probably the most effective
      here. Here's a
      quick sendmail.mc fragment for it:

      #after 15 invalid recipients, start slowing them down with
      #1 second sleeps
      define(`confBAD_RCPT_THROTTLE',15)


already have:
define(`confBAD_RCPT_THROTTLE', `2')

      You might also want to consider MAX_RCPTS_PER_MESSAGE,
      MAX_DAEMON_CHILDREN, and
      CONNECTION_RATE_THROTTLE.


I had not defined MAX_DAEMON_CHILDREN. I will set to 500.

already have:
define(`confMAX_RCPTS_PER_MESSAGE',19)
FEATURE(`greet_pause',10000)
define(`confCONNECTION_RATE_THROTTLE',8)
define(`confCONNECTION_RATE_WINDOW_SIZE',60s)

      I'd also strongly suggest making sure that PRIVACY_FLAGS has
      either goaway or
      novrfy,noexpn.


also:

define(`confPRIVACY_FLAGS',`authwarnings,novrfy,noexpn,nobodyreturn,restrictqru
')


Please see inline above..

No POP without AUTH!

Thanks Matt! You made me revisit my M4. Good suggestions too, but mostly
implemented.

Are there any other suggestions? I still get too many directory harvest
attacks

I am also building a new DNS server to replace the one that is getting
hammered on a nightly basis.

TIA!
Glenn Parsons
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From mkettler at EVI-INC.COM  Thu Dec 15 23:16:29 2005
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:31:32 2006
Subject: Will milter-greylist solve my directory harvest attacks?
Message-ID: <mailman.18086.1137101492.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

shuttlebox wrote:
> On 12/15/05, *Matt Kettler* <mkettler@evi-inc.com
> <mailto:mkettler@evi-inc.com>> wrote:
> 
>     Further follow-up.. milter-sender is the exact opposite of what
>     we're talking
>     about here. That validates the sender, not the recipient.
> 
>     Perhaps milter-ahead could be used here, but not milter-sender.
> 
> 
> I don't use any of them but obviously milter-ahead sounds like a better
> fit. I still don't see how you can invalidate recipients on a relay
> without it though. Sendmail uses its mailertable file to see if it can
> deliver to, for example, an Exchange server further in, it can not
> validate the left side of the mail address and will send everything to
> Exchange.

Blind-forwarding mailservers, like yours, are a pretty major problem.
Particularly since some spammers are abusing them as mail relays through what is
calleda "Reverse NDR" attack.

You really should consider doing something about that ASAP. milter-ahead seems
the easiest way for you.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mkettler at EVI-INC.COM  Thu Dec 15 23:17:44 2005
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:31:32 2006
Subject: [Fwd: IFCC-FBI Criminal Complaint (Warning: E-mail viruses
    detected)]
Message-ID: <mailman.18087.1137101492.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:
> Don't worry, I have already sent a polite little request for them to 
> reconfigure their MailScanner. Hopefully they will take some notice.


Woot! Way to be proactive. You go Julian!

(reminds self to check out that amazon wishlist..)

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From steve.swaney at fsl.com  Thu Dec 15 23:20:54 2005
From: steve.swaney at fsl.com (Stephen Swaney)
Date: Thu Jan 12 21:31:32 2006
Subject: Will milter-greylist solve my directory harvest attacks?
Message-ID: <mailman.18088.1137101492.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Matt Kettler
> Sent: Thursday, December 15, 2005 5:38 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Will milter-greylist solve my directory harvest attacks?
> 
> shuttlebox wrote:
> > On 12/15/05, *Matt Kettler* <mkettler@evi-inc.com
> > <mailto:mkettler@evi-inc.com>> wrote:
> >
> >     The BAD_RCPT_THROTTLE options is probably the most effective here.
> >     Here's a
> >     quick sendmail.mc <http://sendmail.mc> fragment for it:
> >
> >     #after 15 invalid recipients, start slowing them down with
> >     #1 second sleeps
> >     define(`confBAD_RCPT_THROTTLE',15)
> >
> >
> > But the gateway doesn't know if the recipient is valid or not, only if
> > it can deliver it to the next server. Do you mean together with
> > milter-sender or similar?
> 
> Further follow-up.. milter-sender is the exact opposite of what we're
> talking
> about here. That validates the sender, not the recipient.
> 
> Perhaps milter-ahead could be used here, but not milter-sender.
> 

You wouldn't think so but milter-sender is a "kitchen sink" milter and I
believe it actually include the functionality of milter-ahead. 

Take a look at new snertsoft (www.snertsoft.com) milter, milter-error. This
can block on errors and although I haven't tried it yet, I think it can help
stop the dictionary and other type of attacks. I'm looking forward to
testing it.

Steve

Stephen Swaney
Fort Systems Ltd.
stephen.swaney@fsl.com
www.fsl.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From shuttlebox at GMAIL.COM  Thu Dec 15 23:25:08 2005
From: shuttlebox at GMAIL.COM (shuttlebox)
Date: Thu Jan 12 21:31:32 2006
Subject: Will milter-greylist solve my directory harvest attacks?
Message-ID: <mailman.18089.1137101492.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 12/16/05, Matt Kettler <mkettler@evi-inc.com> wrote:
      Blind-forwarding mailservers, like yours, are a pretty major
      problem.
      Particularly since some spammers are abusing them as mail
      relays through what is
      calleda "Reverse NDR" attack.

      You really should consider doing something about that ASAP.
      milter-ahead seems
      the easiest way for you.


I know that, however it wasn't clear to me that you did in your first
reply.

My servers are not really my servers so it's ultimately up to my clients
to decide which methods to use. Some things take time to get approved.

/Peter

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From bob.dewildt at CYSONET.COM  Fri Dec 16 00:23:15 2005
From: bob.dewildt at CYSONET.COM (Bob de Wildt)
Date: Thu Jan 12 21:31:32 2006
Subject: Feature suggestion rsync of phishing.safe.sites
Message-ID: <mailman.18090.1137101492.24926.mailscanner@lists.mailscanner.info>

Julian (and others),

To increase a better registration of the phishing.safe.sites, wouldt it
be an idea to rsync the master list with the client lists?
This wouldt decrease the number of actual mailinglists being marked as
phishing mail, though on the other hand the list might grow enourmous
over time. ( look at the Sare rules: bigevil.cf )

What are the oppinions about this?

Kind regards,

Bob de Wildt
Systems Administrator
Cyso Managed Hosting
Baangracht 2
1811 DC Alkmaar
tel: 072-7513400
fax: 072-7513401
e-mail: support@cyso.nl

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jfagan at FIRSTLIGHTNETWORKS.COM  Wed Dec 14 00:39:11 2005
From: jfagan at FIRSTLIGHTNETWORKS.COM (James Fagan)
Date: Thu Jan 12 21:31:32 2006
Subject: Christmas is coming...
Message-ID: <mailman.18091.1137101492.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list 
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Michele 
> Neylon :: Blacknight
> Sent: Tuesday, December 13, 2005 4:01 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: [MAILSCANNER] Christmas is coming...
> 
> Julian Field wrote:
> > Subtlety never was my strong point :-)
> > 
> > Anyone looking for anything to buy me for Christmas may 
> like to know 
> > that I have updated my Amazon.co.uk wish list. They're all nice and 
> > cheap, don't worry!
> > Thanks for all your contributions, as ever!
> > 
> > I hope you all have a great Christmas and a merry New Year. Best  
> > wishes for 2006, and I wish you all a spam- and virus-free year.
> > 
> > Have an extra one for the pear tree,
> > Best wishes,
> > Jules.
> > 
> 
> And the dumb question of the day.... where is the wishlist?

http://www.amazon.co.uk/gp/registry/registry.html/026-4009604-6478068?id
=1W99HT2WWW5PB

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From P.G.M.Peters at UTWENTE.NL  Fri Dec 16 08:31:48 2005
From: P.G.M.Peters at UTWENTE.NL (Peter Peters)
Date: Thu Jan 12 21:31:32 2006
Subject: Will milter-greylist solve my directory harvest attacks?
Message-ID: <mailman.18092.1137101492.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

shuttlebox wrote on 15-12-2005 23:48:
> On 12/15/05, *Matt Kettler* <mkettler@evi-inc.com
> <mailto:mkettler@evi-inc.com>> wrote:
> 
>     Further follow-up.. milter-sender is the exact opposite of what
>     we're talking
>     about here. That validates the sender, not the recipient.
> 
>     Perhaps milter-ahead could be used here, but not milter-sender.
> 
> 
> I don't use any of them but obviously milter-ahead sounds like a better
> fit. I still don't see how you can invalidate recipients on a relay
> without it though. Sendmail uses its mailertable file to see if it can
> deliver to, for example, an Exchange server further in, it can not
> validate the left side of the mail address and will send everything to
> Exchange.

In principle all (Exchange) accounts and e-mail addresses are centrally
maintained. Changes are exported to Exchange and the virtusertable
within sendmail.

Ofcourse this is theory. Some departments still don't use this system
but I only get 2300 out of 81000 locally undeliverables. Out of those
2300 2000 become double bounces. One of my goals for next year is to
lower the remaining 300 some more.

- --
Peter Peters, senior beheerder (Security)
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente,  Postbus 217,  7500 AE  Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDont0Mbmy+DDgnIURArKZAJ9m0Q75pSBlUWFCjC1HKN6mV3UeFwCfS77o
lBUf/4tNewDrBpVAeW7yRPA=
=Ahmu
-----END PGP SIGNATURE-----

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Fri Dec 16 09:14:19 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:32 2006
Subject: Feature suggestion rsync of phishing.safe.sites
Message-ID: <mailman.18093.1137101492.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----

No way, sorry. What happens when a spammer sets up a copy of  
MailScanner with bi-directional syncing of the safe site list?
Assuming I have understood you correctly of course :-)

On 16 Dec 2005, at 00:23, Bob de Wildt wrote:

> Julian (and others),
>
> To increase a better registration of the phishing.safe.sites,  
> wouldt it
> be an idea to rsync the master list with the client lists?
> This wouldt decrease the number of actual mailinglists being marked as
> phishing mail, though on the other hand the list might grow enourmous
> over time. ( look at the Sare rules: bigevil.cf )
>
> What are the oppinions about this?

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBQ6KFbvw32o+k+q+hAQF54Af/QXjQi/8OJV8hlULfTw4kx7RW80LAsz0C
GSeCjFHyuv4hfVk37YF4BNK9xeeM0OwuhD+QeW06OHHYyveCT1uUlV4mUjXgT5/Q
fNXqEIY+gJZblyijlKe/qSFeAoOKbCJQUrfW0X/IA3YmoxxR5vKYso5iNu9vSPqa
yG3aPFEtkbMsNWv5QEEsN8hTvD28v9Tc/yIIgV6428/H6y+QJSx9PSiul25iZ+jj
GsUIqe6dM/iJRwVrv3T7weMkhgylBCki3UnU8S5hOW4POTUOKyTBE/A7Z/F8OkXm
igbG2KnDNxh1GsmNYTV3Ab7Acci8JjhGRa6aEsp/b9BaLAPrQbbJvw==
=vfea
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Marc.Dufresne at PARKS.ON.CA  Fri Dec 16 15:25:44 2005
From: Marc.Dufresne at PARKS.ON.CA (Marc Dufresne)
Date: Thu Jan 12 21:31:32 2006
Subject: SA-LEARN Keeps crashing at DBM.pm Line 624
Message-ID: <mailman.18094.1137101492.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Which post is scotts?


Marc Dufresne, Corporate IT Officer
St. Lawrence Parks Commission
13740 County Road 2
Morrisburg, ON  K0C 1X0

E-mail: Marc.Dufresne@parks.on.ca
Voice: 613-543-3704  Ext#2455
Fax: 613-543-2847
Corporate website: www.parks.on.ca

>>> maillists@CONACTIVE.COM 12/14/2005 5:53 PM >>>
Marc Dufresne wrote on         Wed, 14 Dec 2005 16:13:52 -0500:

> Since I'm running FreeBSD 5.4 what's the simplest and most efficient way 
> of recompiling Perl-5.8.7?

I wouldn't do it, it can fail. Did you try Scott's suggestion?

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, Text/PLAIN (Name: "Marc Dufresne.vcf")  20 lines. ]
    [ Unable to print this part. ]


From phachey at CITY.CORNWALL.ON.CA  Fri Dec 16 15:51:22 2005
From: phachey at CITY.CORNWALL.ON.CA (Philip Hachey)
Date: Thu Jan 12 21:31:32 2006
Subject: Problem with ALL_TRUSTED since 4.48
Message-ID: <mailman.18095.1137101492.24926.mailscanner@lists.mailscanner.info>

>> But I still get ALL_TRUSTED cropping up with a score of -1.80.
>
>
>At that point, I'd resort to running spamassassin --lint and make sure SA is
>actually able to make sense of your config files.
>
>If that doesn't help, try adding -D and see what "site rules dir" SA is using
>and make sure it's /etc/mail/spamassassassin.

I've tried these and not only do I not get any errors and the above
directory is being used, but the Bayes SQL preferences which are entered in
spam.assassin.prefs.conf are used, so I know that file is being read.  I
can't really figure why this would start after upgrading MS.

At the same time as upgrading MS, I also upgraded the perl modules
HTML::Parser to 3.48 and HTML::Tagset to 3.10, but I doubt that would have
any effect on ALL_TRUSTED.

If nobody else is having this problem, then I'm really baffled by this one.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From phachey at CITY.CORNWALL.ON.CA  Fri Dec 16 16:03:41 2005
From: phachey at CITY.CORNWALL.ON.CA (Philip Hachey)
Date: Thu Jan 12 21:31:32 2006
Subject: spam.assassin.prefs.conf not being read - was Re: Problem with
    ALL_TRUSTED since 4.48
Message-ID: <mailman.18096.1137101492.24926.mailscanner@lists.mailscanner.info>

Aha!  I've discovered that my spam.assassin.prefs.conf is not being read
when MailScanner calls SA -- because Bayes files are being created, despite
that Bayes SQL lines are in my .conf file.  However, "spamassassin -D
--lint" DOES read the .conf file and shows the SQL lines being read.  Why
would lint read the .conf file, but MS's call of SA not?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Fri Dec 16 16:31:24 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:32 2006
Subject: SA-LEARN Keeps crashing at DBM.pm Line 624
Message-ID: <mailman.18097.1137101492.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Marc Dufresne wrote on         Fri, 16 Dec 2005 10:25:44 -0500:

> Which post is scotts?

Counter question: What freaky client do you use? Ah, I see, Novell. It 
seems to have limited functionality. No active or passive threading. Eeek.

I was referring to running the commands separately. But I did that two 
days ago and in the meantime you did that AFAIR and it didn't help. So 
just forget this.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From phachey at CITY.CORNWALL.ON.CA  Fri Dec 16 17:06:53 2005
From: phachey at CITY.CORNWALL.ON.CA (Philip Hachey)
Date: Thu Jan 12 21:31:32 2006
Subject: 4.48 BUG?: SpamAssassin Local Rules Dir
Message-ID: <mailman.18098.1137101492.24926.mailscanner@lists.mailscanner.info>

[WAS Re: spam.assassin.prefs.conf not being read - was Re: Problem with
ALL_TRUSTED since 4.48]

I have discovered that when setting in MailScanner.conf, the variable:
SpamAssassin Local Rules Dir = %etc-dir%/spam
(the directory that I have rules_du_jour writing to)
then MS's call of SA does not look in /etc/mail/spamassassin to read
local.cf and mailscanner.cf

This is new in 4.48.

To get around this, I have blanked out the value of SpamAssassin Local Rules
Dir for now.

Can anyone else confirm this?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Fri Dec 16 19:09:29 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:32 2006
Subject: 4.48 BUG?: SpamAssassin Local Rules Dir
Message-ID: <mailman.18099.1137101492.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Philip Hachey wrote on         Fri, 16 Dec 2005 17:06:53 +0000:

>  %etc-dir%/spam 
>  
>  /etc/mail/spamassassin

is not the same, if that is not a typo it's clear why you have this problem. 
"SpamAssassin Local Rules Dir =" as of 4.48 should be empty (*) if it got 
detected during MS installation! Read the changelog for this version!

(*) I think upgrade_conf may have done it. Do you use it?

> To get around this, I have blanked out the value of SpamAssassin Local Rules 
> Dir for now.

:-)

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Fri Dec 16 17:31:29 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:32 2006
Subject: spam.assassin.prefs.conf not being read - was Problem with
    ALL_TRUSTED since 4.48
Message-ID: <mailman.18100.1137101492.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Philip Hachey wrote on         Fri, 16 Dec 2005 16:03:41 +0000:

> Why 
> would lint read the .conf file, but MS's call of SA not?

SA uses the files in /etc/mail/spamassassin. No other. Unless MS tells it 
to use a different one. This is what MS did in the past. Now it's not 
doing this anymore but puts a symlink in /etc/mail/spamassassin to point 
to the file it comes with. You can configure this in mailscanner.conf. 
Check if the symlink is there or put the file you want to use in 
/etc/mailspamassassin.

BTW: Your mail client does not provide any threading information. Please 
don't change subject if you use such a client or the threading will be 
completely gone (= no information about the earlier discussion).

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Fri Dec 16 19:14:19 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:32 2006
Subject: 4.48 BUG?: SpamAssassin Local Rules Dir
Message-ID: <mailman.18101.1137101492.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It is quite possible that using this variable over-rides the local site 
rules dir normally processed by SpamAssassin. If this is the case, I 
need to change the documentation for this setting to include a warning 
about this behaviour.

Matt (Kettler) ---- Can you confirm this for me please? (as my resident 
SA guru :-)

Thanks!
Jules.

Philip Hachey wrote:

>[WAS Re: spam.assassin.prefs.conf not being read - was Re: Problem with
>ALL_TRUSTED since 4.48]
>
>I have discovered that when setting in MailScanner.conf, the variable:
>SpamAssassin Local Rules Dir = %etc-dir%/spam
>(the directory that I have rules_du_jour writing to)
>then MS's call of SA does not look in /etc/mail/spamassassin to read
>local.cf and mailscanner.cf
>
>This is new in 4.48.
>
>To get around this, I have blanked out the value of SpamAssassin Local Rules
>Dir for now.
>
>Can anyone else confirm this?
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>  
>

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQA/AwUBQ6MSDBH2WUcUFbZUEQIKBwCg2UblE15Y0C0DFlGxGVU3Jkd82kUAoLdf
zjHU0Ez+qLT3IlJqDbcPf9B3
=1Y4f
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mkettler at EVI-INC.COM  Fri Dec 16 19:24:18 2005
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:31:32 2006
Subject: 4.48 BUG?: SpamAssassin Local Rules Dir
Message-ID: <mailman.18102.1137101492.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:
> It is quite possible that using this variable over-rides the local site 
> rules dir normally processed by SpamAssassin. If this is the case, I 
> need to change the documentation for this setting to include a warning 
> about this behaviour.
> 
> Matt (Kettler) ---- Can you confirm this for me please? (as my resident 
> SA guru :-)
> 

I believe that's true, but of course I only know what SA will do, and I don't
know what MS is doing with the "SpamAssassin Local Rules Dir" option. I'm
assuming that MS is feeding the "SpamAssassin Local Rules Dir" into
Mail::SpamAssassin->new as the site_rules_filename.

If that's true, then yes, it will force-override SA's automatic hunting around
for  a site_rules_dir, which normally finds /etc/mail/spamassassin/ or
/etc/spamassassin and uses that.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From amoore at DEKALBMEMORIAL.COM  Fri Dec 16 19:28:01 2005
From: amoore at DEKALBMEMORIAL.COM (Aaron K. Moore)
Date: Thu Jan 12 21:31:32 2006
Subject: Milter-error
Message-ID: <mailman.18103.1137101492.24926.mailscanner@lists.mailscanner.info>

Stephen Swaney wrote:
> 
> Take a look at new snertsoft (www.snertsoft.com) milter,
> milter-error. This can block on errors and although I haven't tried
> it yet, I think it can help stop the dictionary and other type of
> attacks. I'm looking forward to testing it.
> 

I'm giving it a try now.  Earlier in the week I noticed we were getting
flooded with messages from a dictionary attack.

I'm also running milter-ahead.  I have the milter input filter order set
to milter-error,milter-ahead.

I'd be interested in your findings.

-- 
Aaron Kent Moore
Information Technology Services
DeKalb Memorial Hospital, Inc.
Auburn, IN
Phone:  260.920.2808
E-mail:  amoore@dekalbmemorial.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dnsadmin at 1BIGTHINK.COM  Fri Dec 16 19:59:24 2005
From: dnsadmin at 1BIGTHINK.COM (dnsadmin 1bigthink.com)
Date: Thu Jan 12 21:31:32 2006
Subject: Milter-error
Message-ID: <mailman.18104.1137101492.24926.mailscanner@lists.mailscanner.info>

At 02:28 PM 12/16/2005, you wrote:

>Stephen Swaney wrote:
> >
> > Take a look at new snertsoft (www.snertsoft.com) milter,
> > milter-error. This can block on errors and although I haven't tried
> > it yet, I think it can help stop the dictionary and other type of
> > attacks. I'm looking forward to testing it.
> >
>
>I'm giving it a try now.  Earlier in the week I noticed we were getting
>flooded with messages from a dictionary attack.
>
>I'm also running milter-ahead.  I have the milter input filter order set
>to milter-error,milter-ahead.
>
>I'd be interested in your findings.

I'd be interested too. Is anyone trying this under sendmail 8.12.10+ 
or do I have to go to 8.13?

Thanks,
Glenn 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From KLekas at FOXRIVER.COM  Fri Dec 16 22:27:56 2005
From: KLekas at FOXRIVER.COM (Kosta Lekas)
Date: Thu Jan 12 21:31:32 2006
Subject: Maximum Message size and Attachmnet size no working for me
Message-ID: <mailman.18105.1137101492.24926.mailscanner@lists.mailscanner.info>


I am running MailScanner version 4.42.9, Postfix 2.1.5 and Spamassassin
3.1.0


I have set:

Maximum Message Size = 10000000

Maximum Attachment Size = 10000000

 

I tested this by sending out a 20MB message to see if it will get blocked
but the message got past MailScanner.

 

I am wondering if some other setting in MailScanner can be overriding
this. All I can think of is that I have everything From: everyone on my
internal LAN is whitelisted in spamassassin whitelist (I am grasping at
straws here), also I have set in postfix message_size_limit = 35000000,
can any of these configurations be overriding these settings.

 

Please Help

 

Kosta Lekas

Fox River Financial Resources

630.482.7142 - office

630.885.9355 - mobile

630.232.6074 - fax

 


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From MailScanner at ecs.soton.ac.uk  Sat Dec 17 00:02:17 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:32 2006
Subject: For old time's sake...
Message-ID: <mailman.18106.1137101492.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

This is the earliest version I can find. There is an older one 
somewhere, but I can't find it.
1,000 lines of Perl, 10 configuration options.
There is a version out there somewhere that has no config file, but I 
think it's lost unfortunately. All our oldest servers have been scrapped 
years ago. But the attached version 1 can't be more than 3 weeks after I 
started writing it, so it's nearly as old as they get. It's probably 
version 1.01. Just wanted to make sure it never gets lost, someone 
somwhere (e.g. gmane) will store it for posterity.

Back in the good old Perl 4 days :-)

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


    [ Part 1.2, Application/X-COMPRESSED  12KB. ]
    [ Unable to print this part. ]


    [ Part 2, Application/PGP-SIGNATURE  202bytes. ]
    [ Unable to print this part. ]


From MailScanner at ecs.soton.ac.uk  Sat Dec 17 00:02:17 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:32 2006
Subject: For old time's sake...
Message-ID: <mailman.18107.1137101492.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

This is the earliest version I can find. There is an older one 
somewhere, but I can't find it.
1,000 lines of Perl, 10 configuration options.
There is a version out there somewhere that has no config file, but I 
think it's lost unfortunately. All our oldest servers have been scrapped 
years ago. But the attached version 1 can't be more than 3 weeks after I 
started writing it, so it's nearly as old as they get. It's probably 
version 1.01. Just wanted to make sure it never gets lost, someone 
somwhere (e.g. gmane) will store it for posterity.

Back in the good old Perl 4 days :-)

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 1.2, Application/X-COMPRESSED  12KB. ]
    [ Unable to print this part. ]


    [ Part 2, Application/PGP-SIGNATURE  202bytes. ]
    [ Unable to print this part. ]


From ja at CONVIATOR.COM  Sat Dec 17 01:25:23 2005
From: ja at CONVIATOR.COM (Jan Agermose)
Date: Thu Jan 12 21:31:32 2006
Subject: delete from the mailq
Message-ID: <mailman.18108.1137101492.24926.mailscanner@lists.mailscanner.info>


Hi

 

By accident I setup a script that was sending me emails &#8211; some
50.000 :-D anyway &#8211; I would of cause like to delete them from the
mail queue, but there might be something else in the queue, so I cannot
really just do a rm &#8211;f /var/spool/mqueue.in J

 

Does anyone have a script or something to delete mails in queue based on
a regex? Or passing a mail address as sender or receiver address?

 

Right now I just setup MXdefender to delete mails having this specific
receiver and sender &#8211; in stead of delivering the mails. But this
method does take some time J

 

Regards

Jan

 


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From shuttlebox at GMAIL.COM  Sat Dec 17 09:48:02 2005
From: shuttlebox at GMAIL.COM (shuttlebox)
Date: Thu Jan 12 21:31:32 2006
Subject: delete from the mailq
Message-ID: <mailman.18109.1137101492.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 12/17/05, Jan Agermose <ja@conviator.com> wrote:

      Does anyone have a script or something to delete mails in
      queue based on a regex? Or passing a mail address as sender
      or receiver address?

This is from http://www.brandonhutchinson.com/deleting_mail_queue.html, I
use it myself. He has some more advanced stuff to but this one works
great.

#!/bin/sh

if [ -z $@ ] ; then
   echo "Usage: $0 email_address"
   exit 1
fi

for i in `(cd /var/spool/mqueue; grep -l "To:.*$1" qf* | cut -c3-)`
do
   mv /var/spool/mqueue/*$i /tmp/mqueue
done

/Peter

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From maillists at CONACTIVE.COM  Sat Dec 17 16:31:19 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:32 2006
Subject: delete from the mailq
Message-ID: <mailman.18110.1137101492.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Res wrote on         Sat, 17 Dec 2005 23:42:01 +1000:

> if he has 50K in there he will need to use xargs most likely 
> there is a perl script around called cspool that will remove any mail with 
> a keywork, if you ene dit email me off list

Apart from any effort to identify the ones to be deleted, why not move *all* 
of them out of the queue, so you can continue normal processing, then 
identify the offending ones by whatever way and then remove the remaining 
queue files?

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Sat Dec 17 16:44:50 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:32 2006
Subject: Maximum Message size and Attachmnet size no working for me
Message-ID: <mailman.18111.1137101492.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I just tried to reproduce this problem and failed. Works fine on my systems.
You did reload/restart MailScanner after setting the config options, 
didn't you?

Kosta Lekas wrote:

> I am running MailScanner version 4.42.9, Postfix 2.1.5 and 
> Spamassassin 3.1.0
>
>
> I have set:
>
> Maximum Message Size = 10000000
>
> Maximum Attachment Size = 10000000
>
>  
>
> I tested this by sending out a 20MB message to see if it will get 
> blocked but the message got past MailScanner.
>
>  
>
> I am wondering if some other setting in MailScanner can be overriding 
> this. All I can think of is that I have everything From: everyone on 
> my internal LAN is whitelisted in spamassassin whitelist (I am 
> grasping at straws here), also I have set in postfix 
> message_size_limit = 35000000, can any of these configurations be 
> overriding these settings.
>
>  
>
> Please Help
>
>  
>
> Kosta Lekas
>
> Fox River Financial Resources
>
> 630.482.7142 - office
>
> 630.885.9355 - mobile
>
> 630.232.6074 - fax
>
>  
>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> *Support MailScanner development - buy the book off the website!*


-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Sat Dec 17 19:21:45 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:32 2006
Subject: Beta 4.49.2 released --- faster?
Message-ID: <mailman.18112.1137101492.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I have just released beta version 4.49.2.

Download as usual from www.mailscanner.info.

In this version the main target is speed. If things work as intended, 
there should be major speed improvements for sendmail and Postfix 
systems (sendmail in particular).

Please do try this and let me know if you think it is running faster 
than previous versions, data supplied to me indicates it should be 
fairly dramatic and noticeable.

I have also implemented 4 new configuration options for the benefit of 
web-based administration interfaces for MailScanner, simplifying the 
whole filename and filetype rules system for them. This will make it 
dramatically easier to change the filenames allowed and denied for 
different people, without having to get into multiple 
filename.rules.conf files and all that jazz. They are "Allow Filenames", 
"Deny Filenames", "Allow Filetypes" and "Deny Filetypes". They work like 
normal configuration options, and their value is a list of patterns to 
match. Read the MailScanner.conf for a more detailed explanation and 
examples.

Lastly, I would like to wish you all a very Happy Christmas and a Merry 
New Year. I hope you all get the chance to have a break for a day or 
two, and let us look forward to having a virus-free and mostly spam-free 
2006 on our mail systems!

Cheers!



The full Change Log is this:

* New Features and Improvements *
- Now changes the command line listed in `ps` (ie $0) to show what
  MailScanner is doing. Should help diagnose slow system problems.
- Speed improvements for sendmail and Postfix systems by changing the
  way temporary files are handled and how attachments are parsed. This
  should be really noticeable if I've got it right.
  Thanks for the great help of the guys who know who they are.
- 4 new configuration options, which list patterns against which filenames
  and filetypes are matched to see if we should allow them or block them.
  This is implemented for the benefit of web-based configuration systems for
  MailScanner, it is not really intended for human use as it will complicate
  the filename/filetype matching unless you understand it. Read the comments
  in the MailScanner.conf and suggest better explanations!
  "Allow Filenames", "Deny Filenames", "Allow Filetypes", "Deny Filetypes".
  Note: There are 2 new entries in languages.conf so remember to
        run an upgrade_languages_conf.

* Fixes *
- Changed Postfix code to better support latest revision of Perl.

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Sat Dec 17 19:39:57 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:32 2006
Subject: Beta 4.49.2 released --- faster?
Message-ID: <mailman.18113.1137101492.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

One thing. The speed improvement won't affect SpamAssassin, but for 
virus scanning it should extract attachments faster than before.

Julian Field wrote:

> I have just released beta version 4.49.2.
>
> Download as usual from www.mailscanner.info.
>
> In this version the main target is speed. If things work as intended, 
> there should be major speed improvements for sendmail and Postfix 
> systems (sendmail in particular).
>
> Please do try this and let me know if you think it is running faster 
> than previous versions, data supplied to me indicates it should be 
> fairly dramatic and noticeable.
>
> I have also implemented 4 new configuration options for the benefit of 
> web-based administration interfaces for MailScanner, simplifying the 
> whole filename and filetype rules system for them. This will make it 
> dramatically easier to change the filenames allowed and denied for 
> different people, without having to get into multiple 
> filename.rules.conf files and all that jazz. They are "Allow 
> Filenames", "Deny Filenames", "Allow Filetypes" and "Deny Filetypes". 
> They work like normal configuration options, and their value is a list 
> of patterns to match. Read the MailScanner.conf for a more detailed 
> explanation and examples.
>
> Lastly, I would like to wish you all a very Happy Christmas and a 
> Merry New Year. I hope you all get the chance to have a break for a 
> day or two, and let us look forward to having a virus-free and mostly 
> spam-free 2006 on our mail systems!
>
> Cheers!
>
>
>
> The full Change Log is this:
>
> * New Features and Improvements *
> - Now changes the command line listed in `ps` (ie $0) to show what
>  MailScanner is doing. Should help diagnose slow system problems.
> - Speed improvements for sendmail and Postfix systems by changing the
>  way temporary files are handled and how attachments are parsed. This
>  should be really noticeable if I've got it right.
>  Thanks for the great help of the guys who know who they are.
> - 4 new configuration options, which list patterns against which 
> filenames
>  and filetypes are matched to see if we should allow them or block them.
>  This is implemented for the benefit of web-based configuration 
> systems for
>  MailScanner, it is not really intended for human use as it will 
> complicate
>  the filename/filetype matching unless you understand it. Read the 
> comments
>  in the MailScanner.conf and suggest better explanations!
>  "Allow Filenames", "Deny Filenames", "Allow Filetypes", "Deny 
> Filetypes".
>  Note: There are 2 new entries in languages.conf so remember to
>        run an upgrade_languages_conf.
>
> * Fixes *
> - Changed Postfix code to better support latest revision of Perl.
>

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From brad at BECKENHAUER.COM  Sun Dec 18 00:11:07 2005
From: brad at BECKENHAUER.COM (Brad Beckenhauer)
Date: Thu Jan 12 21:31:32 2006
Subject: Beta 4.49.2 released --- faster?
Message-ID: <mailman.18114.1137101492.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "windows-1252" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hummm...
I checked the website and the weblinks still point to the previous
version.
 
However, I was able to retrieve the file.
wgethttp://www.sng.ecs.soton.ac.uk/mailscanner/files/4/tar/MailScanner-install-4.49
2-1.tar.gz
 
FYI:
ping www.mailscanner.info
PING www.mailscanner.info (152.78.68.160) 56(84) bytes of data.
64 bytes from augur.ecs.soton.ac.uk (152.78.68.160): icmp_seq=1 ttl=42
time=132 ms
 
thanks!

>>> Julian Field<MailScanner@ECS.SOTON.AC.UK> 12/17/2005 1:21:45 PM >>>
I have just released beta version 4.49.2.

Download as usual from MailScanner has detected a possible fraud attempt
from "www.mailscanner.info." claiming to be A possible fraud attempt from
"www.mailscanner.info." claiming to be www.mailscanner.info.

In this version the main target is speed. If things work as intended,
there should be major speed improvements for sendmail and Postfix
systems (sendmail in particular).

Please do try this and let me know if you think it is running faster
than previous versions, data supplied to me indicates it should be
fairly dramatic and noticeable.

I have also implemented 4 new configuration options for the benefit of
web-based administration interfaces for MailScanner, simplifying the
whole filename and filetype rules system for them. This will make it
dramatically easier to change the filenames allowed and denied for
different people, without having to get into multiple
filename.rules.conf files and all that jazz. They are "Allow Filenames",
"Deny Filenames", "Allow Filetypes" and "Deny Filetypes". They work like
normal configuration options, and their value is a list of patterns to
match. Read the MailScanner.conf for a more detailed explanation and
examples.

Lastly, I would like to wish you all a very Happy Christmas and a Merry
New Year. I hope you all get the chance to have a break for a day or
two, and let us look forward to having a virus-free and mostly spam-free
2006 on our mail systems!

Cheers!



The full Change Log is this:

* New Features and Improvements *
- Now changes the command line listed in `ps` (ie $0) to show what
  MailScanner is doing. Should help diagnose slow system problems.
- Speed improvements for sendmail and Postfix systems by changing the
  way temporary files are handled and how attachments are parsed. This
  should be really noticeable if I've got it right.
  Thanks for the great help of the guys who know who they are.
- 4 new configuration options, which list patterns against which
filenames
  and filetypes are matched to see if we should allow them or block them.
  This is implemented for the benefit of web-based configuration systems
for
  MailScanner, it is not really intended for human use as it will
complicate
  the filename/filetype matching unless you understand it. Read the
comments
  in the MailScanner.conf and suggest better explanations!
  "Allow Filenames", "Deny Filenames", "Allow Filetypes", "Deny
Filetypes".
  Note: There are 2 new entries in languages.conf so remember to
        run an upgrade_languages_conf.

* Fixes *
- Changed Postfix code to better support latest revision of Perl.

--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From KLekas at FOXRIVER.COM  Sun Dec 18 01:07:04 2005
From: KLekas at FOXRIVER.COM (Kosta Lekas)
Date: Thu Jan 12 21:31:32 2006
Subject: Maximum Message size and Attachmnet size no working for me
Message-ID: <mailman.18115.1137101492.24926.mailscanner@lists.mailscanner.info>

Yes I did. Do you have any suggestions on how I can debug this. 

Kosta Lekas
Fox River Financial Resources
630.482.7142 - office
630.885.9355 - mobile
630.232.6074 - fax

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of Julian Field
Sent: Saturday, December 17, 2005 10:45 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Maximum Message size and Attachmnet size no working for me

I just tried to reproduce this problem and failed. Works fine on my
systems.
You did reload/restart MailScanner after setting the config options, 
didn't you?

Kosta Lekas wrote:

> I am running MailScanner version 4.42.9, Postfix 2.1.5 and 
> Spamassassin 3.1.0
>
>
> I have set:
>
> Maximum Message Size = 10000000
>
> Maximum Attachment Size = 10000000
>
>  
>
> I tested this by sending out a 20MB message to see if it will get 
> blocked but the message got past MailScanner.
>
>  
>
> I am wondering if some other setting in MailScanner can be overriding 
> this. All I can think of is that I have everything From: everyone on 
> my internal LAN is whitelisted in spamassassin whitelist (I am 
> grasping at straws here), also I have set in postfix 
> message_size_limit = 35000000, can any of these configurations be 
> overriding these settings.
>
>  
>
> Please Help
>
>  
>
> Kosta Lekas
>
> Fox River Financial Resources
>
> 630.482.7142 - office
>
> 630.885.9355 - mobile
>
> 630.232.6074 - fax
>
>  
>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> *Support MailScanner development - buy the book off the website!*


-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mark at PRESLING.COM  Sun Dec 18 01:22:45 2005
From: mark at PRESLING.COM (Mark Presling)
Date: Thu Jan 12 21:31:32 2006
Subject: For old time's sake...
Message-ID: <mailman.18116.1137101492.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Why did this happen when you sent that tgz attachment? (See "unrecognized
line" statements below)

 Dec 17 13:10:00 wha postfix/cleanup[18764]: 9F3B12E81D6: hold: header Received: from [192.168.21.10] by Circus (PGP Universal
 service); Sat, 17 Dec?          2005 00:02:18 +0000 from ictmailer1.itd.rl.ac.uk[130.246.192.56]; from=<owner-mailscanner@JI
SCMAIL.AC.UK> to=<mark@PRESLING.COM> proto=ESMTP helo=<ICTMAILER1.itd.rl.ac.uk>
Dec 17 13:10:00 wha postfix/cleanup[18764]: 9F3B12E81D6: message-id=<43A35589.9010909@ecs.soton.ac.uk>
Dec 17 13:10:00 wha MailScanner[17350]: New Batch: Scanning 1 messages, 17975 bytes
Dec 17 13:10:00 wha MailScanner[17350]: Saved archive copies of 9F3B12E81D6.9E1D2
Dec 17 13:10:00 wha MailScanner[17350]: Spam Checks: Starting
Dec 17 13:10:00 wha MailScanner[17350]: Whitelist refresh time reached
Dec 17 13:10:00 wha MailScanner[17350]: Starting up SQL Whitelist
Dec 17 13:10:00 wha MailScanner[17350]: Read 2 whitelist entries
Dec 17 13:10:00 wha MailScanner[17350]: Blacklist refresh time reached
Dec 17 13:10:00 wha MailScanner[17350]: Starting up SQL Blacklist
Dec 17 13:10:00 wha MailScanner[17350]: Read 0 blacklist entries
Dec 17 13:10:06 wha MailScanner[17350]: Message 9F3B12E81D6.9E1D2 from 130.246.192.56 (owner-mailscanner@jiscmail.ac.uk) to p
resling.com is not spam, SpamAssassin (score=-0.311, required 5, BAYES_00 -2.60, BIZ_TLD 2.29)
Dec 17 13:10:06 wha MailScanner[17350]: Virus and Content Scanning: Starting
Dec 17 13:10:07 wha MailScanner[17350]: config.pl
Dec 17 13:10:07 wha MailScanner[17350]: ProcessClamAVOutput: unrecognised line "config.pl". Please contact the authors!
Dec 17 13:10:07 wha MailScanner[17350]: explode.pl
Dec 17 13:10:07 wha MailScanner[17350]: ProcessClamAVOutput: unrecognised line "explode.pl". Please contact the authors!
Dec 17 13:10:07 wha MailScanner[17350]: info.pl
Dec 17 13:10:07 wha MailScanner[17350]: ProcessClamAVOutput: unrecognised line "info.pl". Please contact the authors!
Dec 17 13:10:07 wha MailScanner[17350]: logger.pl
Dec 17 13:10:07 wha MailScanner[17350]: ProcessClamAVOutput: unrecognised line "logger.pl". Please contact the authors!
Dec 17 13:10:07 wha MailScanner[17350]: main.pl
Dec 17 13:10:07 wha MailScanner[17350]: ProcessClamAVOutput: unrecognised line "main.pl". Please contact the authors!
Dec 17 13:10:07 wha MailScanner[17350]: Sendmail.pl
Dec 17 13:10:07 wha MailScanner[17350]: ProcessClamAVOutput: unrecognised line "Sendmail.pl". Please contact the authors!
Dec 17 13:10:07 wha MailScanner[17350]: sweep.pl
Dec 17 13:10:07 wha MailScanner[17350]: ProcessClamAVOutput: unrecognised line "sweep.pl". Please contact the authors!
Dec 17 13:10:07 wha MailScanner[17350]: syslog.pl
Dec 17 13:10:07 wha MailScanner[17350]: ProcessClamAVOutput: unrecognised line "syslog.pl". Please contact the authors!
Dec 17 13:10:07 wha MailScanner[17350]: Workarea.pl
Dec 17 13:10:07 wha MailScanner[17350]: ProcessClamAVOutput: unrecognised line "Workarea.pl". Please contact the authors!
Dec 17 13:10:07 wha MailScanner[17350]: Requeue: 9F3B12E81D6.9E1D2 to CD38C2E81D7
Dec 17 13:10:07 wha MailScanner[17350]: Uninfected: Delivered 1 messages
Dec 17 13:10:07 wha MailScanner[17350]: Logging message 9F3B12E81D6.9E1D2 to SQL
Dec 17 13:10:07 wha postfix/qmgr[28176]: CD38C2E81D7: from=<owner-mailscanner@jiscmail.ac.uk>, size=18039, nrcpt=1 (queue act
ive)

Is it something to be concerned about? Here is the version info...

 wha:~# /opt/MailScanner/bin/MailScanner --version
Running on
Linux wha 2.6.8-2-386 #1 Thu May 19 17:40:50 JST 2005 i686 GNU/Linux
This is Perl version 5.008004 (5.8.4)

This is MailScanner version 4.43.8
Module versions are:
1.00    AnyDBM_File
1.14    Archive::Zip
1.02    Carp
1.119   Convert::BinHex
1.00    DirHandle
1.05    Fcntl
2.72    File::Basename
2.07    File::Copy
2.01    FileHandle
1.06    File::Path
0.16    File::Temp
1.29    HTML::Entities
3.45    HTML::Parser
2.30    HTML::TokeParser
1.21    IO
1.10    IO::File
1.123   IO::Pipe
1.50    Mail::Header
3.05    MIME::Base64
5.417   MIME::Decoder
5.417   MIME::Decoder::UU
5.417   MIME::Head
5.417   MIME::Parser
3.03    MIME::QuotedPrint
5.417   MIME::Tools
0.10    Net::CIDR
1.08    POSIX
1.77    Socket
0.05    Sys::Syslog
1.02    Time::localtime

Optional module versions are:
1.808   DB_File
1.06    Digest
1.01    Digest::HMAC
2.33    Digest::MD5
2.10    Digest::SHA1
missing Inline
missing Mail::ClamAV
3.000003        Mail::SpamAssassin
missing Mail::SPF::Query
missing Net::CIDR::Lite
0.52    Net::DNS
missing Net::LDAP
missing Parse::RecDescent
missing SAVI
missing Sys::Hostname::Long
2.40    Test::Harness
0.47    Test::Simple
1.95    Text::Balanced
1.35    URI

Cheers,
Mark


Julian Field wrote:
      This is the earliest version I can find. There is an older
      one somewhere, but I can't find it.
      1,000 lines of Perl, 10 configuration options.
      There is a version out there somewhere that has no config
      file, but I think it's lost unfortunately. All our oldest
      servers have been scrapped years ago. But the attached
      version 1 can't be more than 3 weeks after I started writing
      it, so it's nearly as old as they get. It's probably version
      1.01. Just wanted to make sure it never gets lost, someone
      somwhere (e.g. gmane) will store it for posterity.

      Back in the good old Perl 4 days :-)


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From Dave  Sun Dec 18 02:57:07 2005
From: Dave (Dave)
Date: Thu Jan 12 21:31:32 2006
Subject: Help on Rules du Jour
Message-ID: <mailman.18117.1137101492.24926.mailscanner@lists.mailscanner.info>

I was trying to update Rules Du Jour but I got:


Script started on Sat Dec 17 19:46:56 2005
gallifrey.nk.ca//usr/source/rules_du_jour$ install.sh
Running SpamAssassin lint test 
[28647] dbg: logger: adding facilities: all
[28647] dbg: logger: logging level is DBG
[28647] dbg: generic: SpamAssassin version 3.1.0
[28647] dbg: config: score set 0 chosen.
[28647] dbg: util: running in taint mode? yes
[28647] dbg: util: taint mode: deleting unsafe environment variables, resetting PATH
[28647] dbg: util: PATH included '.', which is not absolute, dropping
[28647] dbg: util: PATH included '.', which is not absolute, dropping
[28647] dbg: util: PATH included '/usr/bin', keeping
[28647] dbg: util: PATH included '/usr/X11/bin', keeping
[28647] dbg: util: PATH included '/usr/local/bin', keeping
[28647] dbg: util: PATH included '/usr/sbin', keeping
[28647] dbg: util: PATH included '/bin', keeping
[28647] dbg: util: PATH included '/usr/bin', keeping
[28647] dbg: util: PATH included '/usr/sbin', keeping
[28647] dbg: util: PATH included '/sbin', keeping
[28647] dbg: util: PATH included '/usr/games', keeping
[28647] dbg: util: PATH included '/usr/X11/bin', keeping
[28647] dbg: util: PATH included '/usr/contrib/bin', keeping
[28647] dbg: util: PATH included '/var/news/bin', keeping
[28647] dbg: util: final PATH set to: /usr/bin:/usr/X11/bin:/usr/local/bin:/usr/sbin:/bin:/usr/bin:/usr/sbin:/sbin:/usr/games:/usr/X11/bin:/usr/contrib/bin:/var/news/bin
[28647] dbg: dns: is Net::DNS::Resolver available? yes
[28647] dbg: dns: Net::DNS version: 0.53
[28647] dbg: dns: name server: 0.0.0.0, family: 2, ipv6: 0
[28647] dbg: diag: perl platform: 5.008007 bsdos
[28647] dbg: diag: module installed: Digest::SHA1, version 2.06
[28647] dbg: diag: module installed: MIME::Base64, version 3.07
[28647] dbg: diag: module installed: HTML::Parser, version 3.47
[28647] dbg: diag: module installed: DB_File, version 1.811
[28647] dbg: diag: module installed: Net::DNS, version 0.53
[28647] dbg: diag: module installed: Net::SMTP, version 2.29
[28647] dbg: diag: module installed: Mail::SPF::Query, version 1.997
[28647] dbg: diag: module installed: IP::Country::Fast, version 309.002
[28647] dbg: diag: module installed: Razor2::Client::Agent, version 2.77
[28647] dbg: diag: module installed: Net::Ident, version 1.20
[28647] dbg: diag: module installed: IO::Socket::INET6, version 2.51
[28647] dbg: diag: module installed: IO::Socket::SSL, version 0.97
[28647] dbg: diag: module installed: Time::HiRes, version 1.66
[28647] dbg: diag: module installed: DBI, version 1.48
[28647] dbg: diag: module installed: Getopt::Long, version 2.34
[28647] dbg: diag: module installed: LWP::UserAgent, version 2.033
[28647] dbg: diag: module installed: HTTP::Date, version 1.46
[28647] dbg: diag: module installed: Archive::Tar, version 1.26
[28647] dbg: diag: module installed: IO::Zlib, version 1.04
[28647] dbg: ignore: using a test message to lint rules
[28647] dbg: config: using "/usr/contrib/etc/mail/spamassassin" for site rules pre files
[28647] dbg: config: read file /usr/contrib/etc/mail/spamassassin/init.pre
[28647] dbg: config: read file /usr/contrib/etc/mail/spamassassin/v310.pre
[28647] dbg: config: using "/usr/contrib/share/spamassassin" for sys rules pre files
[28647] dbg: config: using "/usr/contrib/share/spamassassin" for default rules dir
[28647] dbg: config: read file /usr/contrib/share/spamassassin/10_misc.cf
[28647] dbg: config: read file /usr/contrib/share/spamassassin/20_advance_fee.cf
[28647] dbg: config: read file /usr/contrib/share/spamassassin/20_anti_ratware.cf
[28647] dbg: config: read file /usr/contrib/share/spamassassin/20_body_tests.cf
[28647] dbg: config: read file /usr/contrib/share/spamassassin/20_compensate.cf
[28647] dbg: config: read file /usr/contrib/share/spamassassin/20_dnsbl_tests.cf
[28647] dbg: config: read file /usr/contrib/share/spamassassin/20_drugs.cf
[28647] dbg: config: read file /usr/contrib/share/spamassassin/20_fake_helo_tests.cf
[28647] dbg: config: read file /usr/contrib/share/spamassassin/20_head_tests.cf
[28647] dbg: config: read file /usr/contrib/share/spamassassin/20_html_tests.cf
[28647] dbg: config: read file /usr/contrib/share/spamassassin/20_meta_tests.cf
[28647] dbg: config: read file /usr/contrib/share/spamassassin/20_net_tests.cf
[28647] dbg: config: read file /usr/contrib/share/spamassassin/20_phrases.cf
[28647] dbg: config: read file /usr/contrib/share/spamassassin/20_porn.cf
[28647] dbg: config: read file /usr/contrib/share/spamassassin/20_ratware.cf
[28647] dbg: config: read file /usr/contrib/share/spamassassin/20_uri_tests.cf
[28647] dbg: config: read file /usr/contrib/share/spamassassin/23_bayes.cf
[28647] dbg: config: read file /usr/contrib/share/spamassassin/25_accessdb.cf
[28647] dbg: config: read file /usr/contrib/share/spamassassin/25_antivirus.cf
[28647] dbg: config: read file /usr/contrib/share/spamassassin/25_body_tests_es.cf
[28647] dbg: config: read file /usr/contrib/share/spamassassin/25_body_tests_pl.cf
[28647] dbg: config: read file /usr/contrib/share/spamassassin/25_dcc.cf
[28647] dbg: config: read file /usr/contrib/share/spamassassin/25_domainkeys.cf
[28647] dbg: config: read file /usr/contrib/share/spamassassin/25_hashcash.cf
[28647] dbg: config: read file /usr/contrib/share/spamassassin/25_pyzor.cf
[28647] dbg: config: read file /usr/contrib/share/spamassassin/25_razor2.cf
[28647] dbg: config: read file /usr/contrib/share/spamassassin/25_replace.cf
[28647] dbg: config: read file /usr/contrib/share/spamassassin/25_spf.cf
[28647] dbg: config: read file /usr/contrib/share/spamassassin/25_textcat.cf
[28647] dbg: config: read file /usr/contrib/share/spamassassin/25_uribl.cf
[28647] dbg: config: read file /usr/contrib/share/spamassassin/30_text_de.cf
[28647] dbg: config: read file /usr/contrib/share/spamassassin/30_text_fr.cf
[28647] dbg: config: read file /usr/contrib/share/spamassassin/30_text_it.cf
[28647] dbg: config: read file /usr/contrib/share/spamassassin/30_text_nl.cf
[28647] dbg: config: read file /usr/contrib/share/spamassassin/30_text_pl.cf
[28647] dbg: config: read file /usr/contrib/share/spamassassin/30_text_pt_br.cf
[28647] dbg: config: read file /usr/contrib/share/spamassassin/50_scores.cf
[28647] dbg: config: read file /usr/contrib/share/spamassassin/60_awl.cf
[28647] dbg: config: read file /usr/contrib/share/spamassassin/60_whitelist.cf
[28647] dbg: config: read file /usr/contrib/share/spamassassin/60_whitelist_spf.cf
[28647] dbg: config: read file /usr/contrib/share/spamassassin/60_whitelist_subject.cf
[28647] dbg: config: using "/usr/contrib/etc/mail/spamassassin" for site rules dir
[28647] dbg: config: read file /usr/contrib/etc/mail/spamassassin/70_sare_adult.cf
[28647] dbg: config: read file /usr/contrib/etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf
[28647] dbg: config: read file /usr/contrib/etc/mail/spamassassin/70_sare_evilnum0.cf
[28647] dbg: config: read file /usr/contrib/etc/mail/spamassassin/70_sare_evilnum1.cf
[28647] dbg: config: read file /usr/contrib/etc/mail/spamassassin/70_sare_evilnum2.cf
[28647] dbg: config: read file /usr/contrib/etc/mail/spamassassin/70_sare_genlsubj0.cf
[28647] dbg: config: read file /usr/contrib/etc/mail/spamassassin/70_sare_genlsubj1.cf
[28647] dbg: config: read file /usr/contrib/etc/mail/spamassassin/70_sare_header.cf
[28647] dbg: config: read file /usr/contrib/etc/mail/spamassassin/70_sare_header0.cf
[28647] dbg: config: read file /usr/contrib/etc/mail/spamassassin/70_sare_header1.cf
[28647] dbg: config: read file /usr/contrib/etc/mail/spamassassin/70_sare_html.cf
[28647] dbg: config: read file /usr/contrib/etc/mail/spamassassin/70_sare_html0.cf
[28647] dbg: config: read file /usr/contrib/etc/mail/spamassassin/70_sare_html1.cf
[28647] dbg: config: read file /usr/contrib/etc/mail/spamassassin/70_sare_oem.cf
[28647] dbg: config: read file /usr/contrib/etc/mail/spamassassin/70_sare_random.cf
[28647] dbg: config: read file /usr/contrib/etc/mail/spamassassin/70_sare_specific.cf
[28647] dbg: config: read file /usr/contrib/etc/mail/spamassassin/70_sare_spoof.cf
[28647] dbg: config: read file /usr/contrib/etc/mail/spamassassin/70_sare_unsub.cf
[28647] dbg: config: read file /usr/contrib/etc/mail/spamassassin/70_sare_uri0.cf
[28647] dbg: config: read file /usr/contrib/etc/mail/spamassassin/72_sare_bml_post25x.cf
[28647] dbg: config: read file /usr/contrib/etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf
[28647] dbg: config: read file /usr/contrib/etc/mail/spamassassin/99_sare_fraud_post25x.cf
[28647] dbg: config: read file /usr/contrib/etc/mail/spamassassin/bogus-virus-warnings.cf
[28647] dbg: config: read file /usr/contrib/etc/mail/spamassassin/local.cf
[28647] dbg: config: read file /usr/contrib/etc/mail/spamassassin/random.cf
[28647] dbg: config: read file /usr/contrib/etc/mail/spamassassin/tripwire.cf
[28647] dbg: config: using "/root/.spamassassin" for user state dir
[28647] dbg: config: using "/usr/contrib/etc/MailScanner/spam.assassin.prefs.conf" for user prefs file
[28647] dbg: config: read file /usr/contrib/etc/MailScanner/spam.assassin.prefs.conf
[28647] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC
[28647] dbg: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x85f58e4)
[28647] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC
[28647] dbg: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0x85f75dc)
[28647] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC
[28647] dbg: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x9179f2c)
[28647] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC
[28647] dbg: pyzor: network tests on, attempting Pyzor
[28647] dbg: plugin: registered Mail::SpamAssassin::Plugin::Pyzor=HASH(0x93b1cc0)
[28647] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC
[28647] dbg: reporter: network tests on, attempting SpamCop
[28647] dbg: plugin: registered Mail::SpamAssassin::Plugin::SpamCop=HASH(0x92556cc)
[28647] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC
[28647] dbg: plugin: registered Mail::SpamAssassin::Plugin::AWL=HASH(0x92581f8)
[28647] dbg: plugin: loading Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC
[28647] dbg: plugin: registered Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x94a31f8)
[28647] dbg: plugin: loading Mail::SpamAssassin::Plugin::WhiteListSubject from @INC
[28647] dbg: plugin: registered Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x94a3c00)
[28647] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC
[28647] dbg: plugin: registered Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x916184c)
[28647] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC
[28647] dbg: plugin: registered Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9173888)
[28647] dbg: config: adding redirector regex: /^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i
[28647] dbg: config: adding redirector regex: /^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i
[28647] dbg: config: adding redirector regex: /^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i
[28647] dbg: config: adding redirector regex: /^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i
[28647] dbg: config: adding redirector regex: /^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i
[28647] dbg: config: adding redirector regex: m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&\#])'i
[28647] dbg: config: adding redirector regex: m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i
[28647] warn: config: failed to parse line, skipping: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
[28647] warn: config: failed to parse line, skipping: <HTML><HEAD>
[28647] warn: config: failed to parse line, skipping: <TITLE>302 Found</TITLE>
[28647] warn: config: failed to parse line, skipping: </HEAD><BODY>
[28647] warn: config: failed to parse line, skipping: <H1>Found</H1>
[28647] warn: config: failed to parse line, skipping: The document has moved <A HREF="http://www.sa-blacklist.stearns.org/sa-blacklist/random.current.cf">here</A>.<P>
[28647] warn: config: failed to parse line, skipping: </BODY></HTML>
[28647] dbg: plugin: Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9173888) implements 'finish_parsing_end'
[28647] dbg: replacetags: replacing tags
[28647] dbg: replacetags: done replacing tags
[28647] dbg: config: using "/root/.spamassassin" for user state dir
[28647] dbg: bayes: tie-ing to DB file R/O /root/.spamassassin/bayes_toks
[28647] warn: Use of uninitialized value in numeric gt (>) at /usr/libdata/perl5/5.8.7/i386-bsdos/DB_File.pm line 271.
[28647] dbg: bayes: tie-ing to DB file R/O /root/.spamassassin/bayes_seen
[28647] warn: Use of uninitialized value in numeric gt (>) at /usr/libdata/perl5/5.8.7/i386-bsdos/DB_File.pm line 271.
[28647] dbg: bayes: found bayes db version 3
[28647] dbg: bayes: opportunistic call attempt skipped, found fresh running expire magic token
[28647] dbg: config: score set 3 chosen.
[28647] dbg: message: ---- MIME PARSER START ----
[28647] dbg: message: main message type: text/plain
[28647] dbg: message: parsing normal part
[28647] dbg: message: added part, type: text/plain
[28647] dbg: message: ---- MIME PARSER END ----
[28647] dbg: dns: testing resolver nameservers: 0.0.0.0, 204.209.81.1, 204.209.81.3, 142.77.1.1, 142.77.1.5, 206.75.255.100, 206.75.255.50, 209.82.127.20, 209.82.64.20, 216.13.63.20, 216.13.0.20, 206.235.86.11, 206.235.86.12, 209.153.194.1, 209.153.194.2
[28647] dbg: dns: trying (3) ebay.com...
[28647] dbg: dns: looking up NS for 'ebay.com'
[28647] dbg: dns: NS lookup of ebay.com using 0.0.0.0 succeeded => DNS available (set dns_available to override)
[28647] dbg: dns: is DNS available? 1
[28647] dbg: metadata: X-Spam-Relays-Trusted: 
[28647] dbg: metadata: X-Spam-Relays-Untrusted: 
[28647] dbg: message: no encoding detected
[28647] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x85f58e4) implements 'parsed_metadata'
[28647] dbg: uridnsbl: domains to query: 
[28647] dbg: dns: checking RBL sbl-xbl.spamhaus.org., set sblxbl-notfirsthop
[28647] dbg: dns: checking RBL sa-accredit.habeas.com., set habeas-firsttrusted
[28647] dbg: dns: checking RBL sbl-xbl.spamhaus.org., set sblxbl
[28647] dbg: dns: checking RBL sa-other.bondedsender.org., set bsp-untrusted
[28647] dbg: dns: checking RBL combined.njabl.org., set njabl-notfirsthop
[28647] dbg: dns: checking RBL combined.njabl.org., set njabl
[28647] dbg: dns: checking RBL combined-HIB.dnsiplists.completewhois.com., set whois
[28647] dbg: dns: checking RBL list.dsbl.org., set dsbl-notfirsthop
[28647] dbg: dns: checking RBL bl.spamcop.net., set spamcop
[28647] dbg: dns: checking RBL sa-trusted.bondedsender.org., set bsp-firsttrusted
[28647] dbg: dns: checking RBL combined-HIB.dnsiplists.completewhois.com., set whois-notfirsthop
[28647] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs-notfirsthop
[28647] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs
[28647] dbg: dns: checking RBL iadb.isipp.com., set iadb-firsttrusted
[28647] dbg: check: running tests for priority: 0
[28647] dbg: rules: running header regexp tests; score so far=0
[28647] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<"
[28647] dbg: rules: ran header rule __SANE_MSGID ======> got hit: "<1134874020@lint_rules>
[28647] dbg: rules: "
[28647] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit: "@lint_rules>"
[28647] dbg: rules: ran header rule NO_REAL_NAME ======> got hit: "ignore@compiling.spamassassin.taint.org
[28647] dbg: rules: "
[28647] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit: "1134874020"
[28647] dbg: plugin: registering glue method for check_hashcash_double_spend (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x85f75dc))
[28647] dbg: plugin: registering glue method for check_for_spf_helo_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x9179f2c))
[28647] dbg: spf: message was delivered entirely via trusted relays, not required
[28647] dbg: eval: all '*From' addrs: ignore@compiling.spamassassin.taint.org
[28647] dbg: plugin: registering glue method for check_subject_in_blacklist (Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x94a3c00))
[28647] dbg: plugin: registering glue method for check_hashcash_value (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x85f75dc))
[28647] dbg: eval: all '*To' addrs: 
[28647] dbg: plugin: registering glue method for check_for_spf_neutral (Mail::SpamAssassin::Plugin::SPF=HASH(0x9179f2c))
[28647] dbg: spf: message was delivered entirely via trusted relays, not required
[28647] dbg: plugin: registering glue method for check_for_spf_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x9179f2c))
[28647] dbg: rules: ran eval rule NO_RELAYS ======> got hit
[28647] dbg: plugin: registering glue method for check_for_spf_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x9179f2c))
[28647] dbg: plugin: registering glue method for check_for_spf_helo_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x9179f2c))
[28647] dbg: plugin: registering glue method for check_for_def_spf_whitelist_from (Mail::SpamAssassin::Plugin::SPF=HASH(0x9179f2c))
[28647] dbg: spf: cannot get Envelope-From, cannot use SPF
[28647] dbg: spf: def_spf_whitelist_from: could not find useable envelope sender
[28647] dbg: plugin: registering glue method for check_for_spf_fail (Mail::SpamAssassin::Plugin::SPF=HASH(0x9179f2c))
[28647] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit
[28647] dbg: plugin: registering glue method for check_subject_in_whitelist (Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x94a3c00))
[28647] dbg: plugin: registering glue method for check_for_spf_whitelist_from (Mail::SpamAssassin::Plugin::SPF=HASH(0x9179f2c))
[28647] dbg: spf: spf_whitelist_from: could not find useable envelope sender
[28647] dbg: rules: running body-text per-line regexp tests; score so far=0.96
[28647] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "I"
[28647] dbg: uri: running uri tests; score so far=0.96
[28647] dbg: bayes: opportunistic call attempt skipped, found fresh running expire magic token
[28647] dbg: bayes: corpus size: nspam = 4095, nham = 21627
[28647] dbg: bayes: score = 0.962923551711721
[28647] dbg: bayes: opportunistic call attempt skipped, found fresh running expire magic token
[28647] dbg: config: using "/root/.spamassassin" for user state dir
[28647] dbg: bayes: untie-ing
[28647] dbg: bayes: untie-ing db_toks
[28647] dbg: bayes: untie-ing db_seen
[28647] dbg: plugin: registering glue method for check_uridnsbl (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x85f58e4))
[28647] dbg: rules: ran eval rule BAYES_95 ======> got hit
[28647] dbg: rules: running raw-body-text per-line regexp tests; score so far=3.96
[28647] dbg: rules: running full-text regexp tests; score so far=3.96
[28647] dbg: plugin: registering glue method for check_pyzor (Mail::SpamAssassin::Plugin::Pyzor=HASH(0x93b1cc0))
[28647] dbg: util: current PATH is: /usr/bin:/usr/X11/bin:/usr/local/bin:/usr/sbin:/bin:/usr/bin:/usr/sbin:/sbin:/usr/games:/usr/X11/bin:/usr/contrib/bin:/var/news/bin
[28647] dbg: pyzor: pyzor is not available: no pyzor executable found
[28647] dbg: pyzor: no pyzor found, disabling Pyzor
[28647] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x85f58e4) implements 'check_tick'
[28647] dbg: check: running tests for priority: 500
[28647] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x85f58e4) implements 'check_post_dnsbl'
[28647] dbg: rules: running meta tests; score so far=3.96
[28647] dbg: rules: running header regexp tests; score so far=5.906
[28647] dbg: rules: running body-text per-line regexp tests; score so far=5.906
[28647] dbg: uri: running uri tests; score so far=5.906
[28647] dbg: rules: running raw-body-text per-line regexp tests; score so far=5.906
[28647] dbg: rules: running full-text regexp tests; score so far=5.906
[28647] dbg: check: running tests for priority: 1000
[28647] dbg: rules: running meta tests; score so far=5.906
[28647] dbg: rules: running header regexp tests; score so far=5.906
[28647] dbg: plugin: registering glue method for check_from_in_auto_whitelist (Mail::SpamAssassin::Plugin::AWL=HASH(0x92581f8))
[28647] dbg: config: using "/root/.spamassassin" for user state dir
[28647] dbg: locker: safe_lock: created /root/.spamassassin/auto-whitelist.lock.gallifrey.nk.ca.28647
[28647] dbg: locker: safe_lock: trying to get lock on /root/.spamassassin/auto-whitelist with 0 retries
[28647] dbg: locker: safe_lock: link to /root/.spamassassin/auto-whitelist.lock: link ok
[28647] dbg: auto-whitelist: tie-ing to DB file of type DB_File R/W in /root/.spamassassin/auto-whitelist
[28647] warn: Use of uninitialized value in numeric gt (>) at /usr/libdata/perl5/5.8.7/i386-bsdos/DB_File.pm line 271.
[28647] dbg: auto-whitelist: db-based ignore@compiling.spamassassin.taint.org|ip=none scores 0/0
[28647] dbg: auto-whitelist: AWL active, pre-score: 5.906, autolearn score: 5.906, mean: undef, IP: undef
[28647] dbg: auto-whitelist: DB addr list: untie-ing and unlocking
[28647] dbg: auto-whitelist: DB addr list: file locked, breaking lock
[28647] dbg: locker: safe_unlock: unlink /root/.spamassassin/auto-whitelist.lock
[28647] dbg: auto-whitelist: post auto-whitelist score: 5.906
[28647] dbg: rules: running body-text per-line regexp tests; score so far=5.906
[28647] dbg: uri: running uri tests; score so far=5.906
[28647] dbg: rules: running raw-body-text per-line regexp tests; score so far=5.906
[28647] dbg: rules: running full-text regexp tests; score so far=5.906
[28647] dbg: check: is spam? score=5.906 required=5
[28647] dbg: check: tests=BAYES_95,MISSING_SUBJECT,NO_REAL_NAME,NO_RECEIVED,NO_RELAYS,TO_CC_NONE
[28647] dbg: check: subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID
[28647] warn: lint: 7 issues detected, please rerun with debug enabled for more information
SpamAssassin lint test failed
gallifrey.nk.ca//usr/source/rules_du_jour$ r^H ^Hexit
exit

Script done on Sat Dec 17 19:47:12 2005

Why suddenly does this happen?

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From res at AUSICS.NET  Sun Dec 18 07:49:34 2005
From: res at AUSICS.NET (Res)
Date: Thu Jan 12 21:31:32 2006
Subject: delete from the mailq
Message-ID: <mailman.18118.1137101492.24926.mailscanner@lists.mailscanner.info>

On Sat, 17 Dec 2005, Kai Schaetzl wrote:

> Res wrote on         Sat, 17 Dec 2005 23:42:01 +1000:
>
>> if he has 50K in there he will need to use xargs most likely
>> there is a perl script around called cspool that will remove any mail with
>> a keywork, if you ene dit email me off list
>
> Apart from any effort to identify the ones to be deleted, why not move *all*
> of them out of the queue, so you can continue normal processing, then
> identify the offending ones by whatever way and then remove the remaining
> queue files?

you are doubling the work, "move - process - move_back_real"
"process" is less messier


>
> Kai
>
>

-- 
Cheers
Res

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Sun Dec 18 11:31:23 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:32 2006
Subject: delete from the mailq
Message-ID: <mailman.18119.1137101492.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Res wrote on         Sun, 18 Dec 2005 17:49:34 +1000:

> you are doubling the work, "move - process - move_back_real" 
> "process" is less messier

So, he stops processing until he has a good script? Come on ...

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From smf at F2S.COM  Sun Dec 18 12:37:28 2005
From: smf at F2S.COM (Steve Freegard)
Date: Thu Jan 12 21:31:32 2006
Subject: Help on Rules du Jour
Message-ID: <mailman.18120.1137101492.24926.mailscanner@lists.mailscanner.info>

Hi Dave,

Here's the problem:

> [28647] warn: config: failed to parse line, skipping: <!DOCTYPE HTML
> PUBLIC "-//IETF//DTD HTML 2.0//EN">
> [28647] warn: config: failed to parse line, skipping: <HTML><HEAD>
> [28647] warn: config: failed to parse line, skipping: <TITLE>302
> Found</TITLE>
> [28647] warn: config: failed to parse line, skipping: </HEAD><BODY>
> [28647] warn: config: failed to parse line, skipping: <H1>Found</H1>
> [28647] warn: config: failed to parse line, skipping: The document has
> moved <A
> HREF="http://www.sa-blacklist.stearns.org/sa-blacklist/random.current.cf">here</A>.<P>
> [28647] warn: config: failed to parse line, skipping: </BODY></HTML> 

Seems that the RANDOM ruleset has been moved and curl got you the
redirect page instead.

Check to see if there is an updated rules_du_jour script or manually
change it to use the above URL instead.

Regards,
Steve.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Sun Dec 18 12:59:40 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:32 2006
Subject: Beta 4.49.2 released --- faster?
Message-ID: <mailman.18121.1137101492.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "windows-1252" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I just checked the "Beta" bit of the downloads page, and it looks 
correct to me. You did look in the Beta bit, didn't you?

Brad Beckenhauer wrote:

> Hummm...
> I checked the website and the weblinks still point to the previous 
> version.
>  
> However, I was able to retrieve the file.
> wget 
> http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/tar/MailScanner-install-4.49.2-1.tar.gz
>  
> FYI:
> ping www.mailscanner.info <http://www.mailscanner.info>
> PING www.mailscanner.info <http://www.mailscanner.info> 
> (152.78.68.160) 56(84) bytes of data.
> 64 bytes from augur.ecs.soton.ac.uk (152.78.68.160): icmp_seq=1 ttl=42 
> time=132 ms
>  
> thanks!
>

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Sun Dec 18 13:00:38 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:32 2006
Subject: For old time's sake...
Message-ID: <mailman.18122.1137101492.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Since your version, I have stopped it making all these spurious log entries.

Mark Presling wrote:

> Why did this happen when you sent that tgz attachment? (See 
> "unrecognized line" statements below)
>
>Dec 17 13:10:00 wha postfix/cleanup[18764]: 9F3B12E81D6: hold: header Received: from [192.168.21.10] by Circus (PGP Universal
> service); Sat, 17 Dec?          2005 00:02:18 +0000 from ictmailer1.itd.rl.ac.uk[130.246.192.56]; from=<owner-mailscanner@JI
>SCMAIL.AC.UK> to=<mark@PRESLING.COM> proto=ESMTP helo=<ICTMAILER1.itd.rl.ac.uk>
>Dec 17 13:10:00 wha postfix/cleanup[18764]: 9F3B12E81D6: message-id=<43A35589.9010909@ecs.soton.ac.uk>
>Dec 17 13:10:00 wha MailScanner[17350]: New Batch: Scanning 1 messages, 17975 bytes
>Dec 17 13:10:00 wha MailScanner[17350]: Saved archive copies of 9F3B12E81D6.9E1D2
>Dec 17 13:10:00 wha MailScanner[17350]: Spam Checks: Starting
>Dec 17 13:10:00 wha MailScanner[17350]: Whitelist refresh time reached
>Dec 17 13:10:00 wha MailScanner[17350]: Starting up SQL Whitelist
>Dec 17 13:10:00 wha MailScanner[17350]: Read 2 whitelist entries
>Dec 17 13:10:00 wha MailScanner[17350]: Blacklist refresh time reached
>Dec 17 13:10:00 wha MailScanner[17350]: Starting up SQL Blacklist
>Dec 17 13:10:00 wha MailScanner[17350]: Read 0 blacklist entries
>Dec 17 13:10:06 wha MailScanner[17350]: Message 9F3B12E81D6.9E1D2 from 130.246.192.56 (owner-mailscanner@jiscmail.ac.uk) to p
>resling.com is not spam, SpamAssassin (score=-0.311, required 5, BAYES_00 -2.60, BIZ_TLD 2.29)
>Dec 17 13:10:06 wha MailScanner[17350]: Virus and Content Scanning: Starting
>*Dec 17 13:10:07 wha MailScanner[17350]: config.pl
>Dec 17 13:10:07 wha MailScanner[17350]: ProcessClamAVOutput: unrecognised line "config.pl". Please contact the authors!
>Dec 17 13:10:07 wha MailScanner[17350]: explode.pl
>Dec 17 13:10:07 wha MailScanner[17350]: ProcessClamAVOutput: unrecognised line "explode.pl". Please contact the authors!
>Dec 17 13:10:07 wha MailScanner[17350]: info.pl
>Dec 17 13:10:07 wha MailScanner[17350]: ProcessClamAVOutput: unrecognised line "info.pl". Please contact the authors!
>Dec 17 13:10:07 wha MailScanner[17350]: logger.pl
>Dec 17 13:10:07 wha MailScanner[17350]: ProcessClamAVOutput: unrecognised line "logger.pl". Please contact the authors!
>Dec 17 13:10:07 wha MailScanner[17350]: main.pl
>Dec 17 13:10:07 wha MailScanner[17350]: ProcessClamAVOutput: unrecognised line "main.pl". Please contact the authors!
>Dec 17 13:10:07 wha MailScanner[17350]: Sendmail.pl
>Dec 17 13:10:07 wha MailScanner[17350]: ProcessClamAVOutput: unrecognised line "Sendmail.pl". Please contact the authors!
>Dec 17 13:10:07 wha MailScanner[17350]: sweep.pl
>Dec 17 13:10:07 wha MailScanner[17350]: ProcessClamAVOutput: unrecognised line "sweep.pl". Please contact the authors!
>Dec 17 13:10:07 wha MailScanner[17350]: syslog.pl
>Dec 17 13:10:07 wha MailScanner[17350]: ProcessClamAVOutput: unrecognised line "syslog.pl". Please contact the authors!
>Dec 17 13:10:07 wha MailScanner[17350]: Workarea.pl
>Dec 17 13:10:07 wha MailScanner[17350]: ProcessClamAVOutput: unrecognised line "Workarea.pl". Please contact the authors!
>*Dec 17 13:10:07 wha MailScanner[17350]: Requeue: 9F3B12E81D6.9E1D2 to CD38C2E81D7
>Dec 17 13:10:07 wha MailScanner[17350]: Uninfected: Delivered 1 messages
>Dec 17 13:10:07 wha MailScanner[17350]: Logging message 9F3B12E81D6.9E1D2 to SQL
>Dec 17 13:10:07 wha postfix/qmgr[28176]: CD38C2E81D7: from=<owner-mailscanner@jiscmail.ac.uk>, size=18039, nrcpt=1 (queue act
>ive)
>
>  
>
> Is it something to be concerned about? Here is the version info...
>
>wha:~# /opt/MailScanner/bin/MailScanner --version
>Running on
>Linux wha 2.6.8-2-386 #1 Thu May 19 17:40:50 JST 2005 i686 GNU/Linux
>This is Perl version 5.008004 (5.8.4)
>
>This is MailScanner version 4.43.8
>Module versions are:
>1.00    AnyDBM_File
>1.14    Archive::Zip
>1.02    Carp
>1.119   Convert::BinHex
>1.00    DirHandle
>1.05    Fcntl
>2.72    File::Basename
>2.07    File::Copy
>2.01    FileHandle
>1.06    File::Path
>0.16    File::Temp
>1.29    HTML::Entities
>3.45    HTML::Parser
>2.30    HTML::TokeParser
>1.21    IO
>1.10    IO::File
>1.123   IO::Pipe
>1.50    Mail::Header
>3.05    MIME::Base64
>5.417   MIME::Decoder
>5.417   MIME::Decoder::UU
>5.417   MIME::Head
>5.417   MIME::Parser
>3.03    MIME::QuotedPrint
>5.417   MIME::Tools
>0.10    Net::CIDR
>1.08    POSIX
>1.77    Socket
>0.05    Sys::Syslog
>1.02    Time::localtime
>
>Optional module versions are:
>1.808   DB_File
>1.06    Digest
>1.01    Digest::HMAC
>2.33    Digest::MD5
>2.10    Digest::SHA1
>missing Inline
>missing Mail::ClamAV
>3.000003        Mail::SpamAssassin
>missing Mail::SPF::Query
>missing Net::CIDR::Lite
>0.52    Net::DNS
>missing Net::LDAP
>missing Parse::RecDescent
>missing SAVI
>missing Sys::Hostname::Long
>2.40    Test::Harness
>0.47    Test::Simple
>1.95    Text::Balanced
>1.35    URI
>
>  
>
> Cheers,
> Mark
>
>
> Julian Field wrote:
>
>> This is the earliest version I can find. There is an older one 
>> somewhere, but I can't find it.
>> 1,000 lines of Perl, 10 configuration options.
>> There is a version out there somewhere that has no config file, but I 
>> think it's lost unfortunately. All our oldest servers have been 
>> scrapped years ago. But the attached version 1 can't be more than 3 
>> weeks after I started writing it, so it's nearly as old as they get. 
>> It's probably version 1.01. Just wanted to make sure it never gets 
>> lost, someone somwhere (e.g. gmane) will store it for posterity.
>>
>> Back in the good old Perl 4 days :-)
>>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> *Support MailScanner development - buy the book off the website!*


-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From brad at BECKENHAUER.COM  Sun Dec 18 14:08:43 2005
From: brad at BECKENHAUER.COM (Brad Beckenhauer)
Date: Thu Jan 12 21:31:32 2006
Subject: Beta 4.49.2 released --- faster?
Message-ID: <mailman.18123.1137101492.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "windows-1252" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Opps,   no,  I just scrolled down to the stable section and pulled that
link.
 
my mistake.
I'm sorry

>>> Julian Field<MailScanner@ECS.SOTON.AC.UK> 12/18/2005 6:59:40 AM >>>
I just checked the "Beta" bit of the downloads page, and it looks
correct to me. You did look in the Beta bit, didn't you?

Brad Beckenhauer wrote:

> Hummm...
> I checked the website and the weblinks still point to the previous
> version.
> 
> However, I was able to retrieve the file.
> wget
>http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/tar/MailScanner-install-4.49
2-1.tar.gz
> 
> FYI:
> ping www.mailscanner.info <http://www.mailscanner.info>
> PING www.mailscanner.info <http://www.mailscanner.info>
> (152.78.68.160) 56(84) bytes of data.
> 64 bytes from augur.ecs.soton.ac.uk (152.78.68.160): icmp_seq=1 ttl=42
> time=132 ms
> 
> thanks!
>

--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From Dave  Sun Dec 18 14:33:38 2005
From: Dave (Dave)
Date: Thu Jan 12 21:31:32 2006
Subject: Help on Rules du Jour
Message-ID: <mailman.18124.1137101492.24926.mailscanner@lists.mailscanner.info>

On Sun, Dec 18, 2005 at 12:37:28PM +0000, Steve Freegard wrote:
> Hi Dave,
> 
> Here's the problem:
> 
> > [28647] warn: config: failed to parse line, skipping: <!DOCTYPE HTML
> > PUBLIC "-//IETF//DTD HTML 2.0//EN">
> > [28647] warn: config: failed to parse line, skipping: <HTML><HEAD>
> > [28647] warn: config: failed to parse line, skipping: <TITLE>302
> > Found</TITLE>
> > [28647] warn: config: failed to parse line, skipping: </HEAD><BODY>
> > [28647] warn: config: failed to parse line, skipping: <H1>Found</H1>
> > [28647] warn: config: failed to parse line, skipping: The document has
> > moved <A
> > HREF="http://www.sa-blacklist.stearns.org/sa-blacklist/random.current.cf">here</A>.<P>
> > [28647] warn: config: failed to parse line, skipping: </BODY></HTML> 
> 
> Seems that the RANDOM ruleset has been moved and curl got you the
> redirect page instead.
> 
> Check to see if there is an updated rules_du_jour script or manually
> change it to use the above URL instead.
> 
> Regards,
> Steve.

Thatnks MAte.  I just reinstall Spam Assassin and Rules Du Jour
and it worked.

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Sun Dec 18 17:43:42 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:32 2006
Subject: Beta 4.49.2 released --- faster?
Message-ID: <mailman.18125.1137101492.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Due to nasty problems with this code I have removed it again.

Julian Field wrote:

> I have just released beta version 4.49.2.
>
> Download as usual from www.mailscanner.info.
>
> In this version the main target is speed. If things work as intended, 
> there should be major speed improvements for sendmail and Postfix 
> systems (sendmail in particular).
>
> Please do try this and let me know if you think it is running faster 
> than previous versions, data supplied to me indicates it should be 
> fairly dramatic and noticeable.
>
> I have also implemented 4 new configuration options for the benefit of 
> web-based administration interfaces for MailScanner, simplifying the 
> whole filename and filetype rules system for them. This will make it 
> dramatically easier to change the filenames allowed and denied for 
> different people, without having to get into multiple 
> filename.rules.conf files and all that jazz. They are "Allow 
> Filenames", "Deny Filenames", "Allow Filetypes" and "Deny Filetypes". 
> They work like normal configuration options, and their value is a list 
> of patterns to match. Read the MailScanner.conf for a more detailed 
> explanation and examples.
>
> Lastly, I would like to wish you all a very Happy Christmas and a 
> Merry New Year. I hope you all get the chance to have a break for a 
> day or two, and let us look forward to having a virus-free and mostly 
> spam-free 2006 on our mail systems!
>
> Cheers!
>
>
>
> The full Change Log is this:
>
> * New Features and Improvements *
> - Now changes the command line listed in `ps` (ie $0) to show what
>  MailScanner is doing. Should help diagnose slow system problems.
> - Speed improvements for sendmail and Postfix systems by changing the
>  way temporary files are handled and how attachments are parsed. This
>  should be really noticeable if I've got it right.
>  Thanks for the great help of the guys who know who they are.
> - 4 new configuration options, which list patterns against which 
> filenames
>  and filetypes are matched to see if we should allow them or block them.
>  This is implemented for the benefit of web-based configuration 
> systems for
>  MailScanner, it is not really intended for human use as it will 
> complicate
>  the filename/filetype matching unless you understand it. Read the 
> comments
>  in the MailScanner.conf and suggest better explanations!
>  "Allow Filenames", "Deny Filenames", "Allow Filetypes", "Deny 
> Filetypes".
>  Note: There are 2 new entries in languages.conf so remember to
>        run an upgrade_languages_conf.
>
> * Fixes *
> - Changed Postfix code to better support latest revision of Perl.
>

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Sun Dec 18 19:31:23 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:32 2006
Subject: Beta 4.49.2 released --- faster?
Message-ID: <mailman.18126.1137101492.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote on         Sat, 17 Dec 2005 19:21:45 +0000:

> I have just released beta version 4.49.2.

Not going to try out any new versions this year :-) I wish you and 
everyone on the list relaxing holidays as well.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From spamtrap71892316634 at ANIME.NET  Sun Dec 18 22:00:39 2005
From: spamtrap71892316634 at ANIME.NET (Dan Hollis)
Date: Thu Jan 12 21:31:32 2006
Subject: Beta 4.49.2 released --- faster?
Message-ID: <mailman.18127.1137101492.24926.mailscanner@lists.mailscanner.info>

On Sun, 18 Dec 2005, Julian Field wrote:
> Due to nasty problems with this code I have removed it again.

total mbox corruption yes?

-Dan

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From lists at hbcs.org  Sun Dec 18 23:58:22 2005
From: lists at hbcs.org (Dave C)
Date: Thu Jan 12 21:31:32 2006
Subject: Beta 4.49.2 released --- faster?
Message-ID: <mailman.18128.1137101492.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Dan Hollis wrote:
> On Sun, 18 Dec 2005, Julian Field wrote:
> 
>> Due to nasty problems with this code I have removed it again.
> 
> 
> total mbox corruption yes?
> 
> -Dan
Messages here were coming through MS with no headers at all.
Backed off to the previous v. after one message.

Take a break Jules and wait for Christmas to come, you deserve it! ;-)

Dave C

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From fajarep at SIMPLIMOBILE.COM  Mon Dec 19 01:10:44 2005
From: fajarep at SIMPLIMOBILE.COM (Fajar)
Date: Thu Jan 12 21:31:32 2006
Subject: How do I add different Footer per domain?
Message-ID: <mailman.18129.1137101492.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hello All,

All my incoming and outgoing emails add this footer :
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
www.simplimobile.com

My mail server host multiple domains, how do I make MailScanner add 
different domain address based on sender or reception domain that mail 
server host.

Thanks.
PS : Sorry for bad English :( 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From P.G.M.Peters at UTWENTE.NL  Mon Dec 19 08:46:22 2005
From: P.G.M.Peters at UTWENTE.NL (Peter Peters)
Date: Thu Jan 12 21:31:32 2006
Subject: Beta 4.49.2 released --- faster?
Message-ID: <mailman.18130.1137101492.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Julian,

Julian Field wrote on 17-12-2005 20:21:

> The full Change Log is this:
> 
> * New Features and Improvements *
> - Now changes the command line listed in `ps` (ie $0) to show what
>  MailScanner is doing. Should help diagnose slow system problems.

Have you used my patch to stop MS?

- --
Peter Peters, senior beheerder (Security)
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente,  Postbus 217,  7500 AE  Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDpnNeMbmy+DDgnIURAqbPAJ40ywcgx9VLwrSMVmV+BTNhbBnpkACg3kxz
3ksFOi8TJrWgOeTwv5E+imk=
=Ded2
-----END PGP SIGNATURE-----

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Mon Dec 19 09:17:15 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:32 2006
Subject: Beta 4.49.2 released --- faster?
Message-ID: <mailman.18131.1137101492.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----

If it was for SuSE, no sorry I forgot about that.
I will apply it now so it's in next (hopefully working!) release.

On 19 Dec 2005, at 08:46, Peter Peters wrote:

> * PGP Signed by an unverified key: 12/19/05 at 08:46:22
>
> Julian,
>
> Julian Field wrote on 17-12-2005 20:21:
>
>> The full Change Log is this:
>>
>> * New Features and Improvements *
>> - Now changes the command line listed in `ps` (ie $0) to show what
>>  MailScanner is doing. Should help diagnose slow system problems.
>
> Have you used my patch to stop MS?
>
> --
> Peter Peters, senior beheerder (Security)
> Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
> Universiteit Twente,  Postbus 217,  7500 AE  Enschede
> telefoon: 053 - 489 2301, fax: 053 - 489 2383, http:// 
> www.utwente.nl/itbe
>
> * P.G.M. Peters <P.G.M.Peters@utwente.nl>
> * 0x30E09C85 - Unverified (L)
>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBQ6Z6nPw32o+k+q+hAQGvrAf/fKrVkh8iwsBbh+JxH4GDREocj3gXAahD
7NrLXwU1pAjpmtKJ25eUi9b/9vFzi5loUazYUIJGqv6pf5SXEleI2YZTwXSNn6IB
vTybd44yhz2ii/m6M9nGSk3J1fgiwAjtu37tN8f8/xMB4tYc7zSf/6zwD7GEByYX
J+2X+zpZXD5V4ExRN/h5/aPMsTdX0x6NewGBBuooo/6oHoEKq2b2M9r/XiS7BuvF
Si9p0y4dpwzA8VEm8ueKHQbO0Qz/CfB/8uBG+ijqhdDYeqILXphSucopnYMwX/9l
a80P6Myjd8CaMKB+I0V1fEFPStA1Gq9I5zDQ7qwZ2VixiVWwXdFlpA==
=HRFB
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From res at AUSICS.NET  Mon Dec 19 10:12:29 2005
From: res at AUSICS.NET (Res)
Date: Thu Jan 12 21:31:33 2006
Subject: delete from the mailq
Message-ID: <mailman.18132.1137101492.24926.mailscanner@lists.mailscanner.info>

On Sun, 18 Dec 2005, Kai Schaetzl wrote:

> Res wrote on         Sun, 18 Dec 2005 17:49:34 +1000:
>
>> you are doubling the work, "move - process - move_back_real"
>> "process" is less messier
>
> So, he stops processing until he has a good script? Come on ...

who ever said anything about stopping the mail server?


-- 
Cheers
Res

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mailscanner-user at NELAND.DK  Mon Dec 19 12:18:18 2005
From: mailscanner-user at NELAND.DK (Leif Neland)
Date: Thu Jan 12 21:31:33 2006
Subject: delete from the mailq
Message-ID: <mailman.18133.1137101493.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

---- Original Message ----
From: "Res" <res@AUSICS.NET>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Monday, December 19, 2005 11:12 AM
Subject: Re: delete from the mailq

> On Sun, 18 Dec 2005, Kai Schaetzl wrote:
>
>> Res wrote on         Sun, 18 Dec 2005 17:49:34 +1000:
>>
>>> you are doubling the work, "move - process - move_back_real"
>>> "process" is less messier
>>
>> So, he stops processing until he has a good script? Come on ...
>
> who ever said anything about stopping the mail server?

The 50k messages are blocking new mails.

Get the bulk away, so new messages are processed, and then examine the 50k 
to remove the dud ones.

Leif

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Mon Dec 19 14:31:22 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:33 2006
Subject: delete from the mailq
Message-ID: <mailman.18134.1137101493.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Exactly. A simply mv and recreation of the dir would do.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From richard.gray at DNS.CO.UK  Mon Dec 19 15:27:05 2005
From: richard.gray at DNS.CO.UK (Gray, Richard)
Date: Thu Jan 12 21:31:33 2006
Subject: Notify recipient of blocked filetypes
Message-ID: <mailman.18135.1137101493.24926.mailscanner@lists.mailscanner.info>

I realise the question I am about to ask has been asked a number of
times before, but for some reason, I can't actually find the answer. I
want to apologise in advance if it is my own inability to read that is
the root of the problem.

Basically, the goal is to notify users within a given domain any time
they have a message that gets stopped as a blocked file type.

Outbound I can see this is easy to do with a ruleset applied to

"Notify Senders Of Blocked Filenames Or Filetypes = <ruleset>"

Where the ruleset says (pseudocode)

From: manageddomain.com yes
Default: no				

Where do I look to achieve a similar function with messages coming
inbound to manageddomain.com? I don't want the 'cleaned' message to be
delivered, only an email notification that a message is now being held
in quarantine.

Any pointers on this would be greatly appreciated. 

Thanks,

Richard
 
________________________________

richard gray
dns ltd
 
83 princes street, edinburgh, eh2 2er
 
t:      +44 (0) 870 085 8555 
f:      +44 (0) 870 085 8556
m:    +44 (0) 777 569 2145
w:     http://www.dns.co.uk/ 

-----------------------
This email from dns has been validated by dnsMSS(TM) Managed Email Security and is free from all known viruses.

For further information contact email-integrity@dns.co.uk

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Mon Dec 19 18:02:56 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:33 2006
Subject: Beta 4.49.3 released
Message-ID: <mailman.18136.1137101493.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hopefully the problems with the speedup code and sendmail are now fixed. 
It is only implemented for sendmail, getting any similar effect with 
Postfix is going to be very awkward.

Please test this and see how much faster it is, and I would be very 
grateful if you could report back what you find. Initial testing of this 
looks promising.

Download as usual from www.mailscanner.info.

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From shuttlebox at GMAIL.COM  Mon Dec 19 18:41:28 2005
From: shuttlebox at GMAIL.COM (shuttlebox)
Date: Thu Jan 12 21:31:33 2006
Subject: Beta 4.49.3 released
Message-ID: <mailman.18137.1137101493.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 12/19/05, Julian Field <MailScanner@ecs.soton.ac.uk> wrote:
      Hopefully the problems with the speedup code and sendmail are
      now fixed.
      It is only implemented for sendmail, getting any similar
      effect with
      Postfix is going to be very awkward.


Could you tell us in just a few words what the change is and why it works
in Sendmail but not in Postfix? We're all techs on the list so I'm
probably not the only one who's curious.  :-)

--
/Peter
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From MailScanner at ecs.soton.ac.uk  Mon Dec 19 18:47:29 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:33 2006
Subject: Beta 4.49.3 released
Message-ID: <mailman.18138.1137101493.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

shuttlebox wrote:

> On 12/19/05, *Julian Field* <MailScanner@ecs.soton.ac.uk 
> <mailto:MailScanner@ecs.soton.ac.uk>> wrote:
>
>     Hopefully the problems with the speedup code and sendmail are now
>     fixed.
>     It is only implemented for sendmail, getting any similar effect with
>     Postfix is going to be very awkward.
>
>
> Could you tell us in just a few words what the change is and why it 
> works in Sendmail but not in Postfix? We're all techs on the list so 
> I'm probably not the only one who's curious.  :-)
>
It's to do with using an in-core temp-file rather than a forked pipe for 
reading in the message when you explode out all the attachments. It will 
probably be easier to implement for Exim but the Postfix message 
structure is very different, externally and internally, which will make 
it a very interesting exercise... Take a look for "sendmail" in 
Message.pm and you will find a big "if" statement, take a look at the 
code in there.

Well you asked! :-)

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From raymond at PROLOCATION.NET  Mon Dec 19 18:50:22 2005
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:31:33 2006
Subject: Beta 4.49.3 released
Message-ID: <mailman.18139.1137101493.24926.mailscanner@lists.mailscanner.info>

Hi!

>>     Hopefully the problems with the speedup code and sendmail are now
>>     fixed.
>>     It is only implemented for sendmail, getting any similar effect with
>>     Postfix is going to be very awkward.

>> Could you tell us in just a few words what the change is and why it works 
>> in Sendmail but not in Postfix? We're all techs on the list so I'm probably 
>> not the only one who's curious.  :-)

> It's to do with using an in-core temp-file rather than a forked pipe for 
> reading in the message when you explode out all the attachments. It will 
> probably be easier to implement for Exim but the Postfix message structure is 
> very different, externally and internally, which will make it a very 
> interesting exercise... Take a look for "sendmail" in Message.pm and you will 
> find a big "if" statement, take a look at the code in there.
>
> Well you asked! :-)

Testing the sendmail ones right now, seem to work ... Cant tell yet how 
much faster but the box looks more responsive. Also nice to see the 
process list telling whats goign on ;)

Would love to see the same (speedup) with Exim... Could you give that a 
try also?

thanks!
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Denis.Beauchemin at USHERBROOKE.CA  Mon Dec 19 18:54:24 2005
From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin)
Date: Thu Jan 12 21:31:33 2006
Subject: How do I add different Footer per domain?
Message-ID: <mailman.18140.1137101493.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Fajar wrote:

> Hello All,
>
> All my incoming and outgoing emails add this footer :
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> www.simplimobile.com
>
> My mail server host multiple domains, how do I make MailScanner add 
> different domain address based on sender or reception domain that mail 
> server host.
>
Fajar,

I believe you have to create different signature files and use them 
through a ruleset in:
# Set where to find the HTML and text versions that will be added to the
# end of all clean messages, if "Sign Clean Messages" is set.
# These can also be the filenames of rulesets.
Inline HTML Signature = %report-dir%/inline.sig.html
Inline Text Signature = %report-dir%/inline.sig.txt

For example, define:
Inline HTML Signature = %rules-dir%/signature.html.rules
Inline Text Signature = %rules-dir%/signature.txt.rules

and in rules/signature.html.rules:
From:   domain1.com   %report-dir%/inline.sig.domain1.html
From:   domain2.com   %report-dir%/inline.sig.domain2.html
FromOrTo:   default   %report-dir%/inline.sig.html

You do the same for %rules-dir%/signature.txt.rules and create all sig 
files and should be just fine.

Denis
PS: don't forget to restart/reload MailScanner...

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From KLekas at FOXRIVER.COM  Mon Dec 19 19:11:18 2005
From: KLekas at FOXRIVER.COM (Kosta Lekas)
Date: Thu Jan 12 21:31:33 2006
Subject: Maximum Message size and Attachmnet size no working for me
Message-ID: <mailman.18141.1137101493.24926.mailscanner@lists.mailscanner.info>

Julian, please help me with this. I have two identical MS relays and
they both are experiencing the same behavior. At what point during MS
processing is message and attachment size checked? Is it supposed to
show up in the logs and if so what is logged? Can I be overriding this
with something in my configs? 

Kosta Lekas
Fox River Financial Resources
630.482.7142 - office
630.885.9355 - mobile
630.232.6074 - fax

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of Julian Field
Sent: Saturday, December 17, 2005 10:45 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Maximum Message size and Attachmnet size no working for me

I just tried to reproduce this problem and failed. Works fine on my
systems.
You did reload/restart MailScanner after setting the config options, 
didn't you?

Kosta Lekas wrote:

> I am running MailScanner version 4.42.9, Postfix 2.1.5 and 
> Spamassassin 3.1.0
>
>
> I have set:
>
> Maximum Message Size = 10000000
>
> Maximum Attachment Size = 10000000
>
>  
>
> I tested this by sending out a 20MB message to see if it will get 
> blocked but the message got past MailScanner.
>
>  
>
> I am wondering if some other setting in MailScanner can be overriding 
> this. All I can think of is that I have everything From: everyone on 
> my internal LAN is whitelisted in spamassassin whitelist (I am 
> grasping at straws here), also I have set in postfix 
> message_size_limit = 35000000, can any of these configurations be 
> overriding these settings.
>
>  
>
> Please Help
>
>  
>
> Kosta Lekas
>
> Fox River Financial Resources
>
> 630.482.7142 - office
>
> 630.885.9355 - mobile
>
> 630.232.6074 - fax
>
>  
>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> *Support MailScanner development - buy the book off the website!*


-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Mon Dec 19 19:29:34 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:33 2006
Subject: Beta 4.49.3 released
Message-ID: <mailman.18142.1137101493.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Raymond Dijkxhoorn wrote:

> Hi!
>
>>>     Hopefully the problems with the speedup code and sendmail are now
>>>     fixed.
>>>     It is only implemented for sendmail, getting any similar effect 
>>> with
>>>     Postfix is going to be very awkward.
>>
>
>>> Could you tell us in just a few words what the change is and why it 
>>> works in Sendmail but not in Postfix? We're all techs on the list so 
>>> I'm probably not the only one who's curious.  :-)
>>
>
>> It's to do with using an in-core temp-file rather than a forked pipe 
>> for reading in the message when you explode out all the attachments. 
>> It will probably be easier to implement for Exim but the Postfix 
>> message structure is very different, externally and internally, which 
>> will make it a very interesting exercise... Take a look for 
>> "sendmail" in Message.pm and you will find a big "if" statement, take 
>> a look at the code in there.
>>
>> Well you asked! :-)
>
>
> Testing the sendmail ones right now, seem to work ... Cant tell yet 
> how much faster but the box looks more responsive. Also nice to see 
> the process list telling whats goign on ;)
>
> Would love to see the same (speedup) with Exim... Could you give that 
> a try also?


Exim support for this *should* be easy, it's just a copy of the sendmail 
code for this.

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From smf at F2S.COM  Mon Dec 19 19:32:32 2005
From: smf at F2S.COM (Steve Freegard)
Date: Thu Jan 12 21:31:33 2006
Subject: Beta 4.49.3 released
Message-ID: <mailman.18143.1137101493.24926.mailscanner@lists.mailscanner.info>

Hi Julian,

On Mon, 2005-12-19 at 18:02 +0000, Julian Field wrote:
> Hopefully the problems with the speedup code and sendmail are now fixed. 
> It is only implemented for sendmail, getting any similar effect with 
> Postfix is going to be very awkward.
> 
> Please test this and see how much faster it is, and I would be very 
> grateful if you could report back what you find. Initial testing of this 
> looks promising.
> 

Just done a speed comparison using between the versions using a virtual
machine.

The guest O/S was CentOS 4.2 with 256Mb RAM.  MailScanner was set-up to
use the clamav command-line scanner with SpamAssassin disabled (all
other settings were defaults) with a batch size of 999 messages and in
debug mode.  Sync-on-write on /var/log/maillog was disabled
and /var/spool/MailScanner/incoming was mounted on tmpfs.  Both versions
were tested with a batch of 227 messages (mainly Sober-U, phishing and
general spam).

The timing was done by running:

cd /usr/sbin; time MailScanner /etc/MailScanner/MailScanner.conf

To calculate the results - I ran the same batch of messages through each
version of MailScanner 5 times then took the average time.

4.48-4:     1m29s
4.49-3:     0m50s

Warning: my maths is pretty terrible - but I think that works out at
around a 56% improvement!!!

Cheers,
Steve.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Mon Dec 19 19:31:51 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:33 2006
Subject: Maximum Message size and Attachmnet size no working for me
Message-ID: <mailman.18144.1137101493.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I have tried this on my own systems and can't reproduce it. I'll give it 
another go.

Kosta Lekas wrote:

>Julian, please help me with this. I have two identical MS relays and
>they both are experiencing the same behavior. At what point during MS
>processing is message and attachment size checked? Is it supposed to
>show up in the logs and if so what is logged? Can I be overriding this
>with something in my configs? 
>
>Kosta Lekas
>Fox River Financial Resources
>630.482.7142 - office
>630.885.9355 - mobile
>630.232.6074 - fax
>
>-----Original Message-----
>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
>Behalf Of Julian Field
>Sent: Saturday, December 17, 2005 10:45 AM
>To: MAILSCANNER@JISCMAIL.AC.UK
>Subject: Re: Maximum Message size and Attachmnet size no working for me
>
>I just tried to reproduce this problem and failed. Works fine on my
>systems.
>You did reload/restart MailScanner after setting the config options, 
>didn't you?
>
>Kosta Lekas wrote:
>
>  
>
>>I am running MailScanner version 4.42.9, Postfix 2.1.5 and 
>>Spamassassin 3.1.0
>>
>>
>>I have set:
>>
>>Maximum Message Size = 10000000
>>
>>Maximum Attachment Size = 10000000
>>
>> 
>>
>>I tested this by sending out a 20MB message to see if it will get 
>>blocked but the message got past MailScanner.
>>
>> 
>>
>>I am wondering if some other setting in MailScanner can be overriding 
>>this. All I can think of is that I have everything From: everyone on 
>>my internal LAN is whitelisted in spamassassin whitelist (I am 
>>grasping at straws here), also I have set in postfix 
>>message_size_limit = 35000000, can any of these configurations be 
>>overriding these settings.
>>
>> 
>>
>>Please Help
>>
>> 
>>
>>Kosta Lekas
>>
>>Fox River Financial Resources
>>
>>630.482.7142 - office
>>
>>630.885.9355 - mobile
>>
>>630.232.6074 - fax
>>
>> 
>>
>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the Wiki (http://wiki.mailscanner.info/)
>>and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>*Support MailScanner development - buy the book off the website!*
>>    
>>
>
>
>  
>

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From raymond at PROLOCATION.NET  Mon Dec 19 19:35:51 2005
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:31:33 2006
Subject: Beta 4.49.3 released
Message-ID: <mailman.18145.1137101493.24926.mailscanner@lists.mailscanner.info>

Hi!

> The timing was done by running:
>
> cd /usr/sbin; time MailScanner /etc/MailScanner/MailScanner.conf
>
> To calculate the results - I ran the same batch of messages through each
> version of MailScanner 5 times then took the average time.
>
> 4.48-4:     1m29s
> 4.49-3:     0m50s
>
> Warning: my maths is pretty terrible - but I think that works out at
> around a 56% improvement!!!

I am seeing a little less, but with smaller batches, and with live data. 
Speed seems 15-18% then. Some peeks to 24%. Still amazingly much so really 
want to see this code on our busy frontend boxes ;) (Exim).

Nice job Julian!

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Mon Dec 19 19:39:33 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:33 2006
Subject: Maximum Message size and Attachmnet size no working for me
Message-ID: <mailman.18146.1137101493.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Just tried it again. Works fine. Do you have "Dangerous Content Scanning 
= yes"?

Julian Field wrote:

> I have tried this on my own systems and can't reproduce it. I'll give 
> it another go.
>
> Kosta Lekas wrote:
>
>> Julian, please help me with this. I have two identical MS relays and
>> they both are experiencing the same behavior. At what point during MS
>> processing is message and attachment size checked? Is it supposed to
>> show up in the logs and if so what is logged? Can I be overriding this
>> with something in my configs?
>> Kosta Lekas
>> Fox River Financial Resources
>> 630.482.7142 - office
>> 630.885.9355 - mobile
>> 630.232.6074 - fax
>>
>> -----Original Message-----
>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
>> Behalf Of Julian Field
>> Sent: Saturday, December 17, 2005 10:45 AM
>> To: MAILSCANNER@JISCMAIL.AC.UK
>> Subject: Re: Maximum Message size and Attachmnet size no working for me
>>
>> I just tried to reproduce this problem and failed. Works fine on my
>> systems.
>> You did reload/restart MailScanner after setting the config options, 
>> didn't you?
>>
>> Kosta Lekas wrote:
>>
>>  
>>
>>> I am running MailScanner version 4.42.9, Postfix 2.1.5 and 
>>> Spamassassin 3.1.0
>>>
>>>
>>> I have set:
>>>
>>> Maximum Message Size = 10000000
>>>
>>> Maximum Attachment Size = 10000000
>>>
>>>
>>>
>>> I tested this by sending out a 20MB message to see if it will get 
>>> blocked but the message got past MailScanner.
>>>
>>>
>>>
>>> I am wondering if some other setting in MailScanner can be 
>>> overriding this. All I can think of is that I have everything From: 
>>> everyone on my internal LAN is whitelisted in spamassassin whitelist 
>>> (I am grasping at straws here), also I have set in postfix 
>>> message_size_limit = 35000000, can any of these configurations be 
>>> overriding these settings.
>>>
>>>
>>>
>>> Please Help
>>>
>>>
>>>
>>> Kosta Lekas
>>>
>>> Fox River Financial Resources
>>>
>>> 630.482.7142 - office
>>>
>>> 630.885.9355 - mobile
>>>
>>> 630.232.6074 - fax
>>>
>>>
>>>
>>>
>>> ------------------------ MailScanner list ------------------------
>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>> 'leave mailscanner' in the body of the email.
>>> Before posting, read the Wiki (http://wiki.mailscanner.info/)
>>> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>> *Support MailScanner development - buy the book off the website!*
>>>   
>>
>>
>>
>>  
>>
>

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Mon Dec 19 19:58:38 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:33 2006
Subject: Beta 4.49.3 released
Message-ID: <mailman.18147.1137101493.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Raymond,

Here is a replacement EximDiskStore.pm and Message.pm for you to try 
out. Save a copy of Message.pm before you do it in case it doesn't work 
too well. The change to EximDiskStore.pm is just to add a new function, 
so won't affect functionality if you revert Message.pm.

Let me know how you get on.


Raymond Dijkxhoorn wrote:

> Hi!
>
>> The timing was done by running:
>>
>> cd /usr/sbin; time MailScanner /etc/MailScanner/MailScanner.conf
>>
>> To calculate the results - I ran the same batch of messages through each
>> version of MailScanner 5 times then took the average time.
>>
>> 4.48-4:     1m29s
>> 4.49-3:     0m50s
>>
>> Warning: my maths is pretty terrible - but I think that works out at
>> around a 56% improvement!!!
>
>
> I am seeing a little less, but with smaller batches, and with live 
> data. Speed seems 15-18% then. Some peeks to 24%. Still amazingly much 
> so really want to see this code on our busy frontend boxes ;) (Exim).
>
> Nice job Julian!
>
> Bye,
> Raymond.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!


-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, Application/X-GZIP  78KB. ]
    [ Unable to print this part. ]


From KLekas at FOXRIVER.COM  Mon Dec 19 20:03:02 2005
From: KLekas at FOXRIVER.COM (Kosta Lekas)
Date: Thu Jan 12 21:31:33 2006
Subject: Maximum Message size and Attachmnet size no working for me
Message-ID: <mailman.18148.1137101493.24926.mailscanner@lists.mailscanner.info>

I set dangerous content scanning to yes and it is working now. That was
it. Thanks for your help. 

Kosta Lekas
Fox River Financial Resources
630.482.7142 - office
630.885.9355 - mobile
630.232.6074 - fax

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of Julian Field
Sent: Monday, December 19, 2005 1:40 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Maximum Message size and Attachmnet size no working for me

Just tried it again. Works fine. Do you have "Dangerous Content Scanning

= yes"?

Julian Field wrote:

> I have tried this on my own systems and can't reproduce it. I'll give 
> it another go.
>
> Kosta Lekas wrote:
>
>> Julian, please help me with this. I have two identical MS relays and
>> they both are experiencing the same behavior. At what point during MS
>> processing is message and attachment size checked? Is it supposed to
>> show up in the logs and if so what is logged? Can I be overriding
this
>> with something in my configs?
>> Kosta Lekas
>> Fox River Financial Resources
>> 630.482.7142 - office
>> 630.885.9355 - mobile
>> 630.232.6074 - fax
>>
>> -----Original Message-----
>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
>> Behalf Of Julian Field
>> Sent: Saturday, December 17, 2005 10:45 AM
>> To: MAILSCANNER@JISCMAIL.AC.UK
>> Subject: Re: Maximum Message size and Attachmnet size no working for
me
>>
>> I just tried to reproduce this problem and failed. Works fine on my
>> systems.
>> You did reload/restart MailScanner after setting the config options, 
>> didn't you?
>>
>> Kosta Lekas wrote:
>>
>>  
>>
>>> I am running MailScanner version 4.42.9, Postfix 2.1.5 and 
>>> Spamassassin 3.1.0
>>>
>>>
>>> I have set:
>>>
>>> Maximum Message Size = 10000000
>>>
>>> Maximum Attachment Size = 10000000
>>>
>>>
>>>
>>> I tested this by sending out a 20MB message to see if it will get 
>>> blocked but the message got past MailScanner.
>>>
>>>
>>>
>>> I am wondering if some other setting in MailScanner can be 
>>> overriding this. All I can think of is that I have everything From: 
>>> everyone on my internal LAN is whitelisted in spamassassin whitelist

>>> (I am grasping at straws here), also I have set in postfix 
>>> message_size_limit = 35000000, can any of these configurations be 
>>> overriding these settings.
>>>
>>>
>>>
>>> Please Help
>>>
>>>
>>>
>>> Kosta Lekas
>>>
>>> Fox River Financial Resources
>>>
>>> 630.482.7142 - office
>>>
>>> 630.885.9355 - mobile
>>>
>>> 630.232.6074 - fax
>>>
>>>
>>>
>>>
>>> ------------------------ MailScanner list ------------------------
>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>> 'leave mailscanner' in the body of the email.
>>> Before posting, read the Wiki (http://wiki.mailscanner.info/)
>>> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>> *Support MailScanner development - buy the book off the website!*
>>>   
>>
>>
>>
>>  
>>
>

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From rpoe at PLATTESHERIFF.ORG  Mon Dec 19 20:05:59 2005
From: rpoe at PLATTESHERIFF.ORG (Rob Poe)
Date: Thu Jan 12 21:31:33 2006
Subject: Will milter-greylist solve my directory harvest attacks?
Message-ID: <mailman.18149.1137101493.24926.mailscanner@lists.mailscanner.info>

Milter-Sender includes Milter-Ahead functionality.


> Further follow-up.. milter-sender is the exact opposite of what
we're
> talking
> about here. That validates the sender, not the recipient.
>
> Perhaps milter-ahead could be used here, but not milter-sender.
>

I don't use any of them but obviously milter-ahead sounds like a better
fit.



----------------------------------------------------------------------------
CONFIDENTIALITY NOTICE
This e-mail message and all documents that accompany it are intended only
for the use of the individual or entity to which addressed, and may contain
information that is privileged, confidential or exempt from disclosure under
applicable law. If the reader is not the intended recipient, any disclosure,
distribution or other use of this e-mail message is prohibited. If you have
received this e-mail message in error, please notify the sender immediately.
Thank you.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Mon Dec 19 20:06:29 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:33 2006
Subject: Maximum Message size and Attachmnet size no working for me
Message-ID: <mailman.18150.1137101493.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Phew!

I can never remember what's included in Dangerous Content :-)

Kosta Lekas wrote:

>I set dangerous content scanning to yes and it is working now. That was
>it. Thanks for your help. 
>
>Kosta Lekas
>Fox River Financial Resources
>630.482.7142 - office
>630.885.9355 - mobile
>630.232.6074 - fax
>
>-----Original Message-----
>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
>Behalf Of Julian Field
>Sent: Monday, December 19, 2005 1:40 PM
>To: MAILSCANNER@JISCMAIL.AC.UK
>Subject: Re: Maximum Message size and Attachmnet size no working for me
>
>Just tried it again. Works fine. Do you have "Dangerous Content Scanning
>
>= yes"?
>
>Julian Field wrote:
>
>  
>
>>I have tried this on my own systems and can't reproduce it. I'll give 
>>it another go.
>>
>>Kosta Lekas wrote:
>>
>>    
>>
>>>Julian, please help me with this. I have two identical MS relays and
>>>they both are experiencing the same behavior. At what point during MS
>>>processing is message and attachment size checked? Is it supposed to
>>>show up in the logs and if so what is logged? Can I be overriding
>>>      
>>>
>this
>  
>
>>>with something in my configs?
>>>Kosta Lekas
>>>Fox River Financial Resources
>>>630.482.7142 - office
>>>630.885.9355 - mobile
>>>630.232.6074 - fax
>>>
>>>-----Original Message-----
>>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
>>>Behalf Of Julian Field
>>>Sent: Saturday, December 17, 2005 10:45 AM
>>>To: MAILSCANNER@JISCMAIL.AC.UK
>>>Subject: Re: Maximum Message size and Attachmnet size no working for
>>>      
>>>
>me
>  
>
>>>I just tried to reproduce this problem and failed. Works fine on my
>>>systems.
>>>You did reload/restart MailScanner after setting the config options, 
>>>didn't you?
>>>
>>>Kosta Lekas wrote:
>>>
>>> 
>>>
>>>      
>>>
>>>>I am running MailScanner version 4.42.9, Postfix 2.1.5 and 
>>>>Spamassassin 3.1.0
>>>>
>>>>
>>>>I have set:
>>>>
>>>>Maximum Message Size = 10000000
>>>>
>>>>Maximum Attachment Size = 10000000
>>>>
>>>>
>>>>
>>>>I tested this by sending out a 20MB message to see if it will get 
>>>>blocked but the message got past MailScanner.
>>>>
>>>>
>>>>
>>>>I am wondering if some other setting in MailScanner can be 
>>>>overriding this. All I can think of is that I have everything From: 
>>>>everyone on my internal LAN is whitelisted in spamassassin whitelist
>>>>        
>>>>
>
>  
>
>>>>(I am grasping at straws here), also I have set in postfix 
>>>>message_size_limit = 35000000, can any of these configurations be 
>>>>overriding these settings.
>>>>
>>>>
>>>>
>>>>Please Help
>>>>
>>>>
>>>>
>>>>Kosta Lekas
>>>>
>>>>Fox River Financial Resources
>>>>
>>>>630.482.7142 - office
>>>>
>>>>630.885.9355 - mobile
>>>>
>>>>630.232.6074 - fax
>>>>
>>>>
>>>>
>>>>
>>>>------------------------ MailScanner list ------------------------
>>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>>>'leave mailscanner' in the body of the email.
>>>>Before posting, read the Wiki (http://wiki.mailscanner.info/)
>>>>and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>>
>>>>*Support MailScanner development - buy the book off the website!*
>>>>  
>>>>        
>>>>
>>>
>>> 
>>>
>>>      
>>>
>
>  
>

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dhawal at NETMAGICSOLUTIONS.COM  Mon Dec 19 20:43:39 2005
From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy)
Date: Thu Jan 12 21:31:33 2006
Subject: Maximum Message size and Attachmnet size no working for me
Message-ID: <mailman.18151.1137101493.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "utf-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field writes: 

> Phew! 
> 
> I can never remember what's included in Dangerous Content :-) 
> 
> Kosta Lekas wrote: 
> 
>> I set dangerous content scanning to yes and it is working now. That was
>> it. Thanks for your help. 

Julian, it would be a nice idea to have a list of all such dependencies on 
the wiki.. i too have been troubled by this more than once.. 

what do you think? maybe sometime in jan'06? 

 - dhawal

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From raymond at PROLOCATION.NET  Mon Dec 19 20:35:16 2005
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:31:33 2006
Subject: Maximum Message size and Attachmnet size no working for me
Message-ID: <mailman.18152.1137101493.24926.mailscanner@lists.mailscanner.info>

Hi!

>> I can never remember what's included in Dangerous Content :-) 
>> Kosta Lekas wrote:

>>> I set dangerous content scanning to yes and it is working now. That was
>>> it. Thanks for your help.

> Julian, it would be a nice idea to have a list of all such dependencies on 
> the wiki.. i too have been troubled by this more than once.. 
> what do you think? maybe sometime in jan'06?

Feel free to add whatever you want on the wiki. The nice thing with this 
is that you dont have to bother Julian doing this, you can do it yourself. 
Jan 06 sounds fine ;)

Thanks!
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Mon Dec 19 20:57:05 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:33 2006
Subject: Maximum Message size and Attachmnet size no working for me
Message-ID: <mailman.18153.1137101493.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Oh and there's also

the "Happy" virus
Dangerously long MIME boundary strings used to exploit a bug in Eudora
filename.rules.conf and new "allow filenames" and "deny filenames" checks
filetype.rules.conf and new "allow filetypes" and "deny filetypes" checks

That's about it.

Raymond Dijkxhoorn wrote:

> Hi!
>
>>> I can never remember what's included in Dangerous Content :-) Kosta 
>>> Lekas wrote:
>>
>
>>>> I set dangerous content scanning to yes and it is working now. That 
>>>> was
>>>> it. Thanks for your help.
>>>
>
>> Julian, it would be a nice idea to have a list of all such 
>> dependencies on the wiki.. i too have been troubled by this more than 
>> once.. what do you think? maybe sometime in jan'06?
>
>
> Feel free to add whatever you want on the wiki. The nice thing with 
> this is that you dont have to bother Julian doing this, you can do it 
> yourself. Jan 06 sounds fine ;)
>
> Thanks!
> Raymond.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!


-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From res at AUSICS.NET  Mon Dec 19 20:58:46 2005
From: res at AUSICS.NET (Res)
Date: Thu Jan 12 21:31:33 2006
Subject: delete from the mailq
Message-ID: <mailman.18154.1137101493.24926.mailscanner@lists.mailscanner.info>

On Mon, 19 Dec 2005, Leif Neland wrote:

> ---- Original Message ----
> From: "Res" <res@AUSICS.NET>
> To: <MAILSCANNER@JISCMAIL.AC.UK>
> Sent: Monday, December 19, 2005 11:12 AM
> Subject: Re: delete from the mailq
>
>> On Sun, 18 Dec 2005, Kai Schaetzl wrote:
>> 
>>> Res wrote on         Sun, 18 Dec 2005 17:49:34 +1000:
>>> 
>>>> you are doubling the work, "move - process - move_back_real"
>>>> "process" is less messier
>>> 
>>> So, he stops processing until he has a good script? Come on ...
>> 
>> who ever said anything about stopping the mail server?
>
> The 50k messages are blocking new mails.
>
> Get the bulk away, so new messages are processed, and then examine the 50k to 
> remove the dud ones.


if he wants to rmeove the bulk he must know what to look for now? seems 
like you  ppl are suggesting to tim to do more work then is neccessary, I 
do this regulary clearing out spammers trash, almost every 3 days, and im 
talking a damn sight more than 50K emails in the queue, also I suggest he 
changes his sendmail config..

define(`confQUEUE_SORT_ORDER', `time')dnl
that should solve his immediate problem, its not a default option, and if 
not already he should also add in:
define(`confSEPARATE_PROC',`True')dnl
define(`confDOUBLE_BOUNCE_ADDRESS',`')dnl




>
> Leif
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

-- 
Cheers
Res

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Tue Dec 20 10:14:21 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:33 2006
Subject: Ping
Message-ID: <mailman.18155.1137101493.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----

Ping at 10:14 am GMT.
- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBQ6fZgPw32o+k+q+hAQEAIggAt77M+rs94kmF/WoFFyn6KQyiARlMdqoO
ndoJ80nEPg8t3Wg0AoKj+Y3arQGKIHG9dYaxdKgB89iFXkqY8Jfr7x5PdfgxqVYp
VMY4S/JNcCX9UBKoC0Ol0r1le7A0pMRcB19lipWPylqtUzCx5gCaT2QRPXHWjWlN
0mfA96k58h0+nnC66CkFdtwEQU4WuRdxnK/jztdFw2eetqngjfJx0MYbsKz6akcY
J/GbG8qMuTRd1r2rxGldL8kzVeuvB4PZBiapIzuIivy3oKQzQaOJ9MUW2hPoiNC0
oFb9WqBlrPthN4nny3wKUvoCxBoMfDXttEc+UUjPfLjCedk8v4KuWQ==
=zcNu
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Andreas.Doerfler at KEMPTEN.DE  Tue Dec 20 10:21:57 2005
From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas)
Date: Thu Jan 12 21:31:33 2006
Subject: Ping
Message-ID: <mailman.18156.1137101493.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

pong ?

http://en.wikipedia.org/wiki/Pong


greetings
andy

--free your mind, use open source
http://www.mono-project.com

ASCII ribbon campaign ( )
 - against HTML email  X
             & vCards / \  

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dannyh at aac-services.co.uk  Tue Dec 20 10:29:32 2005
From: dannyh at aac-services.co.uk (Dan Harris)
Date: Thu Jan 12 21:31:33 2006
Subject: MAILSCANNER Digest - 18 Dec 2005 to 19 Dec 2005 (#2005-361)
Message-ID: <mailman.18157.1137101493.24926.mailscanner@lists.mailscanner.info>

Hi,

Anyone know why this week and last some (but not all) of my daily digest's
have some through in this format?  On the list server, my Subscription Type
is Digest (HTML format), and Header Style is Normal.

The first time this happened was for "MAILSCANNER Digest - 9 Dec 2005 to 10
Dec 2005 (#2005-352)", which was sent Sun 11/12/2005.
MAILSCANNER Digest - 10 Dec 2005 to 11 Dec 2005 (#2005-353) was ok
MAILSCANNER Digest - 11 Dec 2005 to 12 Dec 2005 (#2005-354) was broken again
MAILSCANNER Digest - 12 Dec 2005 to 13 Dec 2005 (#2005-355) was ok
MAILSCANNER Digest - 13 Dec 2005 to 14 Dec 2005 (#2005-356) broken
MAILSCANNER Digest - 14 Dec 2005 to 15 Dec 2005 (#2005-357) broken
MAILSCANNER Digest - 15 Dec 2005 to 16 Dec 2005 (#2005-358) broken
MAILSCANNER Digest - 16 Dec 2005 to 17 Dec 2005 (#2005-359) ok
MAILSCANNER Digest - 17 Dec 2005 to 18 Dec 2005 (#2005-360) ok
MAILSCANNER Digest - 18 Dec 2005 to 19 Dec 2005 (#2005-361) broken, see
below!

I've tried changing my list settings and changing them back several times
(although not over weekends, which is when some of the broken runs have
started), but this still seems to be happening fairly randomly.

Is anyone else subscribed to HTML digest seeing this, or is something this
end likely to be causing the problem?

Best Regards,

Dan Harris.

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of MAILSCANNER automatic digest system
Sent: 20 December 2005 00:00
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: MAILSCANNER Digest - 18 Dec 2005 to 19 Dec 2005 (#2005-361)

Web Bug from http://JISCMAIL.AC.UK&SKIP 

MAILSCANNER Digest - 18 Dec 2005 to 19 Dec 2005 (#2005-361)



Table of contents:


*	How do I add different Footer per domain? (2) 
*	Beta 4.49.2 released --- faster? (2) 
*	delete from the mailq (4) 
*	Notify recipient of blocked filetypes 
*	Beta 4.49.3 released (8) 
*	Maximum Message size and Attachmnet size no working for me (9) 
*	Will milter-greylist solve my directory harvest attacks? 

	
1.	How do I add different Footer per domain?

	*	How do I add different Footer per domain? (12/19)
		From: Fajar <fajarep@SIMPLIMOBILE.COM> 
	*	Re: How do I add different Footer per domain? (12/19)
		From: Denis Beauchemin <Denis.Beauchemin@USHERBROOKE.CA>

	
2.	Beta 4.49.2 released --- faster?

	*	Re: Beta 4.49.2 released --- faster? (12/19)
		From: Peter Peters <P.G.M.Peters@UTWENTE.NL> 
	*	Re: Beta 4.49.2 released --- faster? (12/19)
		From: Julian Field <MailScanner@ECS.SOTON.AC.UK>

<snip>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jaearick at COLBY.EDU  Tue Dec 20 12:19:24 2005
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:31:33 2006
Subject: Ping
Message-ID: <mailman.18158.1137101493.24926.mailscanner@lists.mailscanner.info>

Julian,
    I have noticed over the last couple of weeks that sometimes
I don't get your mailing list emails.  The last episode was your
posting on 4.49.3 beta.  I started seeing replies to it and
wondered where the original msg was.  It was in the list archive,
but not in my mailbox.  I wonder what is chomping up your missives.

Jeff Earickson
Colby College

On Tue, 20 Dec 2005, Julian Field wrote:

> Date: Tue, 20 Dec 2005 10:14:21 +0000
> From: Julian Field <MailScanner@ECS.SOTON.AC.UK>
> Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Ping
> 
> -----BEGIN PGP SIGNED MESSAGE-----
>
> Ping at 10:14 am GMT.
> - --
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.0.3 (Build 2932)
>
> iQEVAwUBQ6fZgPw32o+k+q+hAQEAIggAt77M+rs94kmF/WoFFyn6KQyiARlMdqoO
> ndoJ80nEPg8t3Wg0AoKj+Y3arQGKIHG9dYaxdKgB89iFXkqY8Jfr7x5PdfgxqVYp
> VMY4S/JNcCX9UBKoC0Ol0r1le7A0pMRcB19lipWPylqtUzCx5gCaT2QRPXHWjWlN
> 0mfA96k58h0+nnC66CkFdtwEQU4WuRdxnK/jztdFw2eetqngjfJx0MYbsKz6akcY
> J/GbG8qMuTRd1r2rxGldL8kzVeuvB4PZBiapIzuIivy3oKQzQaOJ9MUW2hPoiNC0
> oFb9WqBlrPthN4nny3wKUvoCxBoMfDXttEc+UUjPfLjCedk8v4KuWQ==
> =zcNu
> -----END PGP SIGNATURE-----
>
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From eaperezh at GMAIL.COM  Tue Dec 20 13:34:14 2005
From: eaperezh at GMAIL.COM (Erick Perez)
Date: Thu Jan 12 21:31:33 2006
Subject: modifications of email subscription headers
Message-ID: <mailman.18159.1137101493.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Most of you should probably have your mail readers already configured but
here is one suggestion to the list. Julian, can you modify (in the
future) the subject line of the mailing list so it reads
[MAILSCANNER.info] for example?
I've seen several lists that do so and i was wondering if there is a
special reason why u haven't.

just a comment


--

-------------------------------------------
Erick Perez
Linux User 376588
http://counter.li.org/  (Get counted!!!)
Panama, Republic of Panama

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From Denis.Beauchemin at USHERBROOKE.CA  Tue Dec 20 13:40:56 2005
From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin)
Date: Thu Jan 12 21:31:33 2006
Subject: modifications of email subscription headers
Message-ID: <mailman.18160.1137101493.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Erick Perez wrote:

> Most of you should probably have your mail readers already configured 
> but here is one suggestion to the list. Julian, can you modify (in the 
> future) the subject line of the mailing list so it reads 
> [MAILSCANNER.info] for example?
> I've seen several lists that do so and i was wondering if there is a 
> special reason why u haven't.
>
> just a comment


Erick,

This has been discussed before.  You can modify your preferences and 
receive a modified subject without imposing it on others (personnally, I 
hate it). Go to http://www.jiscmail.ac.uk/cgi-bin/webadmin?REPORT&z=3

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Tue Dec 20 13:47:28 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:33 2006
Subject: Ping
Message-ID: <mailman.18161.1137101493.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----

There is a SpamAssassin rule, called something like ANTIVIRUS_62 that  
assigns a high score to anything coming from an address containing  
mailscanner. This nobbles my postings :-(

On 20 Dec 2005, at 12:19, Jeff A. Earickson wrote:

> Julian,
>    I have noticed over the last couple of weeks that sometimes
> I don't get your mailing list emails.  The last episode was your
> posting on 4.49.3 beta.  I started seeing replies to it and
> wondered where the original msg was.  It was in the list archive,
> but not in my mailbox.  I wonder what is chomping up your missives.
>
> Jeff Earickson
> Colby College
>
> On Tue, 20 Dec 2005, Julian Field wrote:
>
>> Date: Tue, 20 Dec 2005 10:14:21 +0000
>> From: Julian Field <MailScanner@ECS.SOTON.AC.UK>
>> Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
>> To: MAILSCANNER@JISCMAIL.AC.UK
>> Subject: Ping
>> -----BEGIN PGP SIGNED MESSAGE-----
>>
>> Ping at 10:14 am GMT.
>> - --
>> Julian Field
>> www.MailScanner.info
>> Buy the MailScanner book at www.MailScanner.info/store
>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: PGP Desktop 9.0.3 (Build 2932)
>>
>> iQEVAwUBQ6fZgPw32o+k+q+hAQEAIggAt77M+rs94kmF/WoFFyn6KQyiARlMdqoO
>> ndoJ80nEPg8t3Wg0AoKj+Y3arQGKIHG9dYaxdKgB89iFXkqY8Jfr7x5PdfgxqVYp
>> VMY4S/JNcCX9UBKoC0Ol0r1le7A0pMRcB19lipWPylqtUzCx5gCaT2QRPXHWjWlN
>> 0mfA96k58h0+nnC66CkFdtwEQU4WuRdxnK/jztdFw2eetqngjfJx0MYbsKz6akcY
>> J/GbG8qMuTRd1r2rxGldL8kzVeuvB4PZBiapIzuIivy3oKQzQaOJ9MUW2hPoiNC0
>> oFb9WqBlrPthN4nny3wKUvoCxBoMfDXttEc+UUjPfLjCedk8v4KuWQ==
>> =zcNu
>> -----END PGP SIGNATURE-----
>>
>> -- 
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBQ6gLdPw32o+k+q+hAQGsFgf+O8YCgps98IKFl6THUoeNfizqCZFt/GDH
M0zKKZ+KePblb2zAKB6vjNtBAecqi99Rzd+wfhu/SclgWocD29pTQORcWXKxrigG
Z0idc5tb3hvLXeO+hPfAQs/lYpfTqr88wFWgG/qiIto6zxf2GA8VBSCV5ZFbljrW
tASVEz/3kBiadpfsc0oj18djIXn/1XYUMFr/79ty5kV5dw44bqgwj4HGGycnDn2H
ZW9D5BRC7PMArJwRBf3pz1QGIbfEy8HPx9qIV9cGqdCqL/wZbUwHKHNiCx6JAe5r
1SZRT8PfB5mPRXDlDjwMDaplJlM00edQaT6wpP/OJkVs3GoWRmbEAQ==
=8CI+
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jaearick at COLBY.EDU  Tue Dec 20 14:27:30 2005
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:31:33 2006
Subject: Ping
Message-ID: <mailman.18162.1137101493.24926.mailscanner@lists.mailscanner.info>

Julian,

Found it in bogus-virus-warnings.cf, part of the rulesemporium
stuff.  The authors of this ruleset seem very hostile towards
MailScanner.  I went thru mine and commented out all references
to MailScanner (I don't use rules du jour).  Rules-du-Jour users,
beware!!!

Jeff Earickson
Colby College

On Tue, 20 Dec 2005, Julian Field wrote:

> Date: Tue, 20 Dec 2005 13:47:28 +0000
> From: Julian Field <MailScanner@ECS.SOTON.AC.UK>
> Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Ping
> 
> -----BEGIN PGP SIGNED MESSAGE-----
>
> There is a SpamAssassin rule, called something like ANTIVIRUS_62 that
> assigns a high score to anything coming from an address containing
> mailscanner. This nobbles my postings :-(
>
> On 20 Dec 2005, at 12:19, Jeff A. Earickson wrote:
>
>> Julian,
>>    I have noticed over the last couple of weeks that sometimes
>> I don't get your mailing list emails.  The last episode was your
>> posting on 4.49.3 beta.  I started seeing replies to it and
>> wondered where the original msg was.  It was in the list archive,
>> but not in my mailbox.  I wonder what is chomping up your missives.
>>
>> Jeff Earickson
>> Colby College
>>
>> On Tue, 20 Dec 2005, Julian Field wrote:
>>
>>> Date: Tue, 20 Dec 2005 10:14:21 +0000
>>> From: Julian Field <MailScanner@ECS.SOTON.AC.UK>
>>> Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
>>> To: MAILSCANNER@JISCMAIL.AC.UK
>>> Subject: Ping
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>
>>> Ping at 10:14 am GMT.
>>> - --
>>> Julian Field
>>> www.MailScanner.info
>>> Buy the MailScanner book at www.MailScanner.info/store
>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>>
>>>
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: PGP Desktop 9.0.3 (Build 2932)
>>>
>>> iQEVAwUBQ6fZgPw32o+k+q+hAQEAIggAt77M+rs94kmF/WoFFyn6KQyiARlMdqoO
>>> ndoJ80nEPg8t3Wg0AoKj+Y3arQGKIHG9dYaxdKgB89iFXkqY8Jfr7x5PdfgxqVYp
>>> VMY4S/JNcCX9UBKoC0Ol0r1le7A0pMRcB19lipWPylqtUzCx5gCaT2QRPXHWjWlN
>>> 0mfA96k58h0+nnC66CkFdtwEQU4WuRdxnK/jztdFw2eetqngjfJx0MYbsKz6akcY
>>> J/GbG8qMuTRd1r2rxGldL8kzVeuvB4PZBiapIzuIivy3oKQzQaOJ9MUW2hPoiNC0
>>> oFb9WqBlrPthN4nny3wKUvoCxBoMfDXttEc+UUjPfLjCedk8v4KuWQ==
>>> =zcNu
>>> -----END PGP SIGNATURE-----
>>>
>>> --
>>> This message has been scanned for viruses and
>>> dangerous content by MailScanner, and is
>>> believed to be clean.
>>>
>>> ------------------------ MailScanner list ------------------------
>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>> 'leave mailscanner' in the body of the email.
>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>
> - --
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.0.3 (Build 2932)
>
> iQEVAwUBQ6gLdPw32o+k+q+hAQGsFgf+O8YCgps98IKFl6THUoeNfizqCZFt/GDH
> M0zKKZ+KePblb2zAKB6vjNtBAecqi99Rzd+wfhu/SclgWocD29pTQORcWXKxrigG
> Z0idc5tb3hvLXeO+hPfAQs/lYpfTqr88wFWgG/qiIto6zxf2GA8VBSCV5ZFbljrW
> tASVEz/3kBiadpfsc0oj18djIXn/1XYUMFr/79ty5kV5dw44bqgwj4HGGycnDn2H
> ZW9D5BRC7PMArJwRBf3pz1QGIbfEy8HPx9qIV9cGqdCqL/wZbUwHKHNiCx6JAe5r
> 1SZRT8PfB5mPRXDlDjwMDaplJlM00edQaT6wpP/OJkVs3GoWRmbEAQ==
> =8CI+
> -----END PGP SIGNATURE-----
>
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From martelm at QUARK.VSC.EDU  Tue Dec 20 15:05:34 2005
From: martelm at QUARK.VSC.EDU (Michael H. Martel)
Date: Thu Jan 12 21:31:33 2006
Subject: Ping
Message-ID: <mailman.18163.1137101493.24926.mailscanner@lists.mailscanner.info>

--On December 20, 2005 9:27:30 AM -0500 "Jeff A. Earickson" 
<jaearick@COLBY.EDU> wrote:

> MailScanner.  I went thru mine and commented out all references
> to MailScanner (I don't use rules du jour).  Rules-du-Jour users,

For what it's worth, I just score those scores down to 0 in a .cf file. 
That way I can update the file if it ever changes and not have to remember 
to reset the scores.


Michael

--

  --------------------------------o---------------------------------
   Michael H. Martel              | Systems Administrator
   michael.martel@vsc.edu         | Vermont State Colleges
   http://www.vsc.edu/~michael    | PH:802-241-2544 FX:802-241-3363

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mike at woco-k12.org  Tue Dec 20 15:25:39 2005
From: mike at woco-k12.org (Mike Wagner)
Date: Thu Jan 12 21:31:33 2006
Subject: Questions about installing MailScanner
Message-ID: <mailman.18164.1137101493.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Thanks all for your input on this.  I got MailScanner up and running 
successfully.  The only other question I have is this:

Our main ISP (our SMTP Gateway) already filters mail for viruses (using 
Sophos) and spam using MailMarshal.  All I really wanted to do with 
MailScanner is to be able to add the signature at the end of all 
outgoing messages.  Mainly a confidentiality notice.  When I go through 
the MailScanner conf file, I turn off all the filtering and scanning, 
and I turn on sign clean messages...  The messages don't get signed. 
So, I turn on the first rule that says scan messages, and then I turn 
off Anti-Virus and Anti-Spam scanning, and it still doesn't add the 
signature at the end.  Is there any way to do this without using AV and 
AntiSpam filtering??


Thanks!

-----------------------------

Mike Wagner
Western Ohio Computer Org.
Technology Administrator
mike@woco-k12.org

-----------------------------

Ugo Bellavance wrote:
> Mike Wagner wrote:
>> I'm looking at adding MailScanner to our existing environment.  We have a
>> RH9 server, with Sendmail.  I've configured Sendmail to use 
>> authentication.
>>  I've also configured many aliases, and rely heavily on these types of
>> features of sendmail.
>> If I install MailScanner, will I lose those functionalities of 
>> Sendmail?? Will everything I've configured still work, including 
>> authentication?
>>
>> Any help is greatly appreciated.
>>
>> -Mike Wagner
>>
> 
> If there is nothing on this server already, I'd probably upgrade to 
> CentOS 3 of 4 before installing MailScanner, to make sure you'll always 
> have security updates.
> 
> Regards,
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Andreas.Doerfler at KEMPTEN.DE  Tue Dec 20 15:45:40 2005
From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas)
Date: Thu Jan 12 21:31:33 2006
Subject: Ping
Message-ID: <mailman.18165.1137101493.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

 another _fix_ will be to whitelist the lists (ive done that long ago)


greetings
andy

--free your mind, use open source
http://www.mono-project.com

ASCII ribbon campaign ( )
 - against HTML email  X
             & vCards / \  


> -----Original Message-----
> From: MailScanner mailing list 
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jeff A. Earickson
> Sent: Tuesday, December 20, 2005 3:28 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Ping
> 
> Julian,
> 
> Found it in bogus-virus-warnings.cf, part of the rulesemporium
> stuff.  The authors of this ruleset seem very hostile towards
> MailScanner.  I went thru mine and commented out all references
> to MailScanner (I don't use rules du jour).  Rules-du-Jour users,
> beware!!!
> 
> Jeff Earickson
> Colby College

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ja at CONVIATOR.COM  Tue Dec 20 15:58:31 2005
From: ja at CONVIATOR.COM (Jan Agermose)
Date: Thu Jan 12 21:31:33 2006
Subject: delete from the mailq
Message-ID: <mailman.18166.1137101493.24926.mailscanner@lists.mailscanner.info>

>define(`confQUEUE_SORT_ORDER', `time')dnl
>that should solve his immediate problem, its not a default option, and
if 
>not already he should also add in:
>define(`confSEPARATE_PROC',`True')dnl
>define(`confDOUBLE_BOUNCE_ADDRESS',`')dnl

Hi

Well first - thanks for the ideas and input. I ended up simply "riding
it off". I thing I should upgrade the server to something faster *LOL*

Anyway as this might not be the last time something like this happens I
will look at the script that was posted and keep that in mind. 

What does the above do? 

It actually looked as if new mails was handled before the old queued
mails so operation was sort of normal. New mails where only delayed a
bit. 

Thanks again
Best regards
Jan

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From martinh at SOLID-STATE-LOGIC.COM  Tue Dec 20 16:16:15 2005
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:31:33 2006
Subject: Beta 4.49.3 released
Message-ID: <mailman.18167.1137101493.24926.mailscanner@lists.mailscanner.info>

Jules

Seems to be a problem with the signing code somewhere, it's dumping the exim
queue filename containing the data part of the email at the top of the
message body..

Ie   <message-id>-D  always appears at the top of the message body for
signed (Sign Clean Messages = yes) email.

--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Julian Field
> Sent: 19 December 2005 19:59
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: [MAILSCANNER] Beta 4.49.3 released
> 
> Raymond,
> 
> Here is a replacement EximDiskStore.pm and Message.pm for you to try
> out. Save a copy of Message.pm before you do it in case it doesn't work
> too well. The change to EximDiskStore.pm is just to add a new function,
> so won't affect functionality if you revert Message.pm.
> 
> Let me know how you get on.
> 
> 
> Raymond Dijkxhoorn wrote:
> 
> > Hi!
> >
> >> The timing was done by running:
> >>
> >> cd /usr/sbin; time MailScanner /etc/MailScanner/MailScanner.conf
> >>
> >> To calculate the results - I ran the same batch of messages through
> each
> >> version of MailScanner 5 times then took the average time.
> >>
> >> 4.48-4:     1m29s
> >> 4.49-3:     0m50s
> >>
> >> Warning: my maths is pretty terrible - but I think that works out at
> >> around a 56% improvement!!!
> >
> >
> > I am seeing a little less, but with smaller batches, and with live
> > data. Speed seems 15-18% then. Some peeks to 24%. Still amazingly much
> > so really want to see this code on our busy frontend boxes ;) (Exim).
> >
> > Nice job Julian!
> >
> > Bye,
> > Raymond.
> >
> > ------------------------ MailScanner list ------------------------
> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> > Support MailScanner development - buy the book off the website!
> 
> 
> --
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> 
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> 
> 
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jaearick at COLBY.EDU  Tue Dec 20 16:23:39 2005
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:31:33 2006
Subject: Ping
Message-ID: <mailman.18168.1137101493.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

good suggestion, I just added 130.246.192.56 to my DNS whitelist...

Jeff Earickson

On Tue, 20 Dec 2005, Dörfler Andreas wrote:

> Date: Tue, 20 Dec 2005 16:45:40 +0100
> From: Dörfler Andreas <Andreas.Doerfler@KEMPTEN.DE>
> Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Ping
> 
> another _fix_ will be to whitelist the lists (ive done that long ago)
>
>
> greetings
> andy
>
> --free your mind, use open source
> http://www.mono-project.com
>
> ASCII ribbon campaign ( )
> - against HTML email  X
>             & vCards / \
>
>
>> -----Original Message-----
>> From: MailScanner mailing list
>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jeff A. Earickson
>> Sent: Tuesday, December 20, 2005 3:28 PM
>> To: MAILSCANNER@JISCMAIL.AC.UK
>> Subject: Re: Ping
>>
>> Julian,
>>
>> Found it in bogus-virus-warnings.cf, part of the rulesemporium
>> stuff.  The authors of this ruleset seem very hostile towards
>> MailScanner.  I went thru mine and commented out all references
>> to MailScanner (I don't use rules du jour).  Rules-du-Jour users,
>> beware!!!
>>
>> Jeff Earickson
>> Colby College
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!
From martinh at SOLID-STATE-LOGIC.COM  Tue Dec 20 16:28:06 2005
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:31:33 2006
Subject: Ping
Message-ID: <mailman.18169.1137101493.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Jeff

I have the following in my spam.assassin.prefs.conf to get around these
rules..


# stop MS based email systems getting nuked by the bogus virus warning
rules..

score VIRUS_WARNING15   0
score VIRUS_WARNING28   0
score VIRUS_WARNING33   0
score VIRUS_WARNING62   0
score VIRUS_WARNING66   0
score VIRUS_WARNING226  0
score VIRUS_WARNING250  0
score VIRUS_WARNING300  0
score VIRUS_WARNING326  0
score VIRUS_WARNING339  0
score VIRUS_WARNING340  0

--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Jeff A. Earickson
> Sent: 20 December 2005 16:24
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: [MAILSCANNER] Ping
> 
> good suggestion, I just added 130.246.192.56 to my DNS whitelist...
> 
> Jeff Earickson
> 
> On Tue, 20 Dec 2005, Dörfler Andreas wrote:
> 
> > Date: Tue, 20 Dec 2005 16:45:40 +0100
> > From: Dörfler Andreas <Andreas.Doerfler@KEMPTEN.DE>
> > Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: Re: Ping
> >
> > another _fix_ will be to whitelist the lists (ive done that long ago)
> >
> >
> > greetings
> > andy
> >
> > --free your mind, use open source
> > http://www.mono-project.com
> >
> > ASCII ribbon campaign ( )
> > - against HTML email  X
> >             & vCards / \
> >
> >
> >> -----Original Message-----
> >> From: MailScanner mailing list
> >> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jeff A. Earickson
> >> Sent: Tuesday, December 20, 2005 3:28 PM
> >> To: MAILSCANNER@JISCMAIL.AC.UK
> >> Subject: Re: Ping
> >>
> >> Julian,
> >>
> >> Found it in bogus-virus-warnings.cf, part of the rulesemporium
> >> stuff.  The authors of this ruleset seem very hostile towards
> >> MailScanner.  I went thru mine and commented out all references
> >> to MailScanner (I don't use rules du jour).  Rules-du-Jour users,
> >> beware!!!
> >>
> >> Jeff Earickson
> >> Colby College
> >
> > ------------------------ MailScanner list ------------------------
> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> > Support MailScanner development - buy the book off the website!
> >
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jaearick at COLBY.EDU  Tue Dec 20 16:38:10 2005
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:31:33 2006
Subject: Ping
Message-ID: <mailman.18170.1137101493.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Maybe this fine addition  needs to go into the spam.assassin.prefs.conf
in the next release...  I've added it to my copy.  Thanks, Jeff

On Tue, 20 Dec 2005, Martin Hepworth wrote:

> Date: Tue, 20 Dec 2005 16:28:06 -0000
> From: Martin Hepworth <martinh@SOLID-STATE-LOGIC.COM>
> Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Ping
> 
> Jeff
>
> I have the following in my spam.assassin.prefs.conf to get around these
> rules..
>
>
> # stop MS based email systems getting nuked by the bogus virus warning
> rules..
>
> score VIRUS_WARNING15   0
> score VIRUS_WARNING28   0
> score VIRUS_WARNING33   0
> score VIRUS_WARNING62   0
> score VIRUS_WARNING66   0
> score VIRUS_WARNING226  0
> score VIRUS_WARNING250  0
> score VIRUS_WARNING300  0
> score VIRUS_WARNING326  0
> score VIRUS_WARNING339  0
> score VIRUS_WARNING340  0
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>> -----Original Message-----
>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
>> Behalf Of Jeff A. Earickson
>> Sent: 20 December 2005 16:24
>> To: MAILSCANNER@JISCMAIL.AC.UK
>> Subject: Re: [MAILSCANNER] Ping
>>
>> good suggestion, I just added 130.246.192.56 to my DNS whitelist...
>>
>> Jeff Earickson
>>
>> On Tue, 20 Dec 2005, Dörfler Andreas wrote:
>>
>>> Date: Tue, 20 Dec 2005 16:45:40 +0100
>>> From: Dörfler Andreas <Andreas.Doerfler@KEMPTEN.DE>
>>> Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
>>> To: MAILSCANNER@JISCMAIL.AC.UK
>>> Subject: Re: Ping
>>>
>>> another _fix_ will be to whitelist the lists (ive done that long ago)
>>>
>>>
>>> greetings
>>> andy
>>>
>>> --free your mind, use open source
>>> http://www.mono-project.com
>>>
>>> ASCII ribbon campaign ( )
>>> - against HTML email  X
>>>             & vCards / \
>>>
>>>
>>>> -----Original Message-----
>>>> From: MailScanner mailing list
>>>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jeff A. Earickson
>>>> Sent: Tuesday, December 20, 2005 3:28 PM
>>>> To: MAILSCANNER@JISCMAIL.AC.UK
>>>> Subject: Re: Ping
>>>>
>>>> Julian,
>>>>
>>>> Found it in bogus-virus-warnings.cf, part of the rulesemporium
>>>> stuff.  The authors of this ruleset seem very hostile towards
>>>> MailScanner.  I went thru mine and commented out all references
>>>> to MailScanner (I don't use rules du jour).  Rules-du-Jour users,
>>>> beware!!!
>>>>
>>>> Jeff Earickson
>>>> Colby College
>>>
>>> ------------------------ MailScanner list ------------------------
>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>> 'leave mailscanner' in the body of the email.
>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>
>
> **********************************************************************
>
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
>
> This footnote confirms that this email message has been swept
> for the presence of computer viruses and is believed to be clean.
>
> **********************************************************************
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!
From mike at woco-k12.org  Tue Dec 20 17:34:07 2005
From: mike at woco-k12.org (Mike Wagner)
Date: Thu Jan 12 21:31:33 2006
Subject: Conf Files
Message-ID: <mailman.18171.1137101493.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi Everyone,

In regards to my previous post about adding the signatures to outgoing 
emails.  I've attached my MailScanner.conf and sign.rules files.  Could 
someone take a look and see what I did wrong?


-- 
Thanks!

-----------------------------

Mike Wagner
Western Ohio Computer Org.
Technology Administrator
mike@woco-k12.org

-----------------------------

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2: "Attached Text" ]

From:       *@mccesc.k12.oh.us                yes
FromOrTo:    default                 no


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 3: "Attached Text" ]

# Main configuration file for the MailScanner E-Mail Virus Scanner
#
# It's good practice to check through configuration files to make sure
# they fit with your system and your needs, whatever you expect them to
# contain.
#
# Note: If your directories are symlinked (soft-linked) in any way,
#       please put their *real* location in here, not a path that
#       includes any links. You may get some very strange error
#       messages from some of the virus scanners if you don't.
#
# Note for Version 4.00 and above:
#       A lot of the settings can take a ruleset as well as just simple
#       values. These rulesets are files containing rules which are applied
#       to the current message to calculate the value of the configuration
#       option. The rules are checked in the order they appear in the ruleset.
#
# Note for Version 4.03 and above:
#       As well as rulesets, you can now include your own functions in
#       here. Look at the directory containing Config.pm and you will find
#       CustomConfig.pm. In here, you can add your own "value" function and
#       an Initvalue function to set up any global state you need such as
#       database connections. Then for a setting below, you can put:
#               Configuration Option = &ValueFunction
#       where "ValueFunction" is the name of the function you have
#       written in CustomConfig.pm.
#

#
# Definition of variables which are substituted into definitions below.
#
# You can add any %variables% that you want to use in addition to the
# ones provided.
#
# You can also use any shell environment variables here such as $HOSTNAME
# or ${HOSTNAME} in configuration settings and rulesets. See the
# definition of "Hostname" for an example.
#

# Set the directory containing all the reports in the required language
%report-dir% = /etc/MailScanner/reports/en

# Configuration directory containing this file
%etc-dir% = /etc/MailScanner

# Rulesets directory containing your ".rules" files
%rules-dir% = /etc/MailScanner/rules

# Configuration directory containing files related to MCP
# (Message Content Protection)
%mcp-dir% = /etc/MailScanner/mcp

# Enter a short identifying name for your organisation below, this is
# used to make the X-MailScanner headers unique for your organisation.
# Multiple servers within one site should use an identical value here
# to avoid adding multiple redundant headers where mail has passed
# through several servers within your organisation.
#
# Note: Some Symantec scanners complain (incorrectly) about "."
# ***** characters appearing in the names of headers.
#       Some other mail servers complain about "_" characters
#       appearing in the names of headers as well.
#       So don't put "." or "_" in this setting.
#
# **** RULE: It must not contain any spaces! ****
%org-name% = MCCESC

# Enter the full name of your organisation below, this is used in the
# signature placed at the bottom of report messages sent by MailScanner.
# It can include pretty much any text you like. You can make the result
# span several lines by including "\n" sequences in the text. These will
# be replaced by line-breaks.
%org-long-name% = Madison-Champaign ESC

# Enter the location of your organisation's web site below. This is used
# in the signature placed at the bottom of report messages sent by
# MailScanner. It should preferably be the location of a page that you
# have written explaining why you might have rejected the mail and what
# the recipient and/or sender should do about it.
%web-site% = www.mccesc.k12.oh.us

#
# System settings
# ---------------
#

# How many MailScanner processes do you want to run at a time?
# There is no point increasing this figure if your MailScanner server
# is happily keeping up with your mail traffic.
# If you are running on a server with more than 1 CPU, or you have a
# high mail load (and/or slow DNS lookups) then you should see better
# performance if you increase this figure.
# If you are running on a small system with limited RAM, you should
# note that each child takes just over 20MB.
#
# As a rough guide, try 5 children per CPU. But read the notes above.
Max Children = 5

# User to run as (not normally used for sendmail)
# If you want to change the ownership or permissions of the quarantine or
# temporary files created by MailScanner, please see the "Incoming Work"
# settings later in this file.
#Run As User = mail
#Run As User = postfix
Run As User =

# Group to run as (not normally used for sendmail)
#Run As Group = mail
#Run As Group = postfix
Run As Group =

# How often (in seconds) should each process check the incoming mail
# queue for new messages? If you have a quiet mail server, you might
# want to increase this value so it causes less load on your server, at
# the cost of slightly increasing the time taken for an average message
# to be processed.
Queue Scan Interval = 6

# Set location of incoming mail queue
#
# This can be any one of
# 1. A directory name
#    Example: /var/spool/mqueue.in
# 2. A wildcard giving directory names
#    Example: /var/spool/mqueue.in/*
# 3. The name of a file containing a list of directory names,
#    which can in turn contain wildcards.
#    Example: /etc/MailScanner/mqueue.in.list.conf
#
# If you are using sendmail and have your queues split into qf, df, xf
# directories, then just specify the main directory, do not give me the
# directory names of the qf,df,xf directories.
# Example: if you have /var/spool/mqueue.in/qf
#                      /var/spool/mqueue.in/df
#                      /var/spool/mqueue.in/xf
# then just tell me /var/spool/mqueue.in. I will find the subdirectories
# automatically.
#
Incoming Queue Dir = /var/spool/mqueue.in

# Set location of outgoing mail queue.
# This can also be the filename of a ruleset.
Outgoing Queue Dir = /var/spool/mqueue

# Set where to unpack incoming messages before scanning them
# This can completely safely use tmpfs or a ramdisk, which will
# give you a significant performance improvement.
# NOTE: The path given here must not include any links at all,
# NOTE: but must be the absolute path to the directory.
Incoming Work Dir = /var/spool/MailScanner/incoming

# Set where to store infected and message attachments (if they are kept)
# This can also be the filename of a ruleset.
Quarantine Dir = /var/spool/MailScanner/quarantine

# Set where to store the process id number so you can stop MailScanner
PID file = /var/run/MailScanner.pid

# To avoid resource leaks, re-start periodically
Restart Every = 14400

# Set whether to use postfix, sendmail, exim or zmailer.
# If you are using postfix, then see the "SpamAssassin User State Dir"
# setting near the end of this file
MTA = sendmail

# Set how to invoke MTA when sending messages MailScanner has created
# (e.g. to sender/recipient saying "found a virus in your message")
# This can also be the filename of a ruleset.
Sendmail = /usr/sbin/sendmail

# Sendmail2 is provided for Exim users.
# It is the command used to attempt delivery of outgoing cleaned/disinfected
# messages.
# This is not usually required for sendmail.
# This can also be the filename of a ruleset.
#For Exim users: Sendmail2 = /usr/sbin/exim -C /etc/exim/exim_send.conf
#For sendmail users: Sendmail2 = /usr/sbin/sendmail
#Sendmail2 = /usr/sbin/sendmail -C /etc/exim/exim_send.conf
Sendmail2 = /usr/sbin/sendmail

#
# Incoming Work Dir Settings
# --------------------------
#
# You should not normally need to touch these settings at all,
# unless you are using ClamAV and need to be able to use the
# external archive unpackers instead of ClamAV's built-in ones.

# If you want to create the temporary working files so they are owned
# by a user other than the "Run As User" setting at the top of this file,
# you can change that here.
# Note: If the "Run As User" is not "root" then you cannot change the
#       user but may still be able to change the group, if the
#       "Run As User" is a member of both of the groups "Run As Group"
#       and "Incoming Work Group".
Incoming Work User =
Incoming Work Group =

# If you want processes running under the same *group* as MailScanner to
# be able to read the working files (and list what is in the
# directories, of course), set to 0640. If you want *all* other users to
# be able to read them, set to 0644. For a detailed description, if
# you're not already familiar with it, refer to `man 2 chmod`.
# Typical use: external helper programs of virus scanners (notably ClamAV),
# like unpackers.
# Use with care, you may well open security holes.
Incoming Work Permissions = 0600

#
# Quarantine and Archive Settings
# -------------------------------
#
# If, for example, you are using a web interface so that users can manage
# their quarantined files, you might want to change the ownership and
# permissions of the quarantined so that they can be read and/or deleted
# by the web server.
# Don't touch this unless you know what you are doing!

# If you want to create the quarantine/archive so the files are owned
# by a user other than the "Run As User" setting at the top of this file,
# you can change that here.
# Note: If the "Run As User" is not "root" then you cannot change the
#       user but may still be able to change the group, if the
#       "Run As User" is a member of both of the groups "Run As Group"
#       and "Quarantine Group".
Quarantine User =
Quarantine Group =

# If you want processes running under the same *group* as MailScanner to
# be able to read the quarantined files (and list what is in the
# directories, of course), set to 0640. If you want *all* other users to
# be able to read them, set to 0644. For a detailed description, if
# you're not already familiar with it, refer to `man 2 chmod`.
# Typical use: let the webserver have access to the files so users can
# download them if they really want to.
# Use with care, you may well open security holes.
Quarantine Permissions = 0600

#
# Processing Incoming Mail
# ------------------------
#

# In every batch of virus-scanning, limit the maximum
# a) number of unscanned messages to deliver
# b) number of potentially infected messages to unpack and scan
# c) total size of unscanned messages to deliver
# d) total size of potentially infected messages to unpack and scan

Max Unscanned Bytes Per Scan = 100000000
Max Unsafe Bytes Per Scan = 50000000
Max Unscanned Messages Per Scan = 30
Max Unsafe Messages Per Scan = 30

# If more messages are found in the queue than this, then switch to an
# "accelerated" mode of processing messages. This will cause it to stop
# scanning messages in strict date order, but in the order it finds them
# in the queue. If your queue is bigger than this size a lot of the time,
# then some messages could be greatly delayed. So treat this option as
# "in emergency only".
Max Normal Queue Size = 800

# If this is set to yes, then email messages passing through MailScanner
# will be processed and checked, and all the other options in this file
# will be used to control what checks are made on the message.
# If this is set to no, then email messages will NOT be processed or
# checked *at all*, and so any viruses or other problems will be ignored.
#
# The purpose of this option is to set it to be a ruleset, so that you
# can skip all scanning of mail destined for some of your users/customers
# and still scan all the rest.
# A sample ruleset would look like this:
#   To:       bad.customer.com  no
#   From:     ignore.domain.com no
#   FromOrTo: default           yes
# That will scan all mail except mail to bad.customer.com and mail from
# ignore.domain.com. To set this up, put the 3 lines above into a file
# called /etc/MailScanner/rules/scan.messages.rules and set the next line to
# Scan Messages = %rules-dir%/scan.messages.rules
# This can also be the filename of a ruleset (as illustrated above).
Scan Messages = yes

# You may not want to receive mail from certain addresses and/or to certain
# addresses. If so, you can do this with your email transport (sendmail,
# Postfix, etc) but that will just send a one-line message which is not
# helpful to the user sending the message.
# If this is set to yes, then the message set by the "Rejection Report"
# will be sent instead, and the incoming message will be deleted.
# If you want to store a copy of the original incoming message then use the
# "Archive Mail" setting to archive a copy of it.
# The purpose of this option is to set it to be a ruleset, so that you
# can reject messages from a few offending addresses where you need to  send
# a polite reply instead of just a brief 1-line rejection message.
Reject Message = no

# The maximum number of attachments allowed in a message before it is
# considered to be an error. Some email systems, if bouncing a message
# between 2 addresses repeatedly, add information about each bounce as
# an attachment, creating a message with thousands of attachments in just
# a few minutes. This can slow down or even stop MailScanner as it uses
# all available memory to unpack these thousands of attachments.
# This can also be the filename of a ruleset.
Maximum Attachments Per Message = 200

# Expand TNEF attachments using an external program (or a Perl module)?
# This should be "yes" unless the scanner you are using (Sophos, McAfee) has
# the facility built-in. However, if you set it to "no", then the filenames
# within the TNEF attachment will not be checked against the filename rules.
Expand TNEF = yes

# Some versions of Microsoft Outlook generate unparsable Rich Text
# format attachments. Do we want to deliver these bad attachments anyway?
# Setting this to yes introduces the slight risk of a virus getting through,
# but if you have a lot of troubled Outlook users you might need to do this.
# We are working on a replacement for the TNEF decoder.
# This can also be the filename of a ruleset.
Deliver Unparsable TNEF = no

# Where the MS-TNEF expander is installed.
# This is EITHER the full command (including maxsize option) that runs
# the external TNEF expander binary,
# OR the keyword "internal" which will make MailScanner use the Perl
# module that does the same job.
# They are both provided as I am unsure which one is faster and which
# one is capable of expanding more file formats (there are plenty!).
#
# The --maxsize option limits the maximum size that any expanded attachment
# may be. It helps protect against Denial Of Service attacks in TNEF files.
# This can also be the filename of a ruleset.
#TNEF Expander  = internal
TNEF Expander = /usr/bin/tnef --maxsize=100000000

# The maximum length of time the TNEF Expander is allowed to run for 1 message.
# (in seconds)
TNEF Timeout = 120

# Where the "file" command is installed.
# This is used for checking the content type of files, regardless of their
# filename.
# To disable Filetype checking, set this value to blank.
File Command = #DISABLED /usr/bin/file

# The maximum length of time the "file" command is allowed to run for 1
# batch of messages (in seconds)
File Timeout = 20

# Where the "unrar" command is installed.
# If you haven't got this command, look at www.rarlab.com.
#
# This is used for unpacking rar archives so that the contents can be
# checked for banned filenames and filetypes, and also that the
# archive can be tested to see if it is password-protected.
# Virus scanning the contents of rar archives is still left to the virus
# scanner, with one exception:
# If using the clavavmodule virus scanner, this adds external RAR checking
# to that scanner which is needed for archives which are RAR version 3.
Unrar Command = /usr/bin/unrar

# The maximum length of time the "unrar" command is allowed to run for 1
# RAR archive (in seconds)
Unrar Timeout = 50

# The maximum size, in bytes, of any message including the headers.
# If this is set to zero, then no size checking is done.
# This can also be the filename of a ruleset, so you can have different
# settings for different users. You might want to set this quite small for
# dialup users so their email applications don't time out downloading huge
# messages.
Maximum Message Size = 0

# The maximum size, in bytes, of any attachment in a message.
# If this is set to zero, effectively no attachments are allowed.
# If this is set less than zero, then no size checking is done.
# This can also be the filename of a ruleset, so you can have different
# settings for different users. You might want to set this quite small for
# large mailing lists so they don't get deluged by large attachments.
Maximum Attachment Size = -1

# The minimum size, in bytes, of any attachment in a message.
# If this is set less than or equal to zero, then no size checking is done.
# It is very useful to set this to 1 as it removes any zero-length
# attachments which may be created by broken viruses.
# This can also be the filename of a ruleset.
Minimum Attachment Size = -1

# The maximum depth to which zip archives will be unpacked, to allow for
# checking filenames and filetypes within zip archives.
#
# Note: This setting does *not* affect virus scanning in archives at all.
#
# To disable this feature set this to 0.
# A common useful setting is this option = 0, and Allow Password-Protected
# Archives = no. That block password-protected archives but does not do
# any filename/filetype checks on the files within the archive.
# This can also be the filename of a ruleset.
Maximum Archive Depth = 2

# Find zip archives by filename or by file contents?
# Finding them by content is a far more reliable way of finding them, but
# it does mean that you cannot tell your users to avoid zip file checking
# by renaming the file from ".zip" to "_zip" and tricks like that.
# Only set this to no (i.e. check by filename only) if you don't want to
# reliably check the contents of zip files. Note this does not affect
# virus checking, but it will affect all the other checks done on the contents
# of the zip file.
# This can also be the filename of a ruleset.
Find Archives By Content = yes

#
# Virus Scanning and Vulnerability Testing
# ----------------------------------------
#

# Do you want to scan email for viruses?
# A few people don't have a virus scanner licence and so want to disable
# all the virus scanning.
# If you use a ruleset for this setting, then the mail will be scanned if
# *any* of the rules match (except the default). That way unscanned mail
# never reaches a user who is having their mail virus-scanned.
#
# If you want to be able to switch scanning on/off for different users or
# different domains, set this to the filename of a ruleset.
# This can also be the filename of a ruleset.
Virus Scanning = no

# Which Virus Scanning package to use:
# sophos    from www.sophos.com, or
# sophossavi (also from www.sophos.com, using the SAVI perl module), or
# mcafee    from www.mcafee.com, or
# command   from www.command.co.uk, or
# bitdefender from www.bitdefender.com, or
# drweb     from www.dials.ru/english/dsav_toolkit/drwebunix.htm, or
# kaspersky-4.5 from www.kaspersky.com (Version 4.5 and newer), or
# kaspersky from www.kaspersky.com, or
# kavdaemonclient from www.kaspersky.com, or
# etrust    from http://www3.ca.com/Solutions/Product.asp?ID=156, or
# inoculate from www.cai.com/products/inoculateit.htm, or
# inoculan  from ftp.ca.com/pub/getbbs/linux.eng/inoctar.LINUX.Z, or
# nod32     for No32 before version 1.99 from www.nod32.com, or
# nod32-1.99 for Nod32 1.99 and later, from www.nod32.com, or
# f-secure  from www.f-secure.com, or
# f-prot    from www.f-prot.com, or
# panda     from www.pandasoftware.com, or
# rav       from www.ravantivirus.com, or
# antivir   from www.antivir.de, or
# clamav    from www.clamav.net, or
# clamavmodule (also from www.clamav.net using the ClamAV perl module), or
# trend     from www.trendmicro.com, or
# norman    from www.norman.de, or
# css       from www.symantec.com, or
# avg       from www.grisoft.com, or
# vexira    from www.centralcommand.com, or
# symscanengine from www.symantec.com (Symantec Scan Engine, not CSS), or
# generic   One you wrote: edit the generic-wrapper and generic-autoupdate
#           to fit your own needs. The output spec is in generic-wrapper, or
# none      No virus scanning at all.
#
# Note for McAfee users: do not use any symlinks with McAfee at all. It is
#                        very strange but may not detect all viruses when
#                        started from a symlink or scanning a directory path
#                        including symlinks.
#
# Note: If you want to use multiple virus scanners, then this should be a
# space-separated list of virus scanners. For example:
# Virus Scanners = sophos f-prot mcafee
#
# Note: Make sure that you check that the base installation directory in the
#       3rd column of virus.scanners.conf matches the location you have
#       installed each of your virus scanners. The supplied
#       virus.scanners.conf file assumes the default installation locations
#       recommended by each of the virus scanner installation guides.
#
# This *cannot* be the filename of a ruleset.
Virus Scanners = none

# The maximum length of time the commercial virus scanner is allowed to run
# for 1 batch of messages (in seconds).
Virus Scanner Timeout = 300

# Should I attempt to disinfect infected attachments and then deliver
# the clean ones. "Disinfection" involves removing viruses from files
# (such as removing macro viruses from documents). "Cleaning" is the
# replacement of infected attachments with "VirusWarning.txt" text
# attachments.
# Less than 1% of viruses in the wild can be successfully disinfected,
# as macro viruses are now a rare occurrence. So the default has been
# changed to "no" as it gives a significant performance improvement.
#
# This can also be the filename of a ruleset.
Deliver Disinfected Files = no

# Strings listed here will be searched for in the output of the virus scanners.
# It is used to list which viruses should be handled differently from other
# viruses. If a virus name is given here, then
# 1) The sender will not be warned that he sent it
# 2) No attempt at true disinfection will take place
#    (but it will still be "cleaned" by removing the nasty attachments
#     from the message)
# 3) The recipient will not receive the message,
#    unless the "Still Deliver Silent Viruses" option is set
# Other words that can be put in this list are the 5 special keywords
#    HTML-IFrame   : inserting this will stop senders being warned about
#                    HTML Iframe tags, when they are not allowed.
#    HTML-Codebase : inserting this will stop senders being warned about
#                    HTML Object Codebase/Data tags, when they are not allowed.
#    HTML-Script   : inserting this will stop senders being warned about
#                    HTML Script tags, when they are not allowed.
#    HTML-Form     : inserting this will stop senders being warned about
#                    HTML Form tags, when they are not allowed.
#    Zip-Password  : inserting this will stop senders being warned about
#                    password-protected zip files, when they are not allowed.
#                    This keyword is not needed if you include All-Viruses.
#    All-Viruses   : inserting this will stop senders being warned about
#                    any virus, while still allowing you to warn senders
#                    about HTML-based attacks. This includes Zip-Password
#                    so you don't need to include both.
#
# The default of "All-Viruses" means that no senders of viruses will be
# notified (as the sender address is always forged these days anyway),
# but anyone who sends a message that is blocked for other reasons will
# still be notified.
#
# This can also be the filename of a ruleset.
Silent Viruses = HTML-IFrame All-Viruses

# Still deliver (after cleaning) messages that contained viruses listed
# in the above option ("Silent Viruses") to the recipient?
# Setting this to "yes" is good when you are testing everything, and
# because it shows management that MailScanner is protecting them,
# but it is bad because they have to filter/delete all the incoming virus
# warnings.
#
# Note: Once you have deployed this into "production" use, you should set
# Note: this option to "no" so you don't bombard thousands of people with
# Note: useless messages they don't want!
#
# This can also be the filename of a ruleset.
Still Deliver Silent Viruses = no

# Strings listed here will be searched for in the output of the virus scanners.
# It works to achieve the opposite effect of the "Silent Viruses" listed above.
# If a string here is found in the output of the virus scanners, then the
# message will be treated as if it were not infected with a "Silent Virus".
# If a message is detected as both a silent virus and a non-forging virus,
# then the ___non-forging status will override the silent status.___
# In simple terms, you should list virus names (or parts of them) that you
# know do *not* forge the From address.
# A good example of this is a document macro virus or a Joke program.
# Another word that can be put in this list is the special keyword
#    Zip-Password  : inserting this will cause senders to be warned about
#                    password-protected zip files, when they are not allowed.
#                    This will over-ride the All-Viruses setting in the list
#                    of "Silent Viruses" above.
#
Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ eicar

# Should encrypted messages be blocked?
# This is useful if you are wary about your users sending encrypted
# messages to your competition.
# This can be a ruleset so you can block encrypted message to certain domains.
Block Encrypted Messages = no

# Should unencrypted messages be blocked?
# This could be used to ensure all your users send messages outside your
# company encrypted to avoid snooping of mail to your business partners.
# This can be a ruleset so you can just check mail to certain users/domains.
Block Unencrypted Messages = no

# Should archives which contain any password-protected files be allowed?
# Leaving this set to "no" is a good way of protecting against all the
# protected zip files used by viruses at the moment.
# This can also be the filename of a ruleset.
Allow Password-Protected Archives = no

#
# Options specific to Sophos Anti-Virus
# -------------------------------------
#

# Anything on the next line that appears in brackets at the end of a line
# of output from Sophos will cause the error/infection to be ignored.
# Use of this option is dangerous, and should only be used if you are having
# trouble with lots of corrupt PDF files, for example.
# If you need to specify more than 1 string to find in the error message,
# then put each string in quotes and separate them with a comma.
# For example:
#Allowed Sophos Error Messages = "corrupt", "format not supported", "File was encrypted"
Allowed Sophos Error Messages =

# The directory (or a link to it) containing all the Sophos *.ide files.
# This is only used by the "sophossavi" virus scanner, and is irrelevant
# for all other scanners.
Sophos IDE Dir = /usr/local/Sophos/ide

# The directory (or a link to it) containing all the Sophos *.so libraries.
# This is only used by the "sophossavi" virus scanner, and is irrelevant
# for all other scanners.
Sophos Lib Dir = /usr/local/Sophos/lib

# SophosSAVI only: monitor each of these files for changes in size to
# detect when a Sophos update has happened. The date of the Sophos Lib Dir
# is also monitored.
# This is only used by the "sophossavi" virus scanner, not the "sophos"
# scanner setting.
Monitors For Sophos Updates = /usr/local/Sophos/ide/*ides.zip

#
# Options specific to ClamAV Anti-Virus
# -------------------------------------
#

# ClamAVModule only: monitor each of these files for changes in size to
# detect when a ClamAV update has happened.
# This is only used by the "clamavmodule" virus scanner, not the "clamav"
# scanner setting.
Monitors for ClamAV Updates = /usr/local/share/clamav/*.cvd

# ClamAVModule only: set limits when scanning for viruses.
#
# The maximum recursion level of archives,
# The maximum number of files per batch,
# The maximum file of each file,
# The maximum compression ratio of archive.
# These settings *cannot* be the filename of a ruleset, only a simple number.
ClamAVmodule Maximum Recursion Level = 8
ClamAVmodule Maximum Files = 1000
ClamAVmodule Maximum File Size = 10000000 # (10 Mbytes)
ClamAVmodule Maximum Compression Ratio = 250

#
# Removing/Logging dangerous or potentially offensive content
# -----------------------------------------------------------
#

# Do you want to scan the messages for potentially dangerous content?
# Setting this to "no" will disable all the content-based checks except
# Virus Scanning, Allow Partial Messages and Allow External Message Bodies.
# This can also be the filename of a ruleset.
Dangerous Content Scanning = no

# Do you want to allow partial messages, which only contain a fraction of
# the attachments, not the whole thing? There is absolutely no way to
# scan these "partial messages" properly for viruses, as MailScanner never
# sees all of the attachment at the same time. Enabling this option can
# allow viruses through. You have been warned.
# This can also be the filename of a ruleset so you can, for example, allow
# them in outgoing mail but not in incoming mail.
Allow Partial Messages = no

# Do you want to allow messages whose body is stored somewhere else on the
# internet, which is downloaded separately by the user's email package?
# There is no way to guarantee that the file fetched by the user's email
# package is free from viruses, as MailScanner never sees it.
# This feature is dangerous as it can allow viruses to be fetched from
# other Internet sites by a user's email package. The user would just
# think it was a normal email attachment and would have been scanned by
# MailScanner.
# It is only currently supported by Netscape 6 anyway, and the only people
# who it are the IETF. So I would strongly advise leaving this switched off.
# This can also be the filename of a ruleset.
Allow External Message Bodies = no

# Do you want to check for "Phishing" attacks?
# These are attacks that look like a genuine email message from your bank,
# which contain a link to click on to take you to the web site where you
# will be asked to type in personal information such as your account number
# or credit card details.
# Except it is not the real bank's web site at all, it is a very good copy
# of it run by thieves who want to steal your personal information or
# credit card details.
# These can be spotted because the real address of the link in the message
# is not the same as the text that appears to be the link.
# Note: This does cause extra load, particularly on systems receiving lots
#       of spam such as secondary MX hosts.
# This can also be the filename of a ruleset.
Find Phishing Fraud = no

# While detecting "Phishing" attacks, do you also want to point out links
# to numeric IP addresses. Genuine links to totally numeric IP addresses
# are very rare, so this option is set to "yes" by default. If a numeric
# IP address is found in a link, the same phishing warning message is used
# as in the Find Phishing Fraud option above.
# This can also be the filename of a ruleset.
Also Find Numeric Phishing = no

# If a phishing fraud is detected, do you want to highlight the tag with
# a message stating that the link may be to a fraudulent web site.
# This can also be the filename of a ruleeset.
Highlight Phishing Fraud = no

# There are some companies, such as banks, that insist on sending out
# email messages with links in them that are caught by the "Find Phishing
# Fraud" test described above.
# This is the name of a file which contains a list of link destinations
# which should be ignored in the test. This may, for example, contain
# the known websites of some banks.
# See the file itself for more information.
# This can only be the name of the file containing the list, it *cannot*
# be the filename of a ruleset.
Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf

# Do you want to allow <IFrame> tags in email messages? This is not a good
# idea as it allows various Microsoft Outlook security vulnerabilities to
# remain unprotected, but if you have a load of mailing lists sending them,
# then you will want to allow them to keep your users happy.
# Value: yes     => Allow these tags to be in the message
#        no      => Ban messages containing these tags
#        disarm  => Allow these tags, but stop these tags from working
# This can also be the filename of a ruleset, so you can allow them from
# known mailing lists but ban them from everywhere else.
Allow IFrame Tags = yes

# Do you want to allow <Form> tags in email messages? This is a bad idea
# as these are used as scams to pursuade people to part with credit card
# information and other personal data.
# Value: yes     => Allow these tags to be in the message
#        no      => Ban messages containing these tags
#        disarm  => Allow these tags, but stop these tags from working
#                   Note: Disarming can be defeated, it is not 100% safe!
# This can also be the filename of a ruleset.
Allow Form Tags = yes

# Do you want to allow <Script> tags in email messages? This is a bad idea
# as these are used to exploit vulnerabilities in email applications and
# web browsers.
# Value: yes     => Allow these tags to be in the message
#        no      => Ban messages containing these tags
#        disarm  => Allow these tags, but stop these tags from working
#                   Note: Disarming can be defeated, it is not 100% safe!
# This can also be the filename of a ruleset.
Allow Script Tags = yes

# Do you want to allow <Img> tags with very small images in email messages?
# This is a bad idea as these are used as 'web bugs' to find out if a message
# has been read. It is not dangerous, it is just used to make you give away
# information.
# Value: yes     => Allow these tags to be in the message
#        disarm  => Allow these tags, but stop these tags from working
#                   Note: Disarming can be defeated, it is not 100% safe!
# Note: You cannot block messages containing web bugs as their detection
#       is very vulnerable to false alarms.
# This can also be the filename of a ruleset.
Allow WebBugs = yes

# Do you want to allow <Object Codebase=...> or <Object Data=...> tags
# in email messages?
# This is a bad idea as it leaves you unprotected against various
# Microsoft-specific security vulnerabilities. But if your users demand
# it, you can do it.
# Value: yes     => Allow these tags to be in the message
#        no      => Ban messages containing these tags
#        disarm  => Allow these tags, but stop these tags from working
# This can also be the filename of a ruleset, so you can allow them just
# for specific users or domains.
Allow Object Codebase Tags = yes

# This option interacts with the "Allow ... Tags" options above like this:
#
# Allow...Tags    Convert Danger...    Action Taken on HTML Message
# ============    =================    ============================
#    no              no                Blocked
#    no              yes               Blocked
#    disarm          no                Specified HTML tags disarmed
#    disarm          yes               Specified HTML tags disarmed
#    yes             no                Nothing, allowed to pass
#    yes             yes               All HTML tags stripped
#
# If an "Allow ... Tags = yes" is triggered by a message, and this
# "Convert Dangerous HTML To Text" is set to "yes", then the HTML
# message will be converted to plain text.  This makes the HTML
# harmless, while still allowing your users to see the text content
# of the messages.  Note that all graphical content will be removed.
#
# This can also be the filename of a ruleset, so you can make this apply
# only to specific users or domains.
Convert Dangerous HTML To Text = no

# Do you want to convert all HTML messages into plain text?
# This is very useful for users who are children or are easily offended
# by nasty things like pornographic spam.
# This can also be the filename of a ruleset, so you can switch this
# feature on and off for particular users or domains.
Convert HTML To Text = no

#
# Attachment Filename Checking
# ----------------------------
#

# Set where to find the attachment filename ruleset.
# The structure of this file is explained elsewhere, but it is used to
# accept or reject file attachments based on their name, regardless of
# whether they are infected or not.
#
# This can also point to a ruleset, but the ruleset filename must end in
# ".rules" so that MailScanner can determine if the filename given is
# a ruleset or not!
Filename Rules = %etc-dir%/filename.rules.conf

# Set where to find the attachment filetype ruleset.
# The structure of this file is explained elsewhere, but it is used to
# accept or reject file attachments based on their content as determined
# by the "file" command, regardless of whether they are infected or not.
#
# This can also point to a ruleset, but the ruleset filename must end in
# ".rules" so that MailScanner can determine if the filename given is
# a ruleset or not!
#
# To disable this feature, set this to just "Filetype Rules =" or set
# the location of the file command to a blank string.
Filetype Rules = %etc-dir%/filetype.rules.conf

#
# Reports and Responses
# ---------------------
#

# Do you want to store copies of the infected attachments and messages?
# This can also be the filename of a ruleset.
Quarantine Infections = yes

# There is no point quarantining most viruses these days as the infected
# messages contain no useful content, so if you set this to "no" then no
# infections listed in your "Silent Viruses" setting will be quarantined,
# even if you have chosen to quarantine infections in general. This is
# currently set to "yes" so the behaviour is the same as it was in
# previous versions.
# This can also be the filename of a ruleset.
Quarantine Silent Viruses = no

# Do you want to store copies of messages which have been disarmed by
# having their HTML modified at all?
# This can also be the filename of a ruleset.
Quarantine Modified Body = no

# Do you want to quarantine the original *entire* message as well as
# just the infected attachments?
# This can also be the filename of a ruleset.
Quarantine Whole Message = no

# When you quarantine an entire message, do you want to store it as
# raw mail queue files (so you can easily send them onto users) or
# as human-readable files (header then body in 1 file)?
Quarantine Whole Messages As Queue Files = no

# Do you want to stop any virus-infected spam getting into the spam or MCP
# archives? If you have a system where users can release messages from the
# spam or MCP archives, then you probably want to stop them being able to
# release any infected messages, so set this to yes.
# It is set to no by default as it causes a small hit in performance, and
# many people don't allow users to access the spam quarantine, so don't
# need it.
# This can also be the filename of a ruleset.
Keep Spam And MCP Archive Clean = no

# Set where to find all the strings used so they can be translated into
# your local language.
# This can also be the filename of a ruleset so you can produce different
# languages for different messages.
Language Strings = %report-dir%/languages.conf

# Set where to find the message text sent to users who triggered the ruleset
# you are using with the "Reject Message" option.
Rejection Report = %report-dir%/rejection.report.txt

# Set where to find the message text sent to users when one of their
# attachments has been deleted from a message.
# These can also be the filenames of rulesets.
Deleted Bad Content Message Report  = %report-dir%/deleted.content.message.txt
Deleted Bad Filename Message Report = %report-dir%/deleted.filename.message.txt
Deleted Virus Message Report        = %report-dir%/deleted.virus.message.txt

# Set where to find the message text sent to users when one of their
# attachments has been deleted from a message and stored in the quarantine.
# These can also be the filenames of rulesets.
Stored Bad Content Message Report  = %report-dir%/stored.content.message.txt
Stored Bad Filename Message Report = %report-dir%/stored.filename.message.txt
Stored Virus Message Report        = %report-dir%/stored.virus.message.txt

# Set where to find the message text sent to users explaining about the
# attached disinfected documents.
# This can also be the filename of a ruleset.
Disinfected Report = %report-dir%/disinfected.report.txt

# Set where to find the HTML and text versions that will be added to the
# end of all clean messages, if "Sign Clean Messages" is set.
# These can also be the filenames of rulesets.
Inline HTML Signature = %report-dir%/inline.sig.html
Inline Text Signature = %report-dir%/inline.sig.txt

# Set where to find the HTML and text versions that will be inserted at
# the top of messages that have had viruses removed from them.
# These can also be the filenames of rulesets.
Inline HTML Warning = %report-dir%/inline.warning.html
Inline Text Warning = %report-dir%/inline.warning.txt

# Set where to find the messages that are delivered to the sender, when they
# sent an email containing either an error, banned content, a banned filename
# or a virus infection.
# These can also be the filenames of rulesets.
Sender Content Report        = %report-dir%/sender.content.report.txt
Sender Error Report        = %report-dir%/sender.error.report.txt
Sender Bad Filename Report = %report-dir%/sender.filename.report.txt
Sender Virus Report        = %report-dir%/sender.virus.report.txt

# Hide the directory path from all virus scanner reports sent to users.
# The extra directory paths give away information about your setup, and
# tend to just confuse users.
# This can also be the filename of a ruleset.
Hide Incoming Work Dir = yes

# Include the name of the virus scanner in each of the scanner reports.
# This also includes the translation of "MailScanner" in each of the report
# lines resulting from one of MailScanner's own checks such as filename,
# filetype or dangerous HTML content. To change the name "MailScanner", look
# in reports/...../languages.conf.
#
# Very useful if you use several virus scanners, but a bad idea if you
# don't want to let your customers know which scanners you use.
Include Scanner Name In Reports = yes

#
# Changes to Message Headers
# --------------------------
#

# Add this extra header to all mail as it is processed.
# This *must* include the colon ":" at the end.
# This can also be the filename of a ruleset.
Mail Header = X-%org-name%-MailScanner:

# Add this extra header to all messages found to be spam.
# This can also be the filename of a ruleset.
Spam Header = X-%org-name%-MailScanner-SpamCheck:

# Add this extra header if "Spam Score" = yes. The header will
# contain 1 character for every point of the SpamAssassin score.
Spam Score Header = X-%org-name%-MailScanner-SpamScore:

# Add this extra header to all mail as it is processed.
# The contents is set by "Information Header Value" and is intended for
# you to be able to insert a help URL for your users.
# If you don't want an information header at all, just comment out this
# setting or set it to be blank.
# This can also be the filename of a ruleset.
Information Header = X-%org-name%-MailScanner-Information:

# Do you want to add the Envelope-From: header?
# This is very useful for tracking where spam came from as it
# contains the envelope sender address.
# This can also be the filename of a ruleset.
Add Envelope From Header = yes

# Do you want to add the Envelope-To: header?
# This can be useful for tracking spam destinations, but should be
# used with care due to possible privacy concerns with the use of
# Bcc: headers by users.
# This can also be the filename of a ruleset.
Add Envelope To Header = no

# This is the name of the Envelope From header
# controlled by the option above.
# This can also be the filename of a ruleset.
Envelope From Header = X-%org-name%-MailScanner-From:

# This is the name of the Envelope To header
# controlled by the option above.
# This can also be the filename of a ruleset.
Envelope To Header = X-%org-name%-MailScanner-To:

# The character to use in the "Spam Score Header".
# Don't use: x as a score of 3 is "xxx" which the users will think is porn,
#            # as it will cause confusion with comments in procmail as well
#              as MailScanner itself,
#            * as it will cause confusion with pattern matches in procmail,
#            . as it will cause confusion with pattern matches in procmail,
#            ? as it will cause the users to think something went wrong.
# "s" is nice and safe and stands for "spam".
Spam Score Character = s

# If this option is set to yes, you will get a spam-score header saying just
# the value of the spam score, instead of the row of characters representing
# the score.
# This can also be the filename of a ruleset.
SpamScore Number Instead Of Stars = no

# This sets the minimum number of "Spam Score Characters" which will appear
# if a message triggered the "Spam List" setting but received a very low
# SpamAssassin score. This means that people who only filter on the "Spam
# Stars" will still be able to catch messages which receive a very low
# SpamAssassin score. Set this value to 0 to disable it.
# This can also be the filename of a ruleset.
Minimum Stars If On Spam List = 0

# Set the "Mail Header" to these values for clean/infected/disinfected messages.
# This can also be the filename of a ruleset.
Clean Header Value       = Found to be clean
Infected Header Value    = Found to be infected
Disinfected Header Value = Disinfected

# Set the "Information Header" to this value.
# This can also be the filename of a ruleset.
Information Header Value = Please contact the ISP for more information

# Do you want the full spam report, or just a simple "spam / not spam" report?
Detailed Spam Report = yes

# Do you want to include the numerical scores in the detailed SpamAssassin
# report, or just list the names of the scores
Include Scores In SpamAssassin Report = yes

# Do you want to always include the Spam Report in the SpamCheck
# header, even if the message wasn't spam?
# This can also be the filename of a ruleset.
Always Include SpamAssassin Report = no

# What to do when you get several MailScanner headers in one message,
# from multiple MailScanner servers. Values are
#      "append"  : Append the new data to the existing header
#      "add"     : Add a new header
#      "replace" : Replace the old data with the new data
# Default is "append"
# This can also be the filename of a ruleset.
Multiple Headers = append

# Name of this host, or a name like "the MailScanner" if you want to hide
# the real hostname. It is used in the Help Desk note contained in the
# virus warnings sent to users.
# Remember you can use $HOSTNAME in here, so you might want to set it to
# Hostname = the %org-name% ($HOSTNAME) MailScanner
# This can also be the filename of a ruleset.
Hostname = the %org-name% ($HOSTNAME) MailScanner

# If this is "no", then (as far as possible) messages which have already
# been processed by another MailScanner server will not have the clean
# signature added to the message. This prevents messages getting many
# copies of the signature as they flow through your site.
# This can also be the filename of a ruleset.
Sign Messages Already Processed = yes

# Add the "Inline HTML Signature" or "Inline Text Signature" to the end
# of uninfected messages?
# This can also be the filename of a ruleset.
Sign Clean Messages = /etc/MailScanner/rules/sign.rules

# Add the "Inline HTML Warning" or "Inline Text Warning" to the top of
# messages that have had attachments removed from them?
# This can also be the filename of a ruleset.
Mark Infected Messages = no

# When a message is to not be virus-scanned (which may happen depending
# upon the setting of "Virus Scanning", especially if it is a ruleset),
# do you want to add the header advising the users to get their email
# virus-scanned by you?
# Very good for advertising your MailScanning service and encouraging
# users to give you some more money and sign up to virus scanning.
# This can also be the filename of a ruleset.
Mark Unscanned Messages = no

# This is the text used by the "Mark Unscanned Messages" option above.
# This can also be the filename of a ruleset.
Unscanned Header Value = Not scanned: please contact your Internet E-Mail Service Provider for details

# If any of these headers are included in a a message, they will be deleted.
# This is very useful for removing return-receipt requests and any headers
# which mean special things to your email client application.
# X-Mozilla-Status is bad as it allows spammers to make a message appear to
# have already been read, which is believed to bypass some naive spam
# filtering systems.
# Receipt requests are bad as they give any attacker confirmation that an
# account is active and being read. You don't want this sort of information
# to leak outside your corporation. So you might want to remove
#     Disposition-Notification-To and Return-Receipt-To.
# If you are having problems with duplicate message-id headers when you
# release spam from the quarantine and send it to an Exchange server, then add
#     Message-Id.
# Each header should end in a ":", but MailScanner will add it if you forget.
# Headers should be separated by commas or spaces.
# This can also be the filename of a ruleset.
Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2:

# Do you want to deliver messages once they have been cleaned of any
# viruses?
# By making this a ruleset, you can re-create the "Deliver From Local"
# facility of previous versions.
Deliver Cleaned Messages = yes

#
# Notifications back to the senders of blocked messages
# -----------------------------------------------------
#

# Do you want to notify the people who sent you messages containing
# viruses or badly-named filenames?
# This can also be the filename of a ruleset.
Notify Senders = yes

# *If* "Notify Senders" is set to yes, do you want to notify people
# who sent you messages containing viruses?
# The default value has been changed to "no" as most viruses now fake
# sender addresses and therefore should be on the "Silent Viruses" list.
# This can also be the filename of a ruleset.
Notify Senders Of Viruses = no

# *If* "Notify Senders" is set to yes, do you want to notify people
# who sent you messages containing attachments that are blocked due to
# their filename or file contents?
# This can also be the filename of a ruleset.
Notify Senders Of Blocked Filenames Or Filetypes = yes

# *If* "Notify Senders" is set to yes, do you want to notify people
# who sent you messages containing other blocked content, such as
# partial messages or messages with external bodies?
# This can also be the filename of a ruleset.
Notify Senders Of Other Blocked Content = yes

# If you supply a space-separated list of message "precedence" settings,
# then senders of those messages will not be warned about anything you
# rejected. This is particularly suitable for mailing lists, so that any
# MailScanner responses do not get sent to the entire list.
Never Notify Senders Of Precedence = list bulk

#
# Changes to the Subject: line
# ----------------------------
#

# When the message has been scanned but no other subject line changes
# have happened, do you want modify the subject line?
# This can be 1 of 3 values:
#      no    = Do not modify the subject line, or
#      start = Add text to the start of the subject line, or
#      end   = Add text to the end of the subject line.
# This makes very good advertising of your MailScanning service.
# This can also be the filename of a ruleset.
Scanned Modify Subject = no # end

# This is the text to add to the start/end of the subject line if the
# "Scanned Modify Subject" option is set.
# This can also be the filename of a ruleset.
Scanned Subject Text = {Scanned}

# If the message contained a virus, do you want to modify the subject line?
# This makes filtering in Outlook very easy.
# This can also be the filename of a ruleset.
Virus Modify Subject = yes

# This is the text to add to the start of the subject if the
# "Virus Modify Subject" option is set.
# This can also be the filename of a ruleset.
Virus Subject Text = {Virus?}

# If an attachment triggered a filename check, but there was nothing
# else wrong with the message, do you want to modify the subject line?
# This makes filtering in Outlook very easy.
# This can also be the filename of a ruleset.
Filename Modify Subject = yes

# This is the text to add to the start of the subject if the
# "Filename Modify Subject" option is set.
# You might want to change this so your users can see at a glance
# whether it just was just the filename that MailScanner rejected.
# This can also be the filename of a ruleset.
Filename Subject Text = {Filename?}

# If an attachment triggered a content check, but there was nothing
# else wrong with the message, do you want to modify the subject line?
# This makes filtering in Outlook very easy.
# This can also be the filename of a ruleset.
Content Modify Subject = no

# This is the text to add to the start of the subject if the
# "Content Modify Subject" option is set.
# You might want to change this so your users can see at a glance
# whether it just was just the content that MailScanner rejected.
# This can also be the filename of a ruleset.
Content Subject Text = {Dangerous Content?}

# If HTML tags in the message were "disarmed" by using the HTML "Allow"
# options above with the "disarm" settings, do you want to modify the
# subject line?
# This can also be the filename of a ruleset.
Disarmed Modify Subject = yes

# This is the text to add to the start of the subject if the
# "Disarmed Modify Subject" option is set.
# This can also be the filename of a ruleset.
Disarmed Subject Text = {Disarmed}

# If a potential phishing attack is found in the message, do you want to
# modify the subject line?
# This can also be the filename of a ruleset.
Phishing Modify Subject = no

# This is the text to add to the start of the subject if the "Phishing
# Modify Subhect" option is set.
# This can also be the filename of a ruleset.
Phishing Subject Text = {Fraud?}

# If the message is spam, do you want to modify the subject line?
# This makes filtering in Outlook very easy.
# This can also be the filename of a ruleset.
Spam Modify Subject = no

# This is the text to add to the start of the subject if the
# "Spam Modify Subject" option is set.
# The exact string "_SCORE_" will be replaced by the numeric
# SpamAssassin score.
# The exact string "_STARS_" will be replaced by a row of stars
# whose length is the SpamAssassin score.
# This can also be the filename of a ruleset.
Spam Subject Text = {Spam?}

# This is just like the "Spam Modify Subject" option above, except that
# it applies when the score from SpamAssassin is higher than the
# "High SpamAssassin Score" value.
# This can also be the filename of a ruleset.
High Scoring Spam Modify Subject = yes

# This is just like the "Spam Subject Text" option above, except that
# it applies when the score from SpamAssassin is higher than the
# "High SpamAssassin Score" value.
# The exact string "_SCORE_" will be replaced by the numeric
# SpamAssassin score.
# The exact string "_STARS_" will be replaced by a row of stars
# whose length is the SpamAssassin score.
# This can also be the filename of a ruleset.
High Scoring Spam Subject Text = {Spam?}

#
# Changes to the Message Body
# ---------------------------
#

# When a virus or attachment is replaced by a plain-text warning,
# should the warning be in an attachment? If "no" then it will be
# placed in-line. This can also be the filename of a ruleset.
Warning Is Attachment = no

# When a virus or attachment is replaced by a plain-text warning,
# and that warning is an attachment, this is the filename of the
# new attachment.
# This can also be the filename of a ruleset.
Attachment Warning Filename = %org-name%-Attachment-Warning.txt

# What character set do you want to use for the attachment that
# replaces viruses (VirusWarning.txt)?
# The default is ISO-8859-1 as even Americans have to talk to the
# rest of the world occasionally :-)
# This can also be the filename of a ruleset.
Attachment Encoding Charset = ISO-8859-1

#
# Mail Archiving and Monitoring
# -----------------------------
#

# Space-separated list of any combination of
# 1. email addresses to which mail should be forwarded,
# 2. directory names where you want mail to be stored,
# 3. file names (they must already exist!) to which mail will be appended
#    in "mbox" format suitable for most Unix mail systems.
#
# Any of the items above can contain the magic string _DATE_ in them
# which will be replaced with the current date in yyyymmdd format.
# This will make archive-rolling and maintenance much easier, as you can
# guarantee that yesterday's mail archive will not be in active use today.
#
# If you give this option a ruleset, you can control exactly whose mail
# is archived or forwarded. If you do this, beware of the legal implications
# as this could be deemed to be illegal interception unless the police have
# asked you to do this.
#
# Note: This setting still works even if "Scan Messages" is no.
#
#Archive Mail = /var/spool/MailScanner/archive
Archive Mail =

#
# Notices to System Administrators
# --------------------------------
#

# Notify the local system administrators ("Notices To") when any infections
# are found?
# This can also be the filename of a ruleset.
Send Notices = yes

# Include the full headers of each message in the notices sent to the local
# system administrators?
# This can also be the filename of a ruleset.
Notices Include Full Headers = yes

# Hide the directory path from all the system administrator notices.
# The extra directory paths give away information about your setup, and
# tend to just confuse users but are still useful for local sys admins.
# This can also be the filename of a ruleset.
Hide Incoming Work Dir in Notices = no

# What signature to add to the bottom of the notices.
# To insert a line-break in there, use the sequence "\n".
Notice Signature = -- \nMailScanner\nEmail Virus Scanner\nwww.mailscanner.info

# The visible part of the email address used in the "From:" line of the
# notices. The <user@domain> part of the email address is set to the
# "Local Postmaster" setting.
Notices From = MailScanner

# Where to send the notices.
# This can also be the filename of a ruleset.
Notices To = postmaster

# Address of the local Postmaster, which is used as the "From" address in
# virus warnings sent to users.
# This can also be the filename of a ruleset.
Local Postmaster = postmaster

#
# Spam Detection and Virus Scanner Definitions
# --------------------------------------------
#

# This is the name of the file that translates the names of the "Spam List"
# values to the real DNS names of the spam blacklists.
Spam List Definitions = %etc-dir%/spam.lists.conf

# This is the name of the file that translates the names of the virus
# scanners into the commands that have to be run to do the actual scanning.
Virus Scanner Definitions = %etc-dir%/virus.scanners.conf

#
# Spam Detection and Spam Lists (DNS blocklists)
# ----------------------------------------------
#

# Do you want to check messages to see if they are spam?
# Note: If you switch this off then *no* spam checks will be done at all.
#       This includes both MailScanner's own checks and SpamAssassin.
#       If you want to just disable the "Spam List" feature then set
#       "Spam List =" (i.e. an empty list) in the setting below.
# This can also be the filename of a ruleset.
Spam Checks = yes

# This is the list of spam blacklists (RBLs) which you are using.
# See the "Spam List Definitions" file for more information about what
# you can put here.
# This can also be the filename of a ruleset.
Spam List = # ORDB-RBL SBL+XBL # You can un-comment this to enable them

# This is the list of spam domain blacklists which you are using
# (such as the "rfc-ignorant" domains). See the "Spam List Definitions"
# file for more information about what you can put here.
# This can also be the filename of a ruleset.
Spam Domain List =

# If a message appears in at least this number of "Spam Lists" (as defined
# above), then the message will be treated as spam and so the "Spam
# Actions" will happen, unless the message reaches the levels for "High
# Scoring Spam". By default this is set to 1 to mimic the previous
# behaviour, which means that appearing in any "Spam Lists" will cause
# the message to be treated as spam.
# This can also be the filename of a ruleset.
Spam Lists To Be Spam = 1

# If a message appears in at least this number of "Spam Lists" (as defined
# above), then the message will be treated as "High Scoring Spam" and so
# the "High Scoring Spam Actions" will happen. You probably want to set
# this to 2 if you are actually using this feature. 5 is high enough that
# it will never happen unless you use lots of "Spam Lists".
# This can also be the filename of a ruleset.
Spam Lists To Reach High Score = 3

# If an individual "Spam List" or "Spam Domain List" check takes longer
# that this (in seconds), the check is abandoned and the timeout noted.
Spam List Timeout = 10

# The maximum number of timeouts caused by any individual "Spam List" or
# "Spam Domain List" before it is marked as "unavailable". Once marked,
# the list will be ignored until the next automatic re-start (see
# "Restart Every" for the longest time it will wait).
# This can also be the filename of a ruleset.
Max Spam List Timeouts = 7

# The total number of Spam List attempts during which "Max Spam List Timeouts"
# will cause the spam list fo be marked as "unavailable". See the previous
# comment for more information.
# The default values of 5 and 10 mean that 5 timeouts in any sequence of 10
# attempts will cause the list to be marked as "unavailable" until the next
# periodic restart (see "Restart Every").
Spam List Timeouts History = 10

# Spam Whitelist:
# Make this point to a ruleset, and anything in that ruleset whose value
# is "yes" will *never* be marked as spam.
# The whitelist check is done before the blacklist check. If anyone whitelists
# a message, then all recipients get the message. If no-one has whitelisted it,
# then the blacklist is checked.
# This setting over-rides the "Is Definitely Spam" setting.
# This can also be the filename of a ruleset.
#Is Definitely Not Spam = no
Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules

# Spam Blacklist:
# Make this point to a ruleset, and anything in that ruleset whose value
# is "yes" will *always* be marked as spam.
# This value can be over-ridden by the "Is Definitely Not Spam" setting.
# This can also be the filename of a ruleset.
Is Definitely Spam = no

# Setting this to yes means that spam found in the blacklist is treated
# as "High Scoring Spam" in the "Spam Actions" section below. Setting it
# to no means that it will be treated as "normal" spam.
# This can also be the filename of a ruleset.
Definite Spam Is High Scoring = no

# Spammers have learnt that they can get their message through by sending
# a message with lots of recipients, one of which chooses to whitelist
# everything coming to them, including the spammer.
# So if a message arrives with more than this number of recipients, ignore
# the "Is Definitely Not Spam" whitelist.
Ignore Spam Whitelist If Recipients Exceed = 20

#
# SpamAssassin
# ------------
#

# Do you want to find spam using the "SpamAssassin" package?
# This can also be the filename of a ruleset.
Use SpamAssassin = no

# SpamAssassin is not very fast when scanning huge messages, so messages
# bigger than this value will be truncated to this length for SpamAssassin
# testing. The original message will not be affected by this. This value
# is a good compromise as very few spam messages are bigger than this.
Max SpamAssassin Size = 30000

# This replaces the SpamAssassin configuration value 'required_hits'.
# If a message achieves a SpamAssassin score higher than this value,
# it is spam. See also the High SpamAssassin Score configuration option.
# This can also be the filename of a ruleset, so the SpamAssassin
# required_hits value can be set to different values for different messages.
Required SpamAssassin Score = 6

# If a message achieves a SpamAssassin score higher than this value,
# then the "High Scoring Spam Actions" are used. You may want to use
# this to deliver moderate scores, while deleting very high scoring messsages.
# This can also be the filename of a ruleset.
High SpamAssassin Score = 10

# Set this option to "yes" to enable the automatic whitelisting functions
# available within SpamAssassin. This will cause addresses from which you
# get real mail, to be marked so that it will never incorrectly spam-tag
# messages from those addresses.
# To disable whitelisting, you must set "use_auto_whitelist 0" in your
# spam.assassin.prefs.conf file as well as set this to no.
SpamAssassin Auto Whitelist = yes

# If SpamAssassin takes longer than this (in seconds), the check is
# abandoned and the timeout noted.
SpamAssassin Timeout = 75

# If SpamAssassin times out more times in a row than this, then it will be
# marked as "unavailable" until MailScanner next re-starts itself.
# This means that remote network failures causing SpamAssassin trouble will
# not mean your mail stops flowing.
Max SpamAssassin Timeouts = 10

# The total number of SpamAssassin attempts during which "Max SpamAssassin
# Timeouts" will cause SpamAssassin to be marked as "unavailable".
# See the previous comment for more information.
# The default values of 10 and 20 mean that 10 timeouts in any sequence of
# 20 attempts will trigger the behaviour described above, until the next
# periodic restart (see "Restart Every").
SpamAssassin Timeouts History = 30

# If the message sender is on any of the Spam Lists, do you still want
# to do the SpamAssassin checks? Setting this to "no" will reduce the load
# on your server, but will stop the High Scoring Spam Actions from ever
# happening.
# This can also be the filename of a ruleset.
Check SpamAssassin If On Spam List = yes

# Do you want to include the "Spam Score" header. This shows 1 character
# (Spam Score Character) for every point of the SpamAssassin score. This
# makes it very easy for users to be able to filter their mail using
# whatever SpamAssassin threshold they want. For example, they just look
# for "sssss" for every message whose score is > 5, for example.
# This can also be the filename of a ruleset.
Spam Score = yes

# If you are using the Bayesian statistics engine on a busy server,
# you may well need to force a Bayesian database rebuild and expiry
# at regular intervals. This is measures in seconds.
# 1 day = 86400 seconds.
# To disable this feature set this to 0.
Rebuild Bayes Every = 0

# The Bayesian database rebuild and expiry may take a 2 or 3 minutes
# to complete. During this time you can either wait, or simply
# disable SpamAssassin checks until it has completed.
Wait During Bayes Rebuild = no

#
# Custom Spam Scanner Plugin
# --------------------------
#

# Use the Custom Spam Scanner. This is code you will have to write yourself,
# a function called "GenericSpamScanner" stored in the file
# MailScanner/lib/MailScanner/CustomFunctions/GenericSpamScanner.pm
# It will be passed
#  $IP      - the numeric IP address of the system on the remote end
#             of the SMTP connections
#  $From    - the address of the envelope sender of the message
#  $To      - a perl reference to the envelope recipients of the message
#  $Message - a perl reference to the list of line of the message
# A sample function is given in the correct file in the distribution.
# This sample function also includes code to show you how to make it run
# an external program to produce a spam score.
# This can also be the filename of a ruleset.
Use Custom Spam Scanner = no

# How much of the message should be passed tot he Custom Spam Scanner.
# Most spam tools only need the first 20kbytes of the message to determine
# if it is spam or not. Passing more than is necessary only slows things
# down.
# This can also be the filename of a ruleset.
Max Custom Spam Scanner Size = 20000

# How long should the custom spam scanner take to run? If it takes more
# seconds than this, then it should be considered to have crashed and
# should be killed. This stops denial-of-service attacks.
Custom Spam Scanner Timeout = 20

# If the Custom Spam Scanner times out more times in a row than this,
# then it will be marked as "unavailable" until MailScanner next re-
# starts itself.
Max Custom Spam Scanner Timeouts = 10

# The total number of Custom Spam Scanner attempts during which "Max
# Custom Spam Scanner Timeouts" will cause the Custom Spam Scanner to
# be marked as "unavailable". See the previous comment for more information.
# The default values of 10 and 20 mean that 10 timeouts in any sequence of
# 20 attempts will trigger the behaviour described above, until the next
# periodic restart (see "Restart Every").
Custom Spam Scanner Timeout History = 20

#
# What to do with spam
# --------------------
#

# This is a list of actions to take when a message is spam.
# It can be any combination of the following:
#    deliver                 - deliver the message as normal
#    delete                  - delete the message
#    store                   - store the message in the quarantine
#    bounce                  - send a rejection message back to the sender
#    forward user@domain.com - forward a copy of the message to user@domain.com
#    striphtml               - convert all in-line HTML content to plain text.
#                              You need to specify "deliver" as well for the
#                              message to reach the original recipient.
#    attachment              - Convert the original message into an attachment
#                              of the message. This means the user has to take
#                              an extra step to open the spam, and stops "web
#                              bugs" very effectively.
#    notify                  - Send the recipients a short notification that
#                              spam addressed to them was not delivered. They
#                              can then take action to request retrieval of
#                              the original message if they think it was not
#                              spam.
#    header "name: value"    - Add the header
#                                name: value
#                              to the message. name must not contain any spaces.
#
# This can also be the filename of a ruleset, in which case the filename
# must end in ".rule" or ".rules".
#Spam Actions = store forward anonymous@ecs.soton.ac.uk
Spam Actions = deliver

# This is just like the "Spam Actions" option above, except that it applies
# when the score from SpamAssassin is higher than the "High SpamAssassin Score"
# value.
#    deliver                 - deliver the message as normal
#    delete                  - delete the message
#    store                   - store the message in the quarantine
#    forward user@domain.com - forward a copy of the message to user@domain.com
#    striphtml               - convert all in-line HTML content to plain text.
#                              You need to specify "deliver" as well for the
#                              message to reach the original recipient.
#    attachment              - Convert the original message into an attachment
#                              of the message. This means the user has to take
#                              an extra step to open the spam, and stops "web
#                              bugs" very effectively.
#    notify                  - Send the recipients a short notification that
#                              spam addressed to them was not delivered. They
#                              can then take action to request retrieval of
#                              the original message if they think it was not
#                              spam.
#    header "name: value"    - Add the header
#                                name: value
#                              to the message. name must not contain any spaces.
#
# This can also be the filename of a ruleset, in which case the filename
# must end in ".rule" or ".rules".
High Scoring Spam Actions = deliver

# This is just like the "Spam Actions" option above, except that it applies
# to messages that are *NOT* spam.
#    deliver                 - deliver the message as normal
#    delete                  - delete the message
#    store                   - store the message in the quarantine
#    forward user@domain.com - forward a copy of the message to user@domain.com
#    striphtml               - convert all in-line HTML content to plain text
#    header "name: value"    - Add the header
#                                name: value
#                              to the message. name must not contain any spaces.
#
# This can also be the filename of a ruleset, in which case the filename
# must end in ".rule" or ".rules".
Non Spam Actions = deliver

# There are 3 reports:
#   Sender Spam Report         -  sent when a message triggers both a Spam
#                                 List and SpamAssassin,
#   Sender Spam List Report    -  sent when a message triggers a Spam List,
#   Sender SpamAssassin Report -  sent when a message triggers SpamAssassin.
#
# These can also be the filenames of rulesets.
Sender Spam Report         = %report-dir%/sender.spam.report.txt
Sender Spam List Report    = %report-dir%/sender.spam.rbl.report.txt
Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt

# If you use the 'attachment' Spam Action or High Scoring Spam Action
# then this is the location of inline spam report that is inserted at
# the top of the message.
Inline Spam Warning = %report-dir%/inline.spam.warning.txt

# If you use the 'notify' Spam Action or High Scoring Spam Action then
# this is the location of the notification message that is sent to the
# original recipients of the message.
Recipient Spam Report = %report-dir%/recipient.spam.report.txt

# You can use this ruleset to enable the "bounce" Spam Action.
# You must *only* enable this for mail from sites with which you have
# agreed to bounce possible spam. Use it on low-scoring spam only (<10)
# and only to your regular customers for use in the rare case that a
# message is mis-tagged as spam when it shouldn't have been.
# Beware that many sites will automatically delete the bounce messages
# created by using this option unless you have agreed this with them in
# advance.
# If you enable this, be prepared to handle the irate responses from
# people to whom you are essentially sending more spam!
Enable Spam Bounce = %rules-dir%/bounce.rules

# When you bounce a spam message back to the sender, do you want to
# encapsulate it in another message, rather like the "attachment" option
# when delivering spam to the original recipient?
# NOTE: If you enable this option, be sure to whitelist your local server
#       ie. 127.0.0.1 as otherwise the spam bounce message will be detected
#       as spam again, which will cause another spam bounce and so on
#       until your mail queues fill up and your server crashes!
# This can also be the filename of a ruleset.
Bounce Spam As Attachment = no

#
# Logging
# -------
#

# This is the syslog "facility" name that MailScanner uses. If you don't
# know what a syslog facility name is, then either don't change this value
# or else go and read "man syslog.conf". The default value of "mail" will
# cause the MailScanner logs to go into the same place as all your other
# mail logs.
Syslog Facility = mail

# Do you want to log the processing speed for each section of the code
# for a batch? This can be very useful for diagnosing speed problems,
# particularly in spam checking.
Log Speed = no

# Do you want all spam to be logged? Useful if you want to gather
# spam statistics from your logs, but can increase the system load quite
# a bit if you get a lot of spam.
Log Spam = no

# Do you want all non-spam to be logged? Useful if you want to see
# all the SpamAssassin reports of mail that was marked as non-spam.
# Note: It will generate a lot of log traffic.
Log Non Spam = no

# Log all the filenames that are allowed by the Filename Rules, or just
# the filenames that are denied?
# This can also be the filename of a ruleset.
Log Permitted Filenames = no

# Log all the filenames that are allowed by the Filetype Rules, or just
# the filetypes that are denied?
# This can also be the filename of a ruleset.
Log Permitted Filetypes = no

# Log all occurrences of "Silent Viruses" as defined above?
# This can only be a simple yes/no value, not a ruleset.
Log Silent Viruses = no

# Log all occurrences of HTML tags found in messages, that can be blocked.
# This will help you build up your whitelist of message sources for which
# particular HTML tags should be allowed, such as mail from newsletters
# and daily cartoon strips.
# This can also be the filename of a ruleset.
Log Dangerous HTML Tags = no

#
# Advanced SpamAssassin Settings
# ------------------------------
#
# If you are using Postfix you may well need to use some of the settings
# below, as the home directory for the "postfix" user cannot be written
# to by the "postfix" user.
# You may also need to use these if you have installed SpamAssassin
# somewhere other than the default location.
#

# The per-user files (bayes, auto-whitelist, user_prefs) are looked
# for here and in ~/.spamassassin/. Note the files are mutable.
# If this is unset then no extra places are searched for.
# If using Postfix, you probably want to set this as shown in the example
# line at the end of this comment, and do
#      mkdir /var/spool/MailScanner/spamassassin
#      chown postfix.postfix /var/spool/MailScanner/spamassassin
# NOTE: SpamAssassin is always called from MailScanner as the same user,
#       and that is the "Run As" user specified above. So you can only
#       have 1 set of "per-user" files, it's just that you might possibly
#       need to modify this location.
#       You should not normally need to set this at all.
#SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
SpamAssassin User State Dir =

# This setting is useful if SpamAssassin is installed in an unusual place,
# e.g. /opt/MailScanner. The install prefix is used to find some fallback
# directories if neither of the following two settings work.
# If this is set then it adds to the list of places that are searched;
# otherwise it has no effect.
#SpamAssassin Install Prefix = /opt/MailScanner
SpamAssassin Install Prefix =

# The site rules are searched for here.
# Normal location on most systems is /etc/mail/spamassassin.
SpamAssassin Site Rules Dir = /etc/mail/spamassassin

# The site-local rules are searched for here, and in prefix/etc/spamassassin,
# prefix/etc/mail/spamassassin, /usr/local/etc/spamassassin, /etc/spamassassin,
# /etc/mail/spamassassin, and maybe others.
# If this is set then it adds to the list of places that are searched;
# otherwise it has no effect.
#SpamAssassin Local Rules Dir = /etc/MailScanner/mail/spamassassin
SpamAssassin Local Rules Dir =

# The default rules are searched for here, and in prefix/share/spamassassin,
# /usr/local/share/spamassassin, /usr/share/spamassassin, and maybe others.
# If this is set then it adds to the list of places that are searched;
# otherwise it has no effect.
#SpamAssassin Default Rules Dir = /opt/MailScanner/share/spamassassin
SpamAssassin Default Rules Dir =

#
# MCP (Message Content Protection)
# -----------------------------
#
# This scans text and HTML messages segments for any banned text, using
# a 2nd copy of SpamAssassin to provide the searching abilities.
# This 2nd copy has its own entire set of rules, preferences and settings.
# When used together with the patches for SpamAssassin, it can also check
# the content of attachments such as office documents.
#
# See http://www.sng.ecs.soton.ac.uk/mailscanner/install/mcp/ for more info.
#

MCP Checks = no

# Do the spam checks first, or the MCP checks first?
# This cannot be the filename of a ruleset, only a fixed value.
First Check = mcp

# The rest of these options are clones of the equivalent spam options
MCP Required SpamAssassin Score = 1
MCP High SpamAssassin Score = 10
MCP Error Score = 1

MCP Header = X-%org-name%-MailScanner-MCPCheck:
Non MCP Actions = deliver
MCP Actions = deliver
High Scoring MCP Actions = deliver
Bounce MCP As Attachment = no

MCP Modify Subject = yes
MCP Subject Text = {MCP?}
High Scoring MCP Modify Subject = yes
High Scoring MCP Subject Text = {MCP?}

Is Definitely MCP = no
Is Definitely Not MCP = no
Definite MCP Is High Scoring = no
Always Include MCP Report = no
Detailed MCP Report = yes
Include Scores In MCP Report = no
Log MCP = no

MCP Max SpamAssassin Timeouts = 20
MCP Max SpamAssassin Size = 100000
MCP SpamAssassin Timeout = 10

MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf
MCP SpamAssassin User State Dir =
MCP SpamAssassin Local Rules Dir = %mcp-dir%
MCP SpamAssassin Default Rules Dir = %mcp-dir%
MCP SpamAssassin Install Prefix = %mcp-dir%
Recipient MCP Report = %report-dir%/recipient.mcp.report.txt
Sender MCP Report = %report-dir%/sender.mcp.report.txt

# 
# Advanced Settings
# -----------------
#
# Don't bother changing anything below this unless you really know
# what you are doing, or else if MailScanner has complained about
# your "Minimum Code Status" setting.
#

# When trying to work out the value of configuration parameters which are
# using a ruleset, this controls the behaviour when a rule is checking the
# "To:" addresses.
# If this option is set to "yes", then the following happens when checking
# the ruleset:
#   a) 1 recipient. Same behaviour as normal.
#   b) Several recipients, but all in the same domain (domain.com for example).
#      The rules are checked for one that matches the string "*@domain.com".
#   c) Several recipients, not all in the same domain.
#      The rules are checked for one that matches the string "*@*".
#
# If this option is set to "no", then some rules will use the result they
# get from the first matching rule for any of the recipients of a message,
# so the exact value cannot be predicted for messages with more than 1
# recipient.
#
# This value *cannot* be the filename of a ruleset.
Use Default Rules With Multiple Recipients = no

# When putting the value of the spam score of a message into the headers,
# how do you want to format it. If you don't know how to use sprintf() or
# printf() in C, please *do not modify* this value. A few examples for you:
# %d     ==> 12
# %5.2f  ==> 12.34
# %05.1f ==> 012.3
# This can also be the filename of a ruleset.
Spam Score Number Format = %d

# This is the version number of the MailScanner distribution that created
# this configuration file. Please do not change this value.
MailScanner Version Number = 4.48.4

# Set Debug to "yes" to stop it running as a daemon and just process
# one batch of messages and then exit.
Debug = no

# Do you want to debug SpamAssassin from within MailScanner?
Debug SpamAssassin = no

# Set Run In Foreground to "yes" if you want MailScanner to operate
# normally in foreground (and not as a background daemon).
# Use this if you are controlling the execution of MailScanner
# with a tool like DJB's 'supervise' (see http://cr.yp.to/daemontools.html).
Run In Foreground = no

# If you are using an LDAP server to read the configuration, these
# are the details required for the LDAP connection. The connection
# is anonymous.
#LDAP Server = localhost
#LDAP Base   = o=fsl
#LDAP Site   = default

# This option is intended for people who want to log more information
# about messages than what is put in syslog. It is intended to be used
# with a Custom Function which has the side-effect of logging information,
# perhaps to an SQL database, or any other processing you want to do
# after each message is processed.
# Its value is completely ignored, it is purely there to have side
# effects.
# If you want to use it, read CustomConfig.pm.
Always Looked Up Last = no

# When attempting delivery of outgoing messages, should we do it in the
# background or wait for it to complete? The danger of doing it in the
# background is that the machine load goes ever upwards while all the
# slow sendmail processes run to completion. However, running it in the
# foreground may cause the mail server to run too slowly.
Deliver In Background = yes

# Attempt immediate delivery of messages, or just place them in the outgoing
# queue for the MTA to deliver when it wants to?
#      batch -- attempt delivery of messages, in batches of up to 20 at once.
#      queue -- just place them in the queue and let the MTA find them.
# This can also be the filename of a ruleset. For example, you could use a
# ruleset here so that messages coming to you are immediately delivered,
# while messages going to any other site are just placed in the queue in
# case the remote delivery is very slow.
Delivery Method = batch

# Are you using Exim with split spool directories? If you don't understand
# this, the answer is probably "no". Refer to the Exim documentation for
# more information about split spool directories.
Split Exim Spool = no

# Where to put the virus scanning engine lock files.
# These lock files are used between MailScanner and the virus signature
# "autoupdate" scripts, to ensure that they aren't both working at the
# same time (which could cause MailScanner to let a virus through).
Lockfile Dir = /tmp

# Where to put the code for your "Custom Functions". No code in this
# directory should be over-written by the installation or upgrade process.
# All files starting with "." or ending with ".rpmnew" will be ignored,
# all other files will be compiled and may be used with Custom Functions.
Custom Functions Dir = /usr/lib/MailScanner/MailScanner/CustomFunctions

# How to lock spool files.
# Don't set this unless you *know* you need to.
# For sendmail, it defaults to "flock".
# For sendmail 8.13 onwards, you will probably need to change it to posix.
# For Exim, it defaults to "posix".
# No other type is implemented.
Lock Type = 

# Minimum acceptable code stability status -- if we come across code
# that's not at least as stable as this, we barf.
# This is currently only used to check that you don't end up using untested
# virus scanner support code without realising it.
# Levels used are:
# none          - there may not even be any code.
# unsupported   - code may be completely untested, a contributed dirty hack,
#                 anything, really.
# alpha         - code is pretty well untested. Don't assume it will work.
# beta          - code is tested a bit. It should work.
# supported     - code *should* be reliable.
#
# Don't even *think* about setting this to anything other than "beta" or
# "supported" on a system that receives real mail until you have tested it
# yourself and are happy that it is all working as you expect it to.
# Don't set it to anything other than "supported" on a system that could
# ever receive important mail.
#
# READ and UNDERSTAND the above text BEFORE changing this.
#
Minimum Code Status = supported


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Richard.Frovarp at SENDIT.NODAK.EDU  Tue Dec 20 17:44:29 2005
From: Richard.Frovarp at SENDIT.NODAK.EDU (Richard Frovarp)
Date: Thu Jan 12 21:31:33 2006
Subject: Ping
Message-ID: <mailman.18172.1137101493.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Won't lint complain if those scores are in the conf file, but the user 
is not running bogus virus warning? I've just whitelisted this list due 
to the content of the messages. I also see messages from trip BIZ_TLD 
1.17, INFO_TLD 0.81, and LONGWORDS 2.96; with all three of those rules 
in SA 3.1. You could spend a lot of time chasing rules that are tripped 
by messages on this list. White listing is much easier.

Richard

Jeff A. Earickson wrote:

> Maybe this fine addition  needs to go into the spam.assassin.prefs.conf
> in the next release...  I've added it to my copy.  Thanks, Jeff
>
> On Tue, 20 Dec 2005, Martin Hepworth wrote:
>
>> Date: Tue, 20 Dec 2005 16:28:06 -0000
>> From: Martin Hepworth <martinh@SOLID-STATE-LOGIC.COM>
>> Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
>> To: MAILSCANNER@JISCMAIL.AC.UK
>> Subject: Re: Ping
>>
>> Jeff
>>
>> I have the following in my spam.assassin.prefs.conf to get around these
>> rules..
>>
>>
>> # stop MS based email systems getting nuked by the bogus virus warning
>> rules..
>>
>> score VIRUS_WARNING15   0
>> score VIRUS_WARNING28   0
>> score VIRUS_WARNING33   0
>> score VIRUS_WARNING62   0
>> score VIRUS_WARNING66   0
>> score VIRUS_WARNING226  0
>> score VIRUS_WARNING250  0
>> score VIRUS_WARNING300  0
>> score VIRUS_WARNING326  0
>> score VIRUS_WARNING339  0
>> score VIRUS_WARNING340  0
>>
>> -- 
>> Martin Hepworth
>> Snr Systems Administrator
>> Solid State Logic
>> Tel: +44 (0)1865 842300
>>
>>> -----Original Message-----
>>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
>>> Behalf Of Jeff A. Earickson
>>> Sent: 20 December 2005 16:24
>>> To: MAILSCANNER@JISCMAIL.AC.UK
>>> Subject: Re: [MAILSCANNER] Ping
>>>
>>> good suggestion, I just added 130.246.192.56 to my DNS whitelist...
>>>
>>> Jeff Earickson
>>>
>>> On Tue, 20 Dec 2005, Dörfler Andreas wrote:
>>>
>>>> Date: Tue, 20 Dec 2005 16:45:40 +0100
>>>> From: Dörfler Andreas <Andreas.Doerfler@KEMPTEN.DE>
>>>> Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
>>>> To: MAILSCANNER@JISCMAIL.AC.UK
>>>> Subject: Re: Ping
>>>>
>>>> another _fix_ will be to whitelist the lists (ive done that long ago)
>>>>
>>>>
>>>> greetings
>>>> andy
>>>>
>>>> --free your mind, use open source
>>>> http://www.mono-project.com
>>>>
>>>> ASCII ribbon campaign ( )
>>>> - against HTML email  X
>>>>             & vCards / \
>>>>
>>>>
>>>>> -----Original Message-----
>>>>> From: MailScanner mailing list
>>>>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jeff A. Earickson
>>>>> Sent: Tuesday, December 20, 2005 3:28 PM
>>>>> To: MAILSCANNER@JISCMAIL.AC.UK
>>>>> Subject: Re: Ping
>>>>>
>>>>> Julian,
>>>>>
>>>>> Found it in bogus-virus-warnings.cf, part of the rulesemporium
>>>>> stuff.  The authors of this ruleset seem very hostile towards
>>>>> MailScanner.  I went thru mine and commented out all references
>>>>> to MailScanner (I don't use rules du jour).  Rules-du-Jour users,
>>>>> beware!!!
>>>>>
>>>>> Jeff Earickson
>>>>> Colby College
>>>>
>>>>
>>>> ------------------------ MailScanner list ------------------------
>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>>> 'leave mailscanner' in the body of the email.
>>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>>
>>>> Support MailScanner development - buy the book off the website!
>>>>
>>>
>>> ------------------------ MailScanner list ------------------------
>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>> 'leave mailscanner' in the body of the email.
>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>> Support MailScanner development - buy the book off the website!
>>
>>
>>
>> **********************************************************************
>>
>> This email and any files transmitted with it are confidential and
>> intended solely for the use of the individual or entity to whom they
>> are addressed. If you have received this email in error please notify
>> the system manager.
>>
>> This footnote confirms that this email message has been swept
>> for the presence of computer viruses and is believed to be clean.
>>
>> **********************************************************************
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!



-- 
Richard Frovarp
EduTech System Administrator
1-701-231-5127 or 
1-800-774-1091

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From richard.thomas at PSYSOLUTIONS.COM  Tue Dec 20 17:53:03 2005
From: richard.thomas at PSYSOLUTIONS.COM (Richard Thomas)
Date: Thu Jan 12 21:31:33 2006
Subject: Convert winmail.dat
Message-ID: <mailman.18173.1137101493.24926.mailscanner@lists.mailscanner.info>

Presumably mailscanner can decode winmail.dat files to scan the 
internals. Would it be possible to have an option in mailscanner to add 
all the sub-parts back in as proper attachments?

Rich

-- 
MIS Department      | Psychiatric Solutions Inc |Phone: +1 615 312 5787
840 Crescent Ctr Dr |                           |Fax:   +1 615 312 5711
Suite 460           +---------------------------+----------------------
Franklin, TN 37067  |Support: helpdesk@psysolutions.com +1 615 312 5888


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, "S/MIME Cryptographic Signature"  ]
    [ Application/X-PKCS7-SIGNATURE  4.4KB. ]
    [ Unable to print this part. ]


From MailScanner at ecs.soton.ac.uk  Tue Dec 20 18:30:44 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:33 2006
Subject: Beta 4.49.4 -- Exim speedup
Message-ID: <mailman.18174.1137101493.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I have implemented the speedup for Exim and it appears to be working 
okay now (not putting the queue filename in the top of the message body 
now).

Please give this a try and let me know what you think.

Download as usual from www.mailscanner.info.

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Tue Dec 20 18:31:35 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:33 2006
Subject: Ping
Message-ID: <mailman.18175.1137101493.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Jeff A. Earickson wrote on         Tue, 20 Dec 2005 09:27:30 -0500:

> The authors of this ruleset seem very hostile towards 
> MailScanner.

No. This rule was created because so many idiot "mail administrators", 
including some which use MailScanner, still send "you sent a virus" 
messages to the faked senders, sometimes they send even the virus "back". 
And since many seem to use "mailscanner@" it hits on that. Furthermore, 
there were viruses spread with faked bounce mails of "mailscanner@" 
origin. More or less the only ham this rule hits are Julian's 
announcements ;-)

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Tue Dec 20 18:31:36 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:33 2006
Subject: Ping
Message-ID: <mailman.18176.1137101493.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Dörfler Andreas wrote on         Tue, 20 Dec 2005 16:45:40 +0100:

> another _fix_ will be to whitelist the lists (ive done that long ago)

This is the correct thing to do since we also see spam examples etc. here.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Tue Dec 20 18:34:08 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:33 2006
Subject: Beta 4.49.3 released
Message-ID: <mailman.18177.1137101493.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Fixed now.

Martin Hepworth wrote:

>Jules
>
>Seems to be a problem with the signing code somewhere, it's dumping the exim
>queue filename containing the data part of the email at the top of the
>message body..
>
>Ie   <message-id>-D  always appears at the top of the message body for
>signed (Sign Clean Messages = yes) email.
>
>--
>Martin Hepworth 
>Snr Systems Administrator
>Solid State Logic
>Tel: +44 (0)1865 842300
>
>  
>
>>-----Original Message-----
>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
>>Behalf Of Julian Field
>>Sent: 19 December 2005 19:59
>>To: MAILSCANNER@JISCMAIL.AC.UK
>>Subject: Re: [MAILSCANNER] Beta 4.49.3 released
>>
>>Raymond,
>>
>>Here is a replacement EximDiskStore.pm and Message.pm for you to try
>>out. Save a copy of Message.pm before you do it in case it doesn't work
>>too well. The change to EximDiskStore.pm is just to add a new function,
>>so won't affect functionality if you revert Message.pm.
>>
>>Let me know how you get on.
>>
>>
>>Raymond Dijkxhoorn wrote:
>>
>>    
>>
>>>Hi!
>>>
>>>      
>>>
>>>>The timing was done by running:
>>>>
>>>>cd /usr/sbin; time MailScanner /etc/MailScanner/MailScanner.conf
>>>>
>>>>To calculate the results - I ran the same batch of messages through
>>>>        
>>>>
>>each
>>    
>>
>>>>version of MailScanner 5 times then took the average time.
>>>>
>>>>4.48-4:     1m29s
>>>>4.49-3:     0m50s
>>>>
>>>>Warning: my maths is pretty terrible - but I think that works out at
>>>>around a 56% improvement!!!
>>>>        
>>>>
>>>I am seeing a little less, but with smaller batches, and with live
>>>data. Speed seems 15-18% then. Some peeks to 24%. Still amazingly much
>>>so really want to see this code on our busy frontend boxes ;) (Exim).
>>>
>>>Nice job Julian!
>>>
>>>Bye,
>>>Raymond.
>>>
>>>------------------------ MailScanner list ------------------------
>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>>'leave mailscanner' in the body of the email.
>>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>>Support MailScanner development - buy the book off the website!
>>>      
>>>
>>--
>>Julian Field
>>www.MailScanner.info
>>Buy the MailScanner book at www.MailScanner.info/store
>>Professional Support Services at www.MailScanner.biz
>>MailScanner thanks transtec Computers for their support
>>
>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>
>>
>>--
>>This message has been scanned for viruses and
>>dangerous content by MailScanner, and is
>>believed to be clean.
>>
>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>Support MailScanner development - buy the book off the website!
>>    
>>
>
>
>**********************************************************************
>
>This email and any files transmitted with it are confidential and
>intended solely for the use of the individual or entity to whom they
>are addressed. If you have received this email in error please notify
>the system manager.
>
>This footnote confirms that this email message has been swept
>for the presence of computer viruses and is believed to be clean.	
>
>**********************************************************************
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>  
>

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Tue Dec 20 19:31:43 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:33 2006
Subject: Ping
Message-ID: <mailman.18178.1137101493.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Richard Frovarp wrote on         Tue, 20 Dec 2005 11:44:29 -0600:

> Won't lint complain if those scores are in the conf file, but the user 
> is not running bogus virus warning?

Yes, it will.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From SJCJonker at SJC.NL  Tue Dec 20 19:34:37 2005
From: SJCJonker at SJC.NL (Stijn Jonker)
Date: Thu Jan 12 21:31:33 2006
Subject: Ping
Message-ID: <mailman.18179.1137101493.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Pong:

Tech TTL: 1 minute 14 seconds.

Received: from hn00dmz01.sjc.nl (hn00dmz01.sjc.nl [192.168.253.1])
	by hn00srv01.sjc.nl (SJCMailer) with ESMTP id 7CEAE28003
	for <sjcjonker@SJC.NL>; Tue, 20 Dec 2005 11:15:38 +0100 (CET)

Human ttl: 09 hour, 19 minutes. (could be considered TTL expired in transit)

Come on ppl I tought most ppl where techies, that after nine hours the
first "technical" answer appears.

BTW: Merry X-MAS to you all, and a wonderfull 2006.

Julian Field said the following on 20/12/2005 11:14:
> Ping at 10:14 am GMT.

-- 
Met Vriendelijke groet/Yours Sincerely
Stijn Jonker <SJCJonker@sjc.nl>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Tue Dec 20 21:41:14 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:33 2006
Subject: delete from the mailq
Message-ID: <mailman.18180.1137101493.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 20/12/05, Jan Agermose <ja@conviator.com> wrote:
> >define(`confQUEUE_SORT_ORDER', `time')dnl
> >that should solve his immediate problem, its not a default option, and
> if
> >not already he should also add in:
> >define(`confSEPARATE_PROC',`True')dnl
> >define(`confDOUBLE_BOUNCE_ADDRESS',`')dnl
>
(snip)
> What does the above do?

Not much. The receiving MTA will just pool things for MailScanner to
pick up.... Which will have switched to "emergency mode" (which is
basically the same effect as the above, as far as I can see)... It
does so at a set queue size (look in your MailScanner.conf to see what
queue size it'll "switch mode" at for you).

> It actually looked as if new mails was handled before the old queued
> mails so operation was sort of normal. New mails where only delayed a
> bit.

.... Which fit rather well with the above explanation;-).

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Dave  Tue Dec 20 22:56:47 2005
From: Dave (Dave)
Date: Thu Jan 12 21:31:33 2006
Subject: Vispan and virus display
Message-ID: <mailman.18181.1137101493.24926.mailscanner@lists.mailscanner.info>

Yes, Julian your book is helpful.

However, I would like to publish the names of computer viruses we intercepted
as well as the data on % spam rejected.

Yes I have http://doctor.nl2k.ab.ca/cgi-bin/virus/display.pl?number

and

http://www.nk.ca/vispan/

but I would like some of that information  to be published on

key web pages similar to http://www.nk.ca/vispan/ .

Any pointers?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From james at GRAYONLINE.ID.AU  Wed Dec 21 03:57:36 2005
From: james at GRAYONLINE.ID.AU (James Gray)
Date: Thu Jan 12 21:31:33 2006
Subject: Exim4 + MailScanner on Debian Sarge - SUCCESS
Message-ID: <mailman.18182.1137101493.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "utf-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi All,

Just wanted to gloat a little :)  I've been holding off moving my mail 
gateway from Exim 3.36 to 4.50 for a long time due to the inordinately 
complicated Debian Exim4 package.  I run the MailScanner tar ball so there 
was no automagic Exim4+MailScanner package spell I could cast.  Today I bit 
the bullet and after some swearing and trying to figure out just how the 
hell Debian handles Exim4, I got it working. Yay for me.

Not only that, BUT I managed to get it working and kept the Debian 
configuration system right down to those freaky DEBCONF settings (those who 
know, will feel my pain).  On top of all that I also (finally) implemtented 
authenticated SMTP over TLS for my road-warriors that authenticates back to 
PAM - thus using the same credentials as their POP3 accounts :D

I plan on writing it up on my blog as soon as I get back from my Christmas 
break.  If anyone thinks this little accomplishment is worthy of it's own 
MailScanner Wiki page, let me know and I'll write it up there too :)

Have a great Christmas everyone!

Cheers,

James
-- 
Made with real ingredients.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From alex at NKPANAMA.COM  Wed Dec 21 04:53:02 2005
From: alex at NKPANAMA.COM (Alex Neuman van der Hans)
Date: Thu Jan 12 21:31:33 2006
Subject: Ping
Message-ID: <mailman.18183.1137101493.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Perhaps Julian could use something else like 
"the-father-of-mailscanner@" or 
"the-scourge-of-spammers-and-viruses-everywhere@" for his announcements ;)


Kai Schaetzl wrote:

>Jeff A. Earickson wrote on         Tue, 20 Dec 2005 09:27:30 -0500:
>
>  
>
>And since many seem to use "mailscanner@" it hits on that. Furthermore, 
>there were viruses spread with faked bounce mails of "mailscanner@" 
>origin. More or less the only ham this rule hits are Julian's 
>announcements ;-)
>
>Kai
>
>  
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From alex at NKPANAMA.COM  Wed Dec 21 04:56:35 2005
From: alex at NKPANAMA.COM (Alex Neuman van der Hans)
Date: Thu Jan 12 21:31:33 2006
Subject: Convert winmail.dat
Message-ID: <mailman.18184.1137101493.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Richard Thomas wrote:

> Presumably mailscanner can decode winmail.dat files to scan the 
> internals. Would it be possible to have an option in mailscanner to 
> add all the sub-parts back in as proper attachments?
>
> Rich
>
Sure, you'd just have to program it in Perl and submit it for inclusion ;)

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Wed Dec 21 09:07:33 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:33 2006
Subject: Exim4 + MailScanner on Debian Sarge - SUCCESS
Message-ID: <mailman.18185.1137101493.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----

Definitely worth a Wiki page!

Have a great Christmas yourself too!

On 21 Dec 2005, at 03:57, James Gray wrote:

> Hi All,
>
> Just wanted to gloat a little :)  I've been holding off moving my mail
> gateway from Exim 3.36 to 4.50 for a long time due to the inordinately
> complicated Debian Exim4 package.  I run the MailScanner tar ball  
> so there
> was no automagic Exim4+MailScanner package spell I could cast.   
> Today I bit
> the bullet and after some swearing and trying to figure out just  
> how the
> hell Debian handles Exim4, I got it working. Yay for me.
>
> Not only that, BUT I managed to get it working and kept the Debian
> configuration system right down to those freaky DEBCONF settings  
> (those who
> know, will feel my pain).  On top of all that I also (finally)  
> implemtented
> authenticated SMTP over TLS for my road-warriors that authenticates  
> back to
> PAM - thus using the same credentials as their POP3 accounts :D
>
> I plan on writing it up on my blog as soon as I get back from my  
> Christmas
> break.  If anyone thinks this little accomplishment is worthy of  
> it's own
> MailScanner Wiki page, let me know and I'll write it up there too :)
>
> Have a great Christmas everyone!
>
> Cheers,
>
> James
> -- 
> Made with real ingredients.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBQ6kbWPw32o+k+q+hAQH0HAf/RaE2LvAhaxF5U/I1j7zq0LoZjdKVB1M7
orF/wc5o8PHAfB8gjS5JlnBZUAEqiYFI0gXZYy+xDkwLA0JMjz66MQlTg1gh91zj
9xcItHMUXrxB06DdLTPNf2i57k286w+Awoj9jmUOrAsnnHTmqtUwmR4+8OjeKXZP
Rf+OhDKd163wF4867b5Vl1pOtTzInB/50ktmZ8pqguIqH2DqUljHay5t0neNPS/7
d6PoN8DXS+ZYnxEmVhG9Mx6x+l7+v1+vFSjaTrkOLiuY9bAV/wxdhCI236Vu+vtM
1PAG8rsT5y1uUsQBHbjshkXKv3LCwIDgF2CrOX392YbBoQkiuou9Rg==
=RnOH
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From martinh at SOLID-STATE-LOGIC.COM  Wed Dec 21 09:07:30 2005
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:31:33 2006
Subject: Beta 4.49.4 -- Exim speedup
Message-ID: <mailman.18186.1137101493.24926.mailscanner@lists.mailscanner.info>

Looks good, no message-id in the outbound (signed) email.

--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Julian Field
> Sent: 20 December 2005 18:31
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: [MAILSCANNER] Beta 4.49.4 -- Exim speedup
> 
> I have implemented the speedup for Exim and it appears to be working
> okay now (not putting the queue filename in the top of the message body
> now).
> 
> Please give this a try and let me know what you think.
> 
> Download as usual from www.mailscanner.info.
> 
> --
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> 
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> 
> 
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From drew at THEMARSHALLS.CO.UK  Wed Dec 21 09:18:13 2005
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:31:33 2006
Subject: Reduction in Spam?
Message-ID: <mailman.18187.1137101493.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I am not convinced by this article as my stats read quite differently!

http://news.bbc.co.uk/1/hi/technology/4547474.stm

The interesting quote is '"similarly report a decrease in the amount of
spam reaching consumers' inboxes"'

Perhaps this is because of the amount of mail being processed by
MailScanner on a daily basis?

Merry Christmas & A Happy New Year all!

Drew


-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From martinh at SOLID-STATE-LOGIC.COM  Wed Dec 21 09:26:53 2005
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:31:33 2006
Subject: Reduction in Spam?
Message-ID: <mailman.18188.1137101493.24926.mailscanner@lists.mailscanner.info>

Quite

The article does seem confused about where the reduction is.....

My stats do NOT concur with theres. Over the last 6 months I still an
increase...

--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Drew Marshall
> Sent: 21 December 2005 09:18
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: [MAILSCANNER] Reduction in Spam?
> 
> I am not convinced by this article as my stats read quite differently!
> 
> http://news.bbc.co.uk/1/hi/technology/4547474.stm
> 
> The interesting quote is '"similarly report a decrease in the amount of
> spam reaching consumers' inboxes"'
> 
> Perhaps this is because of the amount of mail being processed by
> MailScanner on a daily basis?
> 
> Merry Christmas & A Happy New Year all!
> 
> Drew
> 
> 
> --
> In line with our policy, this message has
> been scanned for viruses and dangerous
> content by MailScanner, and is believed to be clean.
> www.themarshalls.co.uk/policy
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Wed Dec 21 12:07:58 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:33 2006
Subject: Reduction in Spam?
Message-ID: <mailman.18189.1137101493.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 21/12/05, Martin Hepworth <martinh@solid-state-logic.com> wrote:
> Quite
>
> The article does seem confused about where the reduction is.....
>
> My stats do NOT concur with theres. Over the last 6 months I still an
> increase...
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
> > -----Original Message-----
> > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> > Behalf Of Drew Marshall
> > Sent: 21 December 2005 09:18
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: [MAILSCANNER] Reduction in Spam?
> >
> > I am not convinced by this article as my stats read quite differently!
> >
> > http://news.bbc.co.uk/1/hi/technology/4547474.stm
> >
> > The interesting quote is '"similarly report a decrease in the amount of
> > spam reaching consumers' inboxes"'
> >
> > Perhaps this is because of the amount of mail being processed by
> > MailScanner on a daily basis?
> >
> > Merry Christmas & A Happy New Year all!
> >
> > Drew
> >
> >

CC...
I'm not say it is so, but one has to wonder about the report as
such... It has been know to happen that government agencies do one of
a) "release a scare" or
b) pat themselves on the back (in a *big* way)
... when a new fiscal period rolls around (when it's time for some new
funding...:). At least Livsmedelsverket (approximately the same as
FDA...) here in sweden has done some fairly publicised a)s... This
looks more like a b) :-):-).

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From john at TRADOC.FR  Wed Dec 21 12:11:25 2005
From: john at TRADOC.FR (John Wilcock)
Date: Thu Jan 12 21:31:33 2006
Subject: Reduction in Spam?
Message-ID: <mailman.18190.1137101493.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Drew Marshall wrote:
> I am not convinced by this article as my stats read quite differently!
> 
> http://news.bbc.co.uk/1/hi/technology/4547474.stm

I have actually seen a reduction in incoming spam - am I the exception?

See http://www.tradoc.fr/spamstats.pdf - this is for a very low volume
site with just 6 users. Incoming spam levels dropped off noticeably 
about 12 months ago (which may be related to the fact that the IP 
address for our primary MX changed, though then again it may be just a 
coincidence) and continued to fall until about April. There's been a 
slight upward trend since, but nothing like previous levels.

In any case the article isn't isn't clear as to whether less spam is 
actually being sent or whether filters are simply getting more effective 
or more widespread.

John.

-- 
-- Over 2700 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages    - www.tradoc.fr

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Wed Dec 21 12:57:59 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:33 2006
Subject: Reduction in Spam?
Message-ID: <mailman.18191.1137101493.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 21/12/05, John Wilcock <john@tradoc.fr> wrote:
> Drew Marshall wrote:
> > I am not convinced by this article as my stats read quite differently!
> >
> > http://news.bbc.co.uk/1/hi/technology/4547474.stm
>
> I have actually seen a reduction in incoming spam - am I the exception?
>
> See http://www.tradoc.fr/spamstats.pdf - this is for a very low volume
> site with just 6 users. Incoming spam levels dropped off noticeably
> about 12 months ago (which may be related to the fact that the IP
> address for our primary MX changed, though then again it may be just a
> coincidence) and continued to fall until about April. There's been a
> slight upward trend since, but nothing like previous levels.
>
> In any case the article isn't isn't clear as to whether less spam is
> actually being sent or whether filters are simply getting more effective
> or more widespread.
>
> John.
>
> --

Well, that might have a lot of explanations... In my case, I've seen a
steady increase in both spam and MTA rejections (mostly the latter
though). Slightly more than a year ago I moved to a more restrictive
policy at the MTA level, which bumped the rejections and dropped the
spam ... for a short while, then _both_ started rising. Sigh.

Anyway, a better article on the subject is the one at el Reg:
http://www.theregister.co.uk/2005/12/21/can-spam/ ... including a link
to the actual FTC report (which certainly looks a bit like a "pat on
the back" affair to me:-). I certainly wouldn't attribute any
perceived or measured drop to the opt-out feature... Perhaps to the
legal actions, but not to the opt-out as such. But thats just me;).

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Chris.Boyd at USIT.IE  Wed Dec 21 14:42:03 2005
From: Chris.Boyd at USIT.IE (Chris Boyd)
Date: Thu Jan 12 21:31:34 2006
Subject: Not allowing filename
Message-ID: <mailman.18192.1137101493.24926.mailscanner@lists.mailscanner.info>

I need to allow files with .qxd.pdf. I thought I did it right in the rules but Mailscanner wont seem to pick up the changes. 
In Mailscanner.conf I have:

# Rulesets directory containing your ".rules" files
%rules-dir% = /etc/MailScanner/rules

In filename.rules.conf I have: 

#Customized by Chris
allow   \.qxd.pdf$              -       -

I read that rules need to be in the rules directory and be named .rules 
So i copied over filename.rules.conf to /etc/Mailscanner/rules/filename.rules, and it still doesn't pick up the changes. 
Here's the message from blocked extension

t Tue Dec 20 17:06:30 2005 the virus scanner said:
   MailScanner: Attempt to hide real filename extension (.qxd.pdf)




-----------------------------------------------------------------
This email message is intended only for the addressee(s) 
and contains information that may be confidential and/or 
copyrighted.  If you are not the intended recipient please 
notify the sender by reply email and immediately delete 
this email. Use, disclosure or reproduction of this email 
by anyone other than the intended recipient(s) is strictly 
prohibited. USIT has scanned this email for viruses and 
dangerous content and believes it to be clean. However, 
virus scanning is ultimately the responsibility of the recipient.
-----------------------------------------------------------------

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From lists at hbcs.org  Wed Dec 21 15:14:12 2005
From: lists at hbcs.org (Dave C)
Date: Thu Jan 12 21:31:34 2006
Subject: Not allowing filename
Message-ID: <mailman.18193.1137101494.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Chris Boyd wrote:
> I need to allow files with .qxd.pdf. I thought I did it right in the rules but Mailscanner wont seem to pick up the changes. 
> In Mailscanner.conf I have:
> 
> # Rulesets directory containing your ".rules" files
> %rules-dir% = /etc/MailScanner/rules
> 
> In filename.rules.conf I have: 
> 
> #Customized by Chris
> allow   \.qxd.pdf$              -       -
> 
> I read that rules need to be in the rules directory and be named .rules 
> So i copied over filename.rules.conf to /etc/Mailscanner/rules/filename.rules, and it still doesn't pick up the changes. 
> Here's the message from blocked extension
> 
> t Tue Dec 20 17:06:30 2005 the virus scanner said:
>    MailScanner: Attempt to hide real filename extension (.qxd.pdf)
> 
In filename.rules.conf is the rule for "double dotted" files. Had to 
change to allow for my l/users....

Dave

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From azher at niit.edu.pk  Wed Dec 21 15:19:52 2005
From: azher at niit.edu.pk (Azher Amin)
Date: Thu Jan 12 21:31:34 2006
Subject: Exim4 + MailScanner on Debian Sarge - SUCCESS
Message-ID: <mailman.18194.1137101494.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi James,

I am interested in getting the details especially with authenticated SMTP.

May be a writeup in plain formatting would help.

Regards
Azher


> Hi All,
>
> Just wanted to gloat a little :)  I've been holding off moving my mail
> gateway from Exim 3.36 to 4.50 for a long time due to the inordinately
> complicated Debian Exim4 package.  I run the MailScanner tar ball so there
> was no automagic Exim4+MailScanner package spell I could cast.  Today I
> bit
> the bullet and after some swearing and trying to figure out just how the
> hell Debian handles Exim4, I got it working. Yay for me.
>
> Not only that, BUT I managed to get it working and kept the Debian
> configuration system right down to those freaky DEBCONF settings (those
> who
> know, will feel my pain).  On top of all that I also (finally)
> implemtented
> authenticated SMTP over TLS for my road-warriors that authenticates back
> to
> PAM - thus using the same credentials as their POP3 accounts :D
>
> I plan on writing it up on my blog as soon as I get back from my Christmas
> break.  If anyone thinks this little accomplishment is worthy of it's own
> MailScanner Wiki page, let me know and I'll write it up there too :)
>
> Have a great Christmas everyone!
>
> Cheers,
>
> James
> --
> Made with real ingredients.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Wed Dec 21 15:29:09 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:34 2006
Subject: Not allowing filename
Message-ID: <mailman.18195.1137101494.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----

Leave the filename.rules.conf file exactly where it is, just add our  
line to the top of it. No need to edit MailScanner.conf at all, it's  
all set right already.

On 21 Dec 2005, at 14:42, Chris Boyd wrote:

> I need to allow files with .qxd.pdf. I thought I did it right in  
> the rules but Mailscanner wont seem to pick up the changes.
> In Mailscanner.conf I have:
>
> # Rulesets directory containing your ".rules" files
> %rules-dir% = /etc/MailScanner/rules
>
> In filename.rules.conf I have:
>
> #Customized by Chris
> allow   \.qxd.pdf$              -       -
>
> I read that rules need to be in the rules directory and be  
> named .rules
> So i copied over filename.rules.conf to /etc/Mailscanner/rules/ 
> filename.rules, and it still doesn't pick up the changes.
> Here's the message from blocked extension
>
> t Tue Dec 20 17:06:30 2005 the virus scanner said:
>    MailScanner: Attempt to hide real filename extension (.qxd.pdf)
>
>
>
>
> -----------------------------------------------------------------
> This email message is intended only for the addressee(s)
> and contains information that may be confidential and/or
> copyrighted.  If you are not the intended recipient please
> notify the sender by reply email and immediately delete
> this email. Use, disclosure or reproduction of this email
> by anyone other than the intended recipient(s) is strictly
> prohibited. USIT has scanned this email for viruses and
> dangerous content and believes it to be clean. However,
> virus scanning is ultimately the responsibility of the recipient.
> -----------------------------------------------------------------
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBQ6l0y/w32o+k+q+hAQHvqAf/RHQGrmNpWYFw4dTltoqDmMyGy+lxbXZJ
lAIz/R0F38HAwR0H05+ofQ7732rnqGvjvD7pS8yfbnKJh+RDnA9WO7dB/0/GjD3u
knlww40vBiG3SaIxFpX9hxnFisc2RTgbSnjngqxTQ3ASNjWY48AlVb2TvF37pAF/
vTcz+m3XcJAT/4eUjsWdAmK7fdIPos26JbMVVFIA/GIsG5wa5nDQCKzEQIA4CzVu
cWB/0Ca24hNhUE6X2r1z/tSv2yR2LkiGtpKMemrInCZ8+ZF9BJFIQoArPRediNlo
yAbhkavsjmB07Mak6A3UHoiIf1GkNLy82GxZ577henJ6PThBC2E1Aw==
=REWN
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Wed Dec 21 20:31:49 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:34 2006
Subject: Ping
Message-ID: <mailman.18196.1137101494.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Alex Neuman van der Hans wrote on         Tue, 20 Dec 2005 23:53:02 -0500:

> Perhaps Julian could use something else like 
> "the-father-of-mailscanner@" or 
> "the-scourge-of-spammers-and-viruses-everywhere@" for his announcements

yes, he could ;-)

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Wed Dec 21 21:19:45 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:34 2006
Subject: Warning: recent vendor perl patch may harm MailScanner
Message-ID: <mailman.18197.1137101494.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

SuSE has issued a perl patch on Dec. 19 for all its supported platforms 
which may cause you problems with MailScanner, be careful! It's the fix
SPRINTF0 - fixes for sprintf formatting issues - CVE-2005-3962
Other vendors will probably push this important patch as well.

Problems may only occur if you used CPAN to install some modules required 
by MailScanner.

But I'm not convinced that it only affects those. Reason: That patch seems 
to either overwrite MIME::Base64 with the version current when the OS 
version was released (in this case 2.20) or write this information to some 
housekeeping file belonging to Perl. This clash could occur with 
rpm-installed MIME::Base64 as well.

Symptoms: MailScanner dies with
MIME::Base64 object version 2.20 does not match bootstrap parameter 3.05 
at /usr/lib/perl5/5.8.1/i586-linux-thread-multi/DynaLoader.pm line 249. 
Compilation failed in require at /usr/sbin/MailScanner line 55. 
BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 59.

You get the same error when opening the CPAN shell and just doing 
"i MIME::Base64" (LWP failed with code[500] message[MIME::Base64 object 
version 2.20 does not match bootstrap parameter 3.05]). It also says 
"strange package name" or so. I tried upgrading (via CPAN) to version 3.07 
(current) of MIME::Base64 and when this didn't help installing all perl 
rpms coming with the MailScanner tar.gz. Nothing helped, even worse this 
made MailScanner grab memory ad infinitum. And Spamassassin make test as 
well. Only the abovementioned trick helped. Perl says now that the version 
of MIME::Base64 installed is 2.20 on the machine with a working (!) 
MailScanner and 3.0.5 on a machine where MailScanner doesn't work and 
where I did nothing to fix the problem.

Going back to the last Perl patch version is obviously not recommended 
since the fixed problem is a serious one. This problem may indeed only 
occur under circumstances, but better beware!

Julian, any thoughts on the nature of the problem and how to solve it and 
keep the patch?





Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Kevin_Miller at CI.JUNEAU.AK.US  Wed Dec 21 21:55:48 2005
From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller)
Date: Thu Jan 12 21:31:34 2006
Subject: Warning: recent vendor perl patch may harm MailScanner
Message-ID: <mailman.18198.1137101494.24926.mailscanner@lists.mailscanner.info>

Kai Schaetzl wrote:
> SuSE has issued a perl patch on Dec. 19 for all its supported
> platforms which may cause you problems with MailScanner, be careful!
> It's the fix SPRINTF0 - fixes for sprintf formatting issues -
> CVE-2005-3962 
> Other vendors will probably push this important patch as well.
> 

I installed patches yesterday, and everything seems to be flowing just
fine on my boxes.  Running two on SuSE 9.3, and one on 9.0.  Don't
recall installing from CPAN - usually stick to YaST and let MailScanner
rebuild what's lacking...

...Kevin
-- 
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From brent.bolin at GMAIL.COM  Wed Dec 21 21:56:09 2005
From: brent.bolin at GMAIL.COM (BB)
Date: Thu Jan 12 21:31:34 2006
Subject: Warning: recent vendor perl patch may harm MailScanner
Message-ID: <mailman.18199.1137101494.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I would be interested if anyone has upgraded to the latest ports with
FreeBSD.

Just started an upgrade but aborted when I could see perl being upgraded.

# portupgrade -rRa

===>  Extracting for perl-5.8.7_1
=> MD5 Checksum OK for perl-5.8.7.tar.bz2.
=> MD5 Checksum OK for BSDPAN-5.8.7.tar.bz2.
=> MD5 Checksum OK for defined-or-5.8.7.bz2.
=> MD5 Checksum OK for sprintf-5.8.7.patch.bz2.


On 12/21/05, Kai Schaetzl <maillists@conactive.com> wrote:
      SuSE has issued a perl patch on Dec. 19 for all its supported
      platforms
      which may cause you problems with MailScanner, be careful!
      It's the fix
      SPRINTF0 - fixes for sprintf formatting issues -
      CVE-2005-3962
      Other vendors will probably push this important patch as
      well.

      Problems may only occur if you used CPAN to install some
      modules required
      by MailScanner.

      But I'm not convinced that it only affects those. Reason:
      That patch seems
      to either overwrite MIME::Base64 with the version current
      when the OS
      version was released (in this case 2.20) or write this
      information to some
      housekeeping file belonging to Perl. This clash could occur
      with
      rpm-installed MIME::Base64 as well.

      Symptoms: MailScanner dies with
      MIME::Base64 object version 2.20 does not match bootstrap
      parameter 3.05
      at /usr/lib/perl5/5.8.1/i586-linux-thread-multi/DynaLoader.pm
      line 249.
      Compilation failed in require at /usr/sbin/MailScanner line
      55.
      BEGIN failed--compilation aborted at /usr/sbin/MailScanner
      line 59.

      You get the same error when opening the CPAN shell and just
      doing
      "i MIME::Base64" (LWP failed with code[500]
      message[MIME::Base64 object
      version 2.20 does not match bootstrap parameter 3.05]). It
      also says
      "strange package name" or so. I tried upgrading (via CPAN) to
      version 3.07
      (current) of MIME::Base64 and when this didn't help
      installing all perl
      rpms coming with the MailScanner tar.gz. Nothing helped, even
      worse this
      made MailScanner grab memory ad infinitum. And Spamassassin
      make test as
      well. Only the abovementioned trick helped. Perl says now
      that the version
      of MIME::Base64 installed is 2.20 on the machine with a
      working (!)
      MailScanner and 3.0.5 on a machine where MailScanner doesn't
      work and
      where I did nothing to fix the problem.

      Going back to the last Perl patch version is obviously not
      recommended
      since the fixed problem is a serious one. This problem may
      indeed only
      occur under circumstances, but better beware!

      Julian, any thoughts on the nature of the problem and how to
      solve it and
      keep the patch?





      Kai

      --
      Kai Schätzl, Berlin, Germany
      Get your web at Conactive Internet Services:
      http://www.conactive.com

      ------------------------ MailScanner list
      ------------------------
      To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
      'leave mailscanner' in the body of the email.
      Before posting, read the Wiki (
      http://wiki.mailscanner.info/) and
      the archives
      (http://www.jiscmail.ac.uk/lists/mailscanner.html).

      Support MailScanner development - buy the book off the
      website!



------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From Jeff.Mills at POCOLD.COM.AU  Wed Dec 21 23:54:06 2005
From: Jeff.Mills at POCOLD.COM.AU (Jeff Mills)
Date: Thu Jan 12 21:31:34 2006
Subject: Automated response per domain
Message-ID: <mailman.18200.1137101494.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi all,
we're in the process of changing domain names due to the company being sold.
We would like to have an auto response sent to users who send mail to our old domain informing them of the change.

I am running MailScanner version 4.45.4 and postfix, sending to an Exchange 2003 server.

Does anyone know if this is possible at the MailScanner gateway, or in Exchange?

Cheers,
Jeff




*** "This company is now part of the Versacold Holdings Corp. and is no longer owned by or affiliated with the P&O Group" ***

************** www.versacold.com **************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Kevin_Miller at CI.JUNEAU.AK.US  Wed Dec 21 23:16:54 2005
From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller)
Date: Thu Jan 12 21:31:34 2006
Subject: Joe Jobbed, etc.
Message-ID: <mailman.18201.1137101494.24926.mailscanner@lists.mailscanner.info>

Michele Neylon:: Blacknight.ie wrote:
> Pete Russell wrote:
>> Wont milter-ahead deal with this by blocking those email during
>> handshaking for being incorrectly addressed? Only accept mail for
>> delivery that is accurately addressed?
>> 
> 
> That's what we do and it works very well.
> The bigger issue is when the return path is forged but is  to a valid
> user ...

Been sidetracked with other brushfires lately, but I'm still seeing a
lot of mail coming in for userXXXX@ci.juneau.ak.us where XXXX is a
random string of four characters (alpha).  I haven't implemented
milter-ahead yet - it looks like they're now charging for it and I'd
like test it out on a non-production server before I shell out the $.  I
downloaded an earlier version a couple weeks ago but he's since updated
libsnert (which isn't downloadable) and isn't backwards compatible
apparently.  Long story short, milter-ahead looks like a science project
for another day.

I'm not sure if I'm the victim of a joe job, or reverse NDR, but in
thinking about it, milter-ahead won't solve the greater problem anyway.
Right now, my Exchange box is replying to the NDRs.  Milter-ahead would
just cause my MS gateway to do that instead.  I think the better thing
to do is to accept the mail and deep six it.  What I'd like to do is put
an entry in spam.blacklist.rules and send it to the spam bucket.  Right
now, low scoring spam is sent to a phony user
(Alphonse_Spamdog@mydomain) on one of my gateways, and a MailWatch
quarantine on the others.  So, if I put a line like this:

To:	my_user[some regular expression here]@ci.juneau.ak.us
yes

in there, then any phony bounces or reverse NDR attack messages would
land harmlessly in the dustbin, so to speak.  I wouldn't be resending
them and they wouldn't clutter up my postmaster inbox.

Anybody see any problems with that, and what would the regex be?  Mail
to My_User@mydomain needs to get through as normal, it's just mail to
My_UserXXXX@mydomain that I want to tag as spam.  (Unless of course, the
mail for the real address is spam.)  I've tried to figure out the regex
expression myself, but I haven't played with them before, and can't be
dumping legitimate email along w/the bad.  So how do I filter on a
specific user with four random letters?  Would
my_user[a-z][a-z][a-z][a-z]@mydomain do the trick but not hit
my_user@mydomain?

Thanks much.

...Kevin
-- 
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Kevin_Miller at CI.JUNEAU.AK.US  Thu Dec 22 00:21:10 2005
From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller)
Date: Thu Jan 12 21:31:34 2006
Subject: Automated response per domain
Message-ID: <mailman.18202.1137101494.24926.mailscanner@lists.mailscanner.info>

Ugo Bellavance wrote:
> Jeff Mills wrote:
>> Hi all,
>> we're in the process of changing domain names due to the company
>> being sold. 
>> We would like to have an auto response sent to users who send mail
>> to our old domain informing them of the change. 
>> 
>> I am running MailScanner version 4.45.4 and postfix, sending to an
>> Exchange 2003 server. 
>> 
>> Does anyone know if this is possible at the MailScanner gateway, or
>> in Exchange? 
> 
> What I do in this case is an answer in a SMTP response, leading to a
> link explaining the change.

But how do you set up the SMTP response?  In sendmail/Postfix, or
Outlook, or?

...Kevin
-- 
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ugob at CAMO-ROUTE.COM  Wed Dec 21 23:57:47 2005
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:31:34 2006
Subject: Automated response per domain
Message-ID: <mailman.18203.1137101494.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Jeff Mills wrote:
> Hi all,
> we're in the process of changing domain names due to the company being sold.
> We would like to have an auto response sent to users who send mail to our old domain informing them of the change.
> 
> I am running MailScanner version 4.45.4 and postfix, sending to an Exchange 2003 server.
> 
> Does anyone know if this is possible at the MailScanner gateway, or in Exchange?

What I do in this case is an answer in a SMTP response, leading to a 
link explaining the change.

> 
> Cheers,
> Jeff
> 
> 
> 
> 
> *** "This company is now part of the Versacold Holdings Corp. and is no longer owned by or affiliated with the P&O Group" ***
> 
> ************** www.versacold.com **************
> 


-- 
Ugo

-> Please don't send a copy of your reply by e-mail.  I read the list.
-> Please avoid top-posting, long signatures and HTML, and cut the 
irrelevant parts in your replies.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Thu Dec 22 00:22:40 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:34 2006
Subject: Joe Jobbed, etc.
Message-ID: <mailman.18204.1137101494.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 22/12/05, Kevin Miller <Kevin_Miller@ci.juneau.ak.us> wrote:
> Michele Neylon:: Blacknight.ie wrote:
> > Pete Russell wrote:
> >> Wont milter-ahead deal with this by blocking those email during
> >> handshaking for being incorrectly addressed? Only accept mail for
> >> delivery that is accurately addressed?
> >>
> >
> > That's what we do and it works very well.
> > The bigger issue is when the return path is forged but is  to a valid
> > user ...
>
> Been sidetracked with other brushfires lately, but I'm still seeing a
> lot of mail coming in for userXXXX@ci.juneau.ak.us where XXXX is a
> random string of four characters (alpha).  I haven't implemented
> milter-ahead yet - it looks like they're now charging for it and I'd
> like test it out on a non-production server before I shell out the $.  I
> downloaded an earlier version a couple weeks ago but he's since updated
> libsnert (which isn't downloadable) and isn't backwards compatible
> apparently.  Long story short, milter-ahead looks like a science project
> for another day.
>
> I'm not sure if I'm the victim of a joe job, or reverse NDR, but in
> thinking about it, milter-ahead won't solve the greater problem anyway.
> Right now, my Exchange box is replying to the NDRs.  Milter-ahead would
> just cause my MS gateway to do that instead.

Um, no.... The thing is it'll reject the erroneous addresses early in
the SMTP conversation, at the RCPT TO: stage, way before any hefty
DATA has been sent, and _mostimportantly *before* you have accepted
the mail_... This means that the mail is still the senders problem,
and it is the _sending MTA_ that need generate the NDNs/NDRs, not you.
Nice, eh?

> I think the better thing
> to do is to accept the mail and deep six it.

No! Why take responsibility for something that really *shouldn't be
your problem*?

> What I'd like to do is put
> an entry in spam.blacklist.rules and send it to the spam bucket.  Right
> now, low scoring spam is sent to a phony user
> (Alphonse_Spamdog@mydomain) on one of my gateways, and a MailWatch
> quarantine on the others.  So, if I put a line like this:
>
> To:     my_user[some regular expression here]@ci.juneau.ak.us
> yes
>
> in there, then any phony bounces or reverse NDR attack messages would
> land harmlessly in the dustbin, so to speak.  I wouldn't be resending
> them and they wouldn't clutter up my postmaster inbox.
>
> Anybody see any problems with that,
(snip)

More of a science project than handling it at the MTA, if you ask me;-).

Merry Xmas!
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Jeff.Mills at POCOLD.COM.AU  Thu Dec 22 00:43:09 2005
From: Jeff.Mills at POCOLD.COM.AU (Jeff Mills)
Date: Thu Jan 12 21:31:34 2006
Subject: Automated response per domain
Message-ID: <mailman.18205.1137101494.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Thanks for the responses guys.

> It should be possible to do at all three stages (PF, MS, and
> barfbag... eh Exchange). One "spiffy" thing you can do is to make a
> header check (in PF) that'd reject the messages with a nice
> "user@addr.ess has moved to user@newad.ress"... That way you'd need
> spend less effort/resources.

We would actually like the old domain to work for a while rather than rejecting mail, but still respond to the sender.
Further down the track when we do turn the old domain off though, your idea will work quite well.



*** "This company is now part of the Versacold Holdings Corp. and is no longer owned by or affiliated with the P&O Group" ***

************** www.versacold.com **************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Thu Dec 22 00:42:31 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:34 2006
Subject: Automated response per domain
Message-ID: <mailman.18206.1137101494.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 22/12/05, Kevin Miller <Kevin_Miller@ci.juneau.ak.us> wrote:
> Ugo Bellavance wrote:
> > Jeff Mills wrote:
> >> Hi all,
> >> we're in the process of changing domain names due to the company
> >> being sold.
> >> We would like to have an auto response sent to users who send mail
> >> to our old domain informing them of the change.
> >>
> >> I am running MailScanner version 4.45.4 and postfix, sending to an
> >> Exchange 2003 server.
> >>
> >> Does anyone know if this is possible at the MailScanner gateway, or
> >> in Exchange?
> >
> > What I do in this case is an answer in a SMTP response, leading to a
> > link explaining the change.
>
> But how do you set up the SMTP response?  In sendmail/Postfix, or
> Outlook, or?
>
> ...Kevin
Since it is Postfix, it is a simple header_check. It's pretty easy and
welldocumented how to do that in the example files that come with
postfix (in /etc/postfix/...:).
Don't have much of a clue about how to do it in sendmail though (....
anymore:-).

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Thu Dec 22 00:36:47 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:34 2006
Subject: Automated response per domain
Message-ID: <mailman.18207.1137101494.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 22/12/05, Jeff Mills <Jeff.Mills@pocold.com.au> wrote:
> Hi all,
> we're in the process of changing domain names due to the company being sold.
> We would like to have an auto response sent to users who send mail to our old domain informing them of the change.
>
> I am running MailScanner version 4.45.4 and postfix, sending to an Exchange 2003 server.
>
> Does anyone know if this is possible at the MailScanner gateway, or in Exchange?
>
> Cheers,
> Jeff
>
It should be possible to do at all three stages (PF, MS, and
barfbag... eh Exchange). One "spiffy" thing you can do is to make a
header check (in PF) that'd reject the messages with a nice
"user@addr.ess has moved to user@newad.ress"... That way you'd need
spend less effort/resources.

Downside is that the sender would receive an NDN with the nice reject
code/message "semi-hidden" in the usual gunk. You could probably test
this fairly easy by just rejecting one user (that you control) and try
sending to it from an external account... That way you'd get a good
feel for what'd look like. Shouldn't involve any downtime at all:-).
Another bad thing is that the NDN would be formatted according to how
the sending MTA does that kind of things. I think the term is "hidden
in technological gibberish":-).

ISTR Jules recently added some feature that could be used for this...
Not at a MS machine ATM though, so can't check.

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From test at NEXTMILL.NET  Thu Dec 22 03:08:47 2005
From: test at NEXTMILL.NET (Brian Lewis)
Date: Thu Jan 12 21:31:34 2006
Subject: spam.assassin.prefs.conf not being read - was Re: Problem with
    ALL_TRUSTED since 4.48
Message-ID: <mailman.18208.1137101494.24926.mailscanner@lists.mailscanner.info>

I'm having the exact same problem!!!
After upgrading to MailScanner 4.49.1, I find that although MailScanner is 
executing SpamAssassin 3.1.0, certain aspects of my SA 3.1.0 are not 
launching especially SNFILTER.  
spamassassin --lint -D
Works great, shows it executing SNFILTER properly
Yet I know its not executing via the MailScanner 4.49.1
Prevous Config was MailScanner 4.28 and it had no problem with SA 
3.1.0/SNFilter.

Any ideas?  File Permission somewhere?  
snfilter.pm/snfilter.cf as well as the /tmp/sniffertmp are all chmod 777

Any idea on how to make MailScanner launch the 'old way' yet use the new 
4.49.1 code?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From test at NEXTMILL.NET  Thu Dec 22 03:25:42 2005
From: test at NEXTMILL.NET (Brian Lewis)
Date: Thu Jan 12 21:31:34 2006
Subject: spam.assassin.prefs.conf not being read - was Re: Problem with
    ALL_TRUSTED since 4.48
Message-ID: <mailman.18209.1137101494.24926.mailscanner@lists.mailscanner.info>

I went ahead and renamed /usr/lib/MailScanner/MailScanner/SA.pm to 
SA.pm.disabled, then copied the MailScanner 4.28 SA.pm that works just 
fine, started MailScanner up and all is well again!  It properly reading 
all the SpamAssassin config files again (just like spamassassin --lint -D 
does) and thus is properly launching SNFilter again.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From fajarep at SIMPLIMOBILE.COM  Thu Dec 22 03:57:22 2005
From: fajarep at SIMPLIMOBILE.COM (Fajar)
Date: Thu Jan 12 21:31:34 2006
Subject: Best Way to test Spam Ability
Message-ID: <mailman.18210.1137101494.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Dear All,
 
I'm really want to stressful my mail server powered by mailscanner for
spam, is there a way to flood our mailserver with spam email?
 
Thanks
 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From ugob at CAMO-ROUTE.COM  Thu Dec 22 04:03:32 2005
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:31:34 2006
Subject: Automated response per domain
Message-ID: <mailman.18211.1137101494.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Kevin Miller wrote:
> Ugo Bellavance wrote:
>> Jeff Mills wrote:
>>> Hi all,
>>> we're in the process of changing domain names due to the company
>>> being sold. 
>>> We would like to have an auto response sent to users who send mail
>>> to our old domain informing them of the change. 
>>>
>>> I am running MailScanner version 4.45.4 and postfix, sending to an
>>> Exchange 2003 server. 
>>>
>>> Does anyone know if this is possible at the MailScanner gateway, or
>>> in Exchange? 
>> What I do in this case is an answer in a SMTP response, leading to a
>> link explaining the change.
> 
> But how do you set up the SMTP response?  In sendmail/Postfix, or
> Outlook, or?
> 
> ...Kevin

I usually use sendmail, so I put it in the access file.  Outlook has 
nothing to do in SMTP transaction when receiving.

-- 
Ugo

-> Please don't send a copy of your reply by e-mail.  I read the list.
-> Please avoid top-posting, long signatures and HTML, and cut the 
irrelevant parts in your replies.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ugob at CAMO-ROUTE.COM  Thu Dec 22 04:09:50 2005
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:31:34 2006
Subject: Automated response per domain
Message-ID: <mailman.18212.1137101494.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Glenn Steen wrote:
> On 22/12/05, Jeff Mills <Jeff.Mills@pocold.com.au> wrote:
>> Hi all,
>> we're in the process of changing domain names due to the company being sold.
>> We would like to have an auto response sent to users who send mail to our old domain informing them of the change.
>>
>> I am running MailScanner version 4.45.4 and postfix, sending to an Exchange 2003 server.
>>
>> Does anyone know if this is possible at the MailScanner gateway, or in Exchange?
>>
>> Cheers,
>> Jeff
>>
> It should be possible to do at all three stages (PF, MS, and
> barfbag... eh Exchange). One "spiffy" thing you can do is to make a
> header check (in PF) that'd reject the messages with a nice
> "user@addr.ess has moved to user@newad.ress"... That way you'd need
> spend less effort/resources.
> 
> Downside is that the sender would receive an NDN with the nice reject
> code/message "semi-hidden" in the usual gunk. You could probably test
> this fairly easy by just rejecting one user (that you control) and try
> sending to it from an external account... That way you'd get a good
> feel for what'd look like. Shouldn't involve any downtime at all:-).
> Another bad thing is that the NDN would be formatted according to how
> the sending MTA does that kind of things. I think the term is "hidden
> in technological gibberish":-).
> 
> ISTR Jules recently added some feature that could be used for this...
> Not at a MS machine ATM though, so can't check.

I think you are talking about the "Reject Message" setting.  However, 
messages get deleted as well with this setting.

> 
> --
> -- Glenn
> email: glenn < dot > steen < at > gmail < dot > com
> work: glenn < dot > steen < at > ap1 < dot > se
> 


-- 
Ugo

-> Please don't send a copy of your reply by e-mail.  I read the list.
-> Please avoid top-posting, long signatures and HTML, and cut the 
irrelevant parts in your replies.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From naolson at GMAIL.COM  Thu Dec 22 04:41:42 2005
From: naolson at GMAIL.COM (Nathan Olson)
Date: Thu Jan 12 21:31:34 2006
Subject: Best Way to test Spam Ability
Message-ID: <mailman.18213.1137101494.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 12/21/05, Fajar <fajarep@simplimobile.com> wrote:
>
> is there a way to flood our mailserver with spam email?

Put it into production ;)

Nate

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From drew at THEMARSHALLS.CO.UK  Thu Dec 22 09:01:25 2005
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:31:34 2006
Subject: Warning: recent vendor perl patch may harm
Message-ID: <mailman.18214.1137101494.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On Wed, December 21, 2005 21:56, BB wrote:
> I would be interested if anyone has upgraded to the latest ports with
> FreeBSD.

Yes, I've done it painlessly. The _1 bit clearly is the patched version (I
say clearly as I haven't confirmed this but I think this is a safe
assumption) so it doesn't change any version directories so you don't need
to rebuild any modules. The only gotcha you need to watch out for is
ensuring if you built Perl threaded in the original 5.8.7 make sure you
pass this option to portupgrade for 5.8.7_1 or else nothing will work or
build!

Having done this my MailScanner boxes are all still working fine (As you
can tell if you can read this :-) )

Drew


-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From drew at THEMARSHALLS.CO.UK  Thu Dec 22 09:19:32 2005
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:31:34 2006
Subject: Automated response per domain
Message-ID: <mailman.18215.1137101494.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On Thu, December 22, 2005 00:43, Jeff Mills wrote:
> Thanks for the responses guys.
>
>> It should be possible to do at all three stages (PF, MS, and
>> barfbag... eh Exchange). One "spiffy" thing you can do is to make a
header check (in PF) that'd reject the messages with a nice
>> "user@addr.ess has moved to user@newad.ress"... That way you'd need
spend less effort/resources.
>
> We would actually like the old domain to work for a while rather than
rejecting mail, but still respond to the sender.
> Further down the track when we do turn the old domain off though, your
idea will work quite well.

I'm always nervous about sending what amounts to bounces for this sort of
thing as spam, mailing lists, postmaster notices, other unknown people all
get the notifiction (Speak to Michelle Neylon about vacation messages to
mailing lists :-) ) but if you are under pressure to deliver this then you
could look at some thing like Reply-o-matic
http://sourceforge.net/projects/reply-o-matic which I have used will do
what you are looking for. Put this on your MailScanner gateway for the
short term.

Longer term if you want to advise people about this domain's change then
you can use the relocated_maps = feature as described in the man page
http://www.postfix.org/relocated.5.html and just set up a domain map which
will then reject mail with that response. As you say this is fairly err,
aggresive and would be something I used in the latter stages of advising
people.

Drew





-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From raymond at PROLOCATION.NET  Thu Dec 22 10:00:03 2005
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:31:34 2006
Subject: Best Way to test Spam Ability
Message-ID: <mailman.18216.1137101494.24926.mailscanner@lists.mailscanner.info>

Hi!

> I'm really want to stressful my mail server powered by mailscanner for 
> spam, is there a way to flood our mailserver with spam email?

Post in a few newsgroups. ...

Only problem, hard to stop afterwards ;)

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Chris.Boyd at USIT.IE  Thu Dec 22 10:18:00 2005
From: Chris.Boyd at USIT.IE (Chris Boyd)
Date: Thu Jan 12 21:31:34 2006
Subject: Not allowing filename
Message-ID: <mailman.18217.1137101494.24926.mailscanner@lists.mailscanner.info>

Sorry what line do I add to the top of it? 

>>> MailScanner@ECS.SOTON.AC.UK 12/21/05 3:29  >>>
-----BEGIN PGP SIGNED MESSAGE-----

Leave the filename.rules.conf file exactly where it is, just add our  
line to the top of it. No need to edit MailScanner.conf at all, it's  
all set right already.

On 21 Dec 2005, at 14:42, Chris Boyd wrote:

> I need to allow files with .qxd.pdf. I thought I did it right in  
> the rules but Mailscanner wont seem to pick up the changes.
> In Mailscanner.conf I have:
>
> # Rulesets directory containing your ".rules" files
> %rules-dir% = /etc/MailScanner/rules
>
> In filename.rules.conf I have:
>
> #Customized by Chris
> allow   \.qxd.pdf$              -       -
>
> I read that rules need to be in the rules directory and be  
> named .rules
> So i copied over filename.rules.conf to /etc/Mailscanner/rules/ 
> filename.rules, and it still doesn't pick up the changes.
> Here's the message from blocked extension
>
> t Tue Dec 20 17:06:30 2005 the virus scanner said:
>    MailScanner: Attempt to hide real filename extension (.qxd.pdf)
>
>
>
>
> -----------------------------------------------------------------
> This email message is intended only for the addressee(s)
> and contains information that may be confidential and/or
> copyrighted.  If you are not the intended recipient please
> notify the sender by reply email and immediately delete
> this email. Use, disclosure or reproduction of this email
> by anyone other than the intended recipient(s) is strictly
> prohibited. USIT has scanned this email for viruses and
> dangerous content and believes it to be clean. However,
> virus scanning is ultimately the responsibility of the recipient.
> -----------------------------------------------------------------
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!

- -- 
Julian Field
www.MailScanner.info 
Buy the MailScanner book at www.MailScanner.info/store 
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBQ6l0y/w32o+k+q+hAQHvqAf/RHQGrmNpWYFw4dTltoqDmMyGy+lxbXZJ
lAIz/R0F38HAwR0H05+ofQ7732rnqGvjvD7pS8yfbnKJh+RDnA9WO7dB/0/GjD3u
knlww40vBiG3SaIxFpX9hxnFisc2RTgbSnjngqxTQ3ASNjWY48AlVb2TvF37pAF/
vTcz+m3XcJAT/4eUjsWdAmK7fdIPos26JbMVVFIA/GIsG5wa5nDQCKzEQIA4CzVu
cWB/0Ca24hNhUE6X2r1z/tSv2yR2LkiGtpKMemrInCZ8+ZF9BJFIQoArPRediNlo
yAbhkavsjmB07Mak6A3UHoiIf1GkNLy82GxZ577henJ6PThBC2E1Aw==
=REWN
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


-----------------------------------------------------------------
This email message is intended only for the addressee(s) 
and contains information that may be confidential and/or 
copyrighted.  If you are not the intended recipient please 
notify the sender by reply email and immediately delete 
this email. Use, disclosure or reproduction of this email 
by anyone other than the intended recipient(s) is strictly 
prohibited. USIT has scanned this email for viruses and 
dangerous content and believes it to be clean. However, 
virus scanning is ultimately the responsibility of the recipient.
-----------------------------------------------------------------

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From kevind at GO2.IE  Thu Dec 22 11:42:32 2005
From: kevind at GO2.IE (Kevin Dermody)
Date: Thu Jan 12 21:31:34 2006
Subject: Mailscanner.conf 4.46.2-3
Message-ID: <mailman.18218.1137101494.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi all,

Hopefully someone is awake now who has a copy of the default config file 
for version 4.46.2-3 (Debian/Ununtu).

If so, could you please send it my way.

Thanks,

Kevin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From kevind at GO2.IE  Thu Dec 22 12:44:18 2005
From: kevind at GO2.IE (Kevin Dermody)
Date: Thu Jan 12 21:31:34 2006
Subject: Mailscanner.conf 4.46.2-3
Message-ID: <mailman.18219.1137101494.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Actually sorry, forget this, I got a copy from installing on another 
machine.

Kevin Dermody wrote:
> Hi all,
> 
> Hopefully someone is awake now who has a copy of the default config file 
> for version 4.46.2-3 (Debian/Ununtu).
> 
> If so, could you please send it my way.
> 
> Thanks,
> 
> Kevin
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Denis.Beauchemin at USHERBROOKE.CA  Thu Dec 22 14:23:31 2005
From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin)
Date: Thu Jan 12 21:31:34 2006
Subject: Warning: recent vendor perl patch may harm MailScanner
Message-ID: <mailman.18220.1137101494.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Kai Schaetzl wrote:

>SuSE has issued a perl patch on Dec. 19 for all its supported platforms 
>which may cause you problems with MailScanner, be careful! It's the fix
>SPRINTF0 - fixes for sprintf formatting issues - CVE-2005-3962
>Other vendors will probably push this important patch as well.
>
>Problems may only occur if you used CPAN to install some modules required 
>by MailScanner.
>
>But I'm not convinced that it only affects those. Reason: That patch seems 
>to either overwrite MIME::Base64 with the version current when the OS 
>version was released (in this case 2.20) or write this information to some 
>housekeeping file belonging to Perl. This clash could occur with 
>rpm-installed MIME::Base64 as well.
>
>Symptoms: MailScanner dies with
>MIME::Base64 object version 2.20 does not match bootstrap parameter 3.05 
>at /usr/lib/perl5/5.8.1/i586-linux-thread-multi/DynaLoader.pm line 249. 
>Compilation failed in require at /usr/sbin/MailScanner line 55. 
>BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 59.
>
>You get the same error when opening the CPAN shell and just doing 
>"i MIME::Base64" (LWP failed with code[500] message[MIME::Base64 object 
>version 2.20 does not match bootstrap parameter 3.05]). It also says 
>"strange package name" or so. I tried upgrading (via CPAN) to version 3.07 
>(current) of MIME::Base64 and when this didn't help installing all perl 
>rpms coming with the MailScanner tar.gz. Nothing helped, even worse this 
>made MailScanner grab memory ad infinitum. And Spamassassin make test as 
>well. Only the abovementioned trick helped. Perl says now that the version 
>of MIME::Base64 installed is 2.20 on the machine with a working (!) 
>MailScanner and 3.0.5 on a machine where MailScanner doesn't work and 
>where I did nothing to fix the problem.
>
>Going back to the last Perl patch version is obviously not recommended 
>since the fixed problem is a serious one. This problem may indeed only 
>occur under circumstances, but better beware!
>
>Julian, any thoughts on the nature of the problem and how to solve it and 
>keep the patch?
>
>
>
>
>
>Kai
>
>  
>
Upgraded Perl on RHEL 3 and 4 servers yesterday running MS 4.47.4 and 
4.46.2 without any problem.  All is fine.  No error messages either.  
All Perl modules bundled with MS were installed by MS (not CPAN).  
MailScanner -v says:
3.05    MIME::Base64

I guess Red Hat did it better than SuSE...

Happy holidays to everybody!  I hope everyone will be able to forget 
about the mail servers for at least a couple of days...  that includes 
you, Julian... you deserve it!!!

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From itdept at REDRED.COM  Thu Dec 22 14:32:21 2005
From: itdept at REDRED.COM (RedRed!com IT Department)
Date: Thu Jan 12 21:31:34 2006
Subject: Best Way to test Spam Ability
Message-ID: <mailman.18221.1137101494.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

What Nate said. It might take a week or so for spammers to realize it's 
there, but once they do, watch out.

Sean

Nathan Olson wrote:
> On 12/21/05, Fajar <fajarep@simplimobile.com> wrote:
> 
>>is there a way to flood our mailserver with spam email?
> 
> 
> Put it into production ;)
> 
> Nate
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Kevin_Miller at CI.JUNEAU.AK.US  Thu Dec 22 16:10:47 2005
From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller)
Date: Thu Jan 12 21:31:34 2006
Subject: Automated response per domain
Message-ID: <mailman.18222.1137101494.24926.mailscanner@lists.mailscanner.info>

Ugo Bellavance wrote:
> 
> I usually use sendmail, so I put it in the access file.  Outlook has
> nothing to do in SMTP transaction when receiving.

I know that, but was just looking at options.  A user could auto-reply
using a rule for inbound mail, sort of like "out of office" replies.
Whether or not the OP would want to go that route is a different
question, but it's nice to look at all the options and pick the one that
sucks least...


...Kevin
-- 
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Kevin_Miller at CI.JUNEAU.AK.US  Thu Dec 22 16:21:39 2005
From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller)
Date: Thu Jan 12 21:31:34 2006
Subject: Joe Jobbed, etc.
Message-ID: <mailman.18223.1137101494.24926.mailscanner@lists.mailscanner.info>

Glenn Steen wrote:
>> I'm not sure if I'm the victim of a joe job, or reverse NDR, but in
>> thinking about it, milter-ahead won't solve the greater problem
>> anyway. Right now, my Exchange box is replying to the NDRs. 
>> Milter-ahead would just cause my MS gateway to do that instead.
> 
> Um, no.... The thing is it'll reject the erroneous addresses early in
> the SMTP conversation, at the RCPT TO: stage, way before any hefty
> DATA has been sent, and _mostimportantly *before* you have accepted
> the mail_... This means that the mail is still the senders problem,
> and it is the _sending MTA_ that need generate the NDNs/NDRs, not you.
> Nice, eh?

Ah, you're right.  Sometimes one loses site of the forest for the trees.

 
>> I think the better thing
>> to do is to accept the mail and deep six it.
> 
> No! Why take responsibility for something that really *shouldn't be
> your problem*?

Well, spam/viruses *shouldn't* be any of our problem and if they brought
back public tar and feathering it wouldn't be <g>.  But it is.  So I'm
just looking for the easiest way to ride out this storm.


>> Anybody see any problems with that,
> (snip)
> 
> More of a science project than handling it at the MTA, if you ask
> me;-). 

Not really - a one line entry in spam.blacklist.rules is pretty simple,
and would solve the immeditate problem until I can get milter-ahead or
some other more robust solution implemented.  Not as optimal as doing it
at the MTA perhaps, but definitely a testimony to the flexibilty of
MailScanner!  Syncing active directory and sendmail is certainly doable
but it's not a five minute job.

Question is, would the example I gave work, and if not, what would?
 
> Merry Xmas!

Thanks, you too.  And a spam-free New Year...

...Kevin
-- 
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From test at NEXTMILL.NET  Thu Dec 22 16:25:34 2005
From: test at NEXTMILL.NET (Brian Lewis)
Date: Thu Jan 12 21:31:34 2006
Subject: spam.assassin.prefs.conf not being read - was Re: Problem with
    ALL_TRUSTED since 4.48
Message-ID: <mailman.18224.1137101494.24926.mailscanner@lists.mailscanner.info>

Ok after further testing on another server I find that using a different 
SA.pm doesn't fix the issue.  The only 'work around' I have found is to 
place a copy of all the .cf files into /usr/etc/mail/spamassassin that I 
already have in /etc/mail/spamassassin.
Basically spamassassin properly uses /etc/mail/spamassassin when launched 
command line or from web php test, but if MailScanner 4.49.4-1 calls up 
SpamAssassin, it will not load the cf files from /etc/mail/spamassassin
Thus my 'snfilter.cf' that exists in that folder isn't included in the 
Mailscanner called upon SA.

Hopefully we could fix this in future versions so that the .cf files that 
already exist in /etc/mail/spamassassin are included.  Or at least 
document that we must move those files into /usr/etc/mail/spamassassin if 
thats the perl site dir for SA which it is in my case.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From test at NEXTMILL.NET  Thu Dec 22 16:26:41 2005
From: test at NEXTMILL.NET (Brian Lewis)
Date: Thu Jan 12 21:31:34 2006
Subject: spam.assassin.prefs.conf not being read - was Re: Problem with
    ALL_TRUSTED since 4.48
Message-ID: <mailman.18225.1137101494.24926.mailscanner@lists.mailscanner.info>

Btw, this is only an issue with SA 3.1.0, the SA 3.0.0 works just fine 
with its default configuration. So I am guessing something in the SA 3.1.0 
compilation is changing the site dir default from /etc/mail/spamassassin 
to /usr/etc/mail/spamassassin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From campbell at CNPAPERS.COM  Thu Dec 22 16:56:02 2005
From: campbell at CNPAPERS.COM (Steve Campbell)
Date: Thu Jan 12 21:31:34 2006
Subject: Non-ending processes
Message-ID: <mailman.18226.1137101494.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I run 3 MS boxes, Two are quite busy and the 3rd is a little less than so.

I am running Tao Linux 1.0. Whenever I stop MailScanner (using the init 
script) on the two busy boxes, I invariably have to kill a ton of sendmail 
processes. Most of them are reading data. The MS version is old, but not 
ancient and this has always been the case. This means I can't do a 'start' 
until this is done due to the port 25 being bound already.

I have waited for these processes to finish normally, but they never seem to 
complete. Has there ever been this type of problem with MS or could 
something else be amiss? I was under the impression that stopping MS was 
supposed to kill the parent sendmail process and, in the same vein, start 
stopping the children.

Any suggestions please?

And a very Merry Christmas to all who see this!

Steve Campbell
campbell@cnpapers.com
Charleston Newspapers

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From eaperezh at GMAIL.COM  Thu Dec 22 17:03:44 2005
From: eaperezh at GMAIL.COM (Erick Perez)
Date: Thu Jan 12 21:31:34 2006
Subject: smart host postifx and MS
Message-ID: <mailman.18227.1137101494.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

If I setup my postfix box to be a smart host for another machine with
another domain, can I tell MS *not* to do filtering at all?

--

-------------------------------------------
Erick Perez
Linux User 376588
http://counter.li.org/  (Get counted!!!)
Panama, Republic of Panama

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From drew at THEMARSHALLS.CO.UK  Thu Dec 22 17:43:21 2005
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:31:34 2006
Subject: smart host postifx and MS
Message-ID: <mailman.18228.1137101494.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On Thu, December 22, 2005 17:03, Erick Perez wrote:
> If I setup my postfix box to be a smart host for another machine with
> another domain, can I tell MS *not* to do filtering at all?

In the standard set up, sort of. You can create a MailScanner rule to not
scan for the domain but the mail will still go through the process of
being held, batched and sent on by MailScanner.

If you want to totally avoid MailScanner altogether and just let Postfix
relay the mail, then I woud set up another SMTP interface on another port
and smart host through that (And indeed you can be far cleaver about
stopping Postfix doing RBL look ups, strict RFC envelopes etc, etc). Don't
forget to not allow anthing else to relay through this though or else all
your MailScanner hardwork will count for nowt.

Drew


-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jwilliams at COURTESYMORTGAGE.COM  Thu Dec 22 17:48:18 2005
From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams)
Date: Thu Jan 12 21:31:34 2006
Subject: Best Way to test Spam Ability
Message-ID: <mailman.18229.1137101494.24926.mailscanner@lists.mailscanner.info>

>>On 12/21/05, Fajar <fajarep@simplimobile.com> wrote:
>>
>> is there a way to flood our mailserver with spam email?
>
>Put it into production ;)
>
>Nate


ROFLMAO!

That completely struck me funny. I'm still laughing. :)

-Jason


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Kevin_Miller at CI.JUNEAU.AK.US  Thu Dec 22 19:21:29 2005
From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller)
Date: Thu Jan 12 21:31:34 2006
Subject: Joe Jobbed, etc.
Message-ID: <mailman.18230.1137101494.24926.mailscanner@lists.mailscanner.info>

Kevin Miller wrote:
> Question is, would the example I gave work, and if not, what would?

OK, a quick followup to my own message, hoping that it will be of
benefit to others down the line.

I implemented the following in spam.blacklist.rules:

  To:	spam_target[a-z][a-z][a-z][a-z]@ci.juneau.ak.us	yes

and it does indeed work.  Mail to spam_target@... gets through, mail to
the altered, almost valid address is blacklisted and dumped in the
MailWatch quarantine directory.  Not elegant perhaps, but it'll tarpit
the spam between now and when I can get milter-ahead set up.

One thing I noticed however, is that a /etc/init.d/MailScanner reload
didn't reread the rules - apparently just the .conf file so I had to do
a restart.  No biggie really, but I'll throw it out as a feature request
anyway.  

Another feature that would be handy, at least in this case, would be a
high scoring blacklist where instead of tagging the mail as spam, it
tags it as high scoring spam.  Don't know how many others would make use
of that but it might be something others could use.  Perhaps rather than
a separate file, it would be possible to just add a fourth column in the
existing file:

To/From	target	'spam y/n'	'HS spam y/n'

Once again, thanks much Julian, for making MailScanner so incredibly
flexible!

...Kevin
-- 
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ajos1 at onion.demon.co.uk  Thu Dec 22 19:37:43 2005
From: ajos1 at onion.demon.co.uk (Dj Ajos1)
Date: Thu Jan 12 21:31:34 2006
Subject: Clam Win Virus Checker
Message-ID: <mailman.18231.1137101494.24926.mailscanner@lists.mailscanner.info>

-

Just a quick question...

Is the  "Clam Win Virus Checker" any good or not?

I have never used it before and just wondering how successful it is?

==
=====================================================================
=
= "A committee of one... gets things done."
= "Are you suffering from Library rage?"
= "It is always sunny in my life..." - Ajos1
= "Whereabouts is the black market?"  - Youngster, 30th November 2005
= "To be second is to be last..."
=
=  Need help dealing with Parking Tickets, Bailiffs, Capita or NTL...
=  Call...    +44 8457 90 90 90    http://www.samaritans.org/
=
=====================================================================

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From campbell at CNPAPERS.COM  Thu Dec 22 19:42:12 2005
From: campbell at CNPAPERS.COM (Steve Campbell)
Date: Thu Jan 12 21:31:34 2006
Subject: Joe Jobbed, etc.
Message-ID: <mailman.18232.1137101494.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Kevin,

----- Original Message ----- 
From: "Kevin Miller" <Kevin_Miller@CI.JUNEAU.AK.US>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Thursday, December 22, 2005 2:21 PM
Subject: Re: Joe Jobbed, etc.


> Kevin Miller wrote:
>> Question is, would the example I gave work, and if not, what would?
>
> OK, a quick followup to my own message, hoping that it will be of
> benefit to others down the line.
>
> I implemented the following in spam.blacklist.rules:
>
>  To: spam_target[a-z][a-z][a-z][a-z]@ci.juneau.ak.us yes
>
> and it does indeed work.  Mail to spam_target@... gets through, mail to
> the altered, almost valid address is blacklisted and dumped in the
> MailWatch quarantine directory.  Not elegant perhaps, but it'll tarpit
> the spam between now and when I can get milter-ahead set up.
>
> One thing I noticed however, is that a /etc/init.d/MailScanner reload
> didn't reread the rules - apparently just the .conf file so I had to do
> a restart.  No biggie really, but I'll throw it out as a feature request
> anyway.
>
> Another feature that would be handy, at least in this case, would be a
> high scoring blacklist where instead of tagging the mail as spam, it
> tags it as high scoring spam.  Don't know how many others would make use
> of that but it might be something others could use.  Perhaps rather than
> a separate file, it would be possible to just add a fourth column in the
> existing file:

How do you use your blacklist? I use it to delete emails only. I only put 
entries in my blacklist that are positively for deletion. Unless I don't 
understand all of the uses for the blacklist file, I feel another parameter 
for configuration in not needed.


>
> To/From target 'spam y/n' 'HS spam y/n'
>
> Once again, thanks much Julian, for making MailScanner so incredibly
> flexible!
>
> ...Kevin
> -- 
> Kevin Miller                Registered Linux User No: 307357
> CBJ MIS Dept.               Network Systems Admin., Mail Admin.
> 155 South Seward Street     ph: (907) 586-0242
> Juneau, Alaska 99801        fax: (907 586-4500
>

Just my pennies jingling, though.

Steve Campbell
campbell@cnpapers.com
Charleston Newspapers

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mkettler at EVI-INC.COM  Thu Dec 22 19:47:27 2005
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:31:34 2006
Subject: Clam Win Virus Checker
Message-ID: <mailman.18233.1137101494.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Dj Ajos1 wrote:
> -
> 
> Just a quick question...
> 
> Is the  "Clam Win Virus Checker" any good or not?
> 
> I have never used it before and just wondering how successful it is?

It works pretty well, every bit as well as clamav for *nix.

However, one thing to be aware of is that clamwin does not at this time do any
realtime monitoring. It's on-demand scanning only. Realtime file access
monitoring is being developed, but isn't completed yet.

Clamwin does come with an OE plugin to get outlook to scan your mail with clamwin.

There is also a plugin to firefox (via mozilla.org, doesn't come with clamav) to
make it use clamwin on all downloaded files.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dhawal at NETMAGICSOLUTIONS.COM  Thu Dec 22 20:06:35 2005
From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy)
Date: Thu Jan 12 21:31:34 2006
Subject: Clam Win Virus Checker
Message-ID: <mailman.18234.1137101494.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "utf-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Matt Kettler writes: 

> Dj Ajos1 wrote:
>> - 
>> 
>> Just a quick question... 
>> 
>> Is the  "Clam Win Virus Checker" any good or not? 
>> 
>> I have never used it before and just wondering how successful it is?
> 
> It works pretty well, every bit as well as clamav for *nix. 
> 
> However, one thing to be aware of is that clamwin does not at this time do any
> realtime monitoring. It's on-demand scanning only. Realtime file access
> monitoring is being developed, but isn't completed yet. 
> 
> Clamwin does come with an OE plugin to get outlook to scan your mail with clamwin. 
> 
> There is also a plugin to firefox (via mozilla.org, doesn't come with clamav) to
> make it use clamwin on all downloaded files.

I'd vouch for it.. except for a slight nag with database updates. (though 
the problem could be mine and mine alone) 

ERROR: Can't query current.cvd.clamav.net
WARNING: Invalid DNS reply. Falling back to HTTP mode. 

 - dhawal

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mkettler at EVI-INC.COM  Thu Dec 22 20:03:49 2005
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:31:34 2006
Subject: Clam Win Virus Checker
Message-ID: <mailman.18235.1137101494.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "UTF-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Dhawal Doshy wrote:
> I'd vouch for it.. except for a slight nag with database updates.
> (though the problem could be mine and mine alone)
> ERROR: Can't query current.cvd.clamav.net
> WARNING: Invalid DNS reply. Falling back to HTTP mode.
> - dhawal

I've never had a copy of clamwin do that, so it's probably just you.. makes me
wonder if the DNS server at your site is working correctly.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Kevin_Miller at CI.JUNEAU.AK.US  Thu Dec 22 20:20:29 2005
From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller)
Date: Thu Jan 12 21:31:34 2006
Subject: Joe Jobbed, etc.
Message-ID: <mailman.18236.1137101494.24926.mailscanner@lists.mailscanner.info>

Steve Campbell wrote:
> Kevin,
> 
> How do you use your blacklist? I use it to delete emails only. I only
> put entries in my blacklist that are positively for deletion. Unless
> I don't understand all of the uses for the blacklist file, I feel
> another parameter for configuration in not needed.

Low scoring spam is quarantined for 30 days then deleted by a cron job.
That way I can easily recover from a false positive.  High scoring spam
is instantly vaporized with glee.

For me, the spam.blacklist.rules tags the messages as spam, not high
scoring spam, so they're stored in the quarantine directory.  In this
case, I *know* they're spam and would be happy to delete them, but I
don't want to delete *all* spam.

I could change 'Definite Spam is High Scoring' to yes, but the advantage
of leaving it at no is it provides a safety net which I needed in this
case as I wanted to make sure that *no* legitimate mail is lost and my
regex skills aren't sufficient to do that right out of the starting
gate.

Having the option to change the score on a case by case basis would be
handy, but maybe not handy enough for Julian to go the trouble.  If it's
not worthwhile for more than just me then that's fine - I'm
accomplishing my immediate goal w/the current setup...

...Kevin
-- 
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dhawal at NETMAGICSOLUTIONS.COM  Thu Dec 22 20:52:09 2005
From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy)
Date: Thu Jan 12 21:31:34 2006
Subject: Clam Win Virus Checker
Message-ID: <mailman.18237.1137101494.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "utf-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Matt Kettler writes: 

> Dhawal Doshy wrote:
>> I'd vouch for it.. except for a slight nag with database updates.
>> (though the problem could be mine and mine alone)
>> ERROR: Can't query current.cvd.clamav.net
>> WARNING: Invalid DNS reply. Falling back to HTTP mode.
>> - dhawal
> 
> I've never had a copy of clamwin do that, so it's probably just you.. makes me
> wonder if the DNS server at your site is working correctly.

The dsl modem (and my caching nameserver) at home doesn't resolve TXT 
records, which is something i just discovered.. so a "dig @192.168.1.1 
current.cvd.clamav.net TXT" fails though "dig @ns1.clamav.net.." works, thus 
leading to the fallback http.. thanks for making me think. 

Time for more work, sigh. 

 - dhawal

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From cstone at AXINT.NET  Thu Dec 22 20:45:18 2005
From: cstone at AXINT.NET (Chris Stone)
Date: Thu Jan 12 21:31:34 2006
Subject: Best Way to test Spam Ability
Message-ID: <mailman.18238.1137101494.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On Thursday 22 December 2005 03:00 am, Raymond Dijkxhoorn wrote:
> > I'm really want to stressful my mail server powered by mailscanner for
> > spam, is there a way to flood our mailserver with spam email?
>
> Post in a few newsgroups. ...

Or,

1) Sign up a couple of trap addresses to some porn-by-email lists - easy to 
locate the web sign-up pages by Goggling, etc.

2) Put some trap addresses in some of your more active web pages as comments.

Either of the above are guaranteed to get your addresses listed on numerous 
spammers lists in short order....

Again, impossible to then stop the flood - the addresses will be toast from 
then on - but hey, if you have good filtering, then it's not an issue!  ;-)


Chris

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, Application/PGP-SIGNATURE  196bytes. ]
    [ Unable to print this part. ]


From campbell at CNPAPERS.COM  Thu Dec 22 21:14:11 2005
From: campbell at CNPAPERS.COM (Steve Campbell)
Date: Thu Jan 12 21:31:34 2006
Subject: Joe Jobbed, etc.
Message-ID: <mailman.18239.1137101494.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Kevin,

Let me explain a little better what I meant.

With the options you have now:

Is Definitely Spam =
Definite Spam Is High Scoring =

both can be a filename of a ruleset.

You can then list, by name, domain or whatever, and specify the combination 
you desire for that name, domain, etc.

The flexibility to do what you want, I believe, is already there.

Just point the first to your blacklist file.

Add entries to another file specified in the second parameter above such as:

From:    *@domain.com    yes
From:    *@domain2.com    no
Default:    yes

All entries in your "Is Definitely Spam" file will be Spam
Any entry in your "Definite Spam Is High Scoring =" file with a 'yes' will 
be high spam.

I think this will work this way.

Steve Campbell
campbell@cnpapers.com
Charleston Newspapers




----- Original Message ----- 
From: "Kevin Miller" <Kevin_Miller@CI.JUNEAU.AK.US>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Thursday, December 22, 2005 2:21 PM
Subject: Re: Joe Jobbed, etc.


> Kevin Miller wrote:
>> Question is, would the example I gave work, and if not, what would?
>
> OK, a quick followup to my own message, hoping that it will be of
> benefit to others down the line.
>
> I implemented the following in spam.blacklist.rules:
>
>  To: spam_target[a-z][a-z][a-z][a-z]@ci.juneau.ak.us yes
>
> and it does indeed work.  Mail to spam_target@... gets through, mail to
> the altered, almost valid address is blacklisted and dumped in the
> MailWatch quarantine directory.  Not elegant perhaps, but it'll tarpit
> the spam between now and when I can get milter-ahead set up.
>
> One thing I noticed however, is that a /etc/init.d/MailScanner reload
> didn't reread the rules - apparently just the .conf file so I had to do
> a restart.  No biggie really, but I'll throw it out as a feature request
> anyway.
>
> Another feature that would be handy, at least in this case, would be a
> high scoring blacklist where instead of tagging the mail as spam, it
> tags it as high scoring spam.  Don't know how many others would make use
> of that but it might be something others could use.  Perhaps rather than
> a separate file, it would be possible to just add a fourth column in the
> existing file:
>
> To/From target 'spam y/n' 'HS spam y/n'
>
> Once again, thanks much Julian, for making MailScanner so incredibly
> flexible!
>
> ...Kevin
> -- 
> Kevin Miller                Registered Linux User No: 307357
> CBJ MIS Dept.               Network Systems Admin., Mail Admin.
> 155 South Seward Street     ph: (907) 586-0242
> Juneau, Alaska 99801        fax: (907 586-4500
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Kevin_Miller at CI.JUNEAU.AK.US  Thu Dec 22 21:21:20 2005
From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller)
Date: Thu Jan 12 21:31:34 2006
Subject: Joe Jobbed, etc.
Message-ID: <mailman.18240.1137101494.24926.mailscanner@lists.mailscanner.info>

Steve Campbell wrote:
> Kevin,
> 
> Let me explain a little better what I meant.
> 
> With the options you have now:
> 
> Is Definitely Spam =
> Definite Spam Is High Scoring =
> 
> both can be a filename of a ruleset.
> 
> You can then list, by name, domain or whatever, and specify the
> combination you desire for that name, domain, etc.
> 
> The flexibility to do what you want, I believe, is already there.
> 
> Just point the first to your blacklist file.
> 
> Add entries to another file specified in the second parameter above
> such as: 
> 
> From:    *@domain.com    yes
> From:    *@domain2.com    no
> Default:    yes
> 
> All entries in your "Is Definitely Spam" file will be Spam
> Any entry in your "Definite Spam Is High Scoring =" file with a 'yes'
> will be high spam.
> 
> I think this will work this way.
> 
> Steve Campbell
> campbell@cnpapers.com
> Charleston Newspapers

Doh!  Absolutely right.  See, I told you MailScanner was extremely
flexible! ;-)

Thanks for the reality check.  Sometimes we (I?) get locked into
thinking about a solution based on what I've already got running,
forgetting that it's extensible.

...Kevin
-- 
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From campbell at CNPAPERS.COM  Thu Dec 22 21:31:35 2005
From: campbell at CNPAPERS.COM (Steve Campbell)
Date: Thu Jan 12 21:31:34 2006
Subject: Joe Jobbed, etc.
Message-ID: <mailman.18241.1137101494.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Kevin,

Better check my answers before you rely on them. I always get confused about 
what and where you can use a filename (sometimes within a file). I'm sure 
someone will correct me if my answers are not proper.

Merry Christmas

Steve Campbell
campbell@cnpapers.com
Charleston Newspapers

----- Original Message ----- 
From: "Kevin Miller" <Kevin_Miller@CI.JUNEAU.AK.US>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Thursday, December 22, 2005 4:21 PM
Subject: Re: Joe Jobbed, etc.


> Steve Campbell wrote:
>> Kevin,
>>
>> Let me explain a little better what I meant.
>>
>> With the options you have now:
>>
>> Is Definitely Spam =
>> Definite Spam Is High Scoring =
>>
>> both can be a filename of a ruleset.
>>
>> You can then list, by name, domain or whatever, and specify the
>> combination you desire for that name, domain, etc.
>>
>> The flexibility to do what you want, I believe, is already there.
>>
>> Just point the first to your blacklist file.
>>
>> Add entries to another file specified in the second parameter above
>> such as:
>>
>> From:    *@domain.com    yes
>> From:    *@domain2.com    no
>> Default:    yes
>>
>> All entries in your "Is Definitely Spam" file will be Spam
>> Any entry in your "Definite Spam Is High Scoring =" file with a 'yes'
>> will be high spam.
>>
>> I think this will work this way.
>>
>> Steve Campbell
>> campbell@cnpapers.com
>> Charleston Newspapers
>
> Doh!  Absolutely right.  See, I told you MailScanner was extremely
> flexible! ;-)
>
> Thanks for the reality check.  Sometimes we (I?) get locked into
> thinking about a solution based on what I've already got running,
> forgetting that it's extensible.
>
> ...Kevin
> -- 
> Kevin Miller                Registered Linux User No: 307357
> CBJ MIS Dept.               Network Systems Admin., Mail Admin.
> 155 South Seward Street     ph: (907) 586-0242
> Juneau, Alaska 99801        fax: (907 586-4500
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Kevin_Miller at CI.JUNEAU.AK.US  Thu Dec 22 21:35:38 2005
From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller)
Date: Thu Jan 12 21:31:34 2006
Subject: Joe Jobbed, etc.
Message-ID: <mailman.18242.1137101494.24926.mailscanner@lists.mailscanner.info>

Steve Campbell wrote:
> Kevin,
> 
> Better check my answers before you rely on them. I always get
> confused about what and where you can use a filename (sometimes
> within a file). I'm sure someone will correct me if my answers are
> not proper. 
> 
> Merry Christmas

Glad I'm not the only one!  I'm sure it's in the comments in
MailScanner.conf so when I roll it I'll double check.  I want to leave
it as is for a few days anyway, just to make sure.

Thanks again...

...Kevin
-- 
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Thu Dec 22 22:41:46 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:34 2006
Subject: spam.assassin.prefs.conf not being read - was Problem with
    ALL_TRUSTED since 4.48
Message-ID: <mailman.18243.1137101494.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Brian Lewis wrote on         Thu, 22 Dec 2005 16:25:34 +0000:

> Or at least 
> document that we must move those files into /usr/etc/mail/spamassassin if 
> thats the perl site dir for SA which it is in my case.

There is nothing to document. Why do you have any files in 
/usr/etc/mail/spamassasin, that's the question! They do not belong there!

> So I am guessing something in the SA 3.1.0 
> compilation is changing the site dir default from /etc/mail/spamassassin 
> to /usr/etc/mail/spamassassin

Not by default!

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Thu Dec 22 22:41:48 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:34 2006
Subject: Non-ending processes
Message-ID: <mailman.18244.1137101494.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Steve Campbell wrote on         Thu, 22 Dec 2005 11:56:02 -0500:

> I have waited for these processes to finish normally, but they never seem to 
> complete.

This is not an MS problem. I speculate that you do not any or just a bit of 
rejection at MTA level? It's quite common that spamming machines do not work 
correctly and have all sorts of problems with starting up an SMTP connection. 
If you are hit by this the best way to cope with it is to issue a killall 
sendmail before you restart ms/sendmail. If you use strict measures who you 
allow to send mail to you you can reduce this very much, although not to zero.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From campbell at CNPAPERS.COM  Thu Dec 22 23:22:39 2005
From: campbell at CNPAPERS.COM (Steve Campbell)
Date: Thu Jan 12 21:31:34 2006
Subject: Non-ending processes
Message-ID: <mailman.18245.1137101494.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Quoting Kai Schaetzl <maillists@CONACTIVE.COM>:

> Steve Campbell wrote on         Thu, 22 Dec 2005 11:56:02 -0500:
> 
> > I have waited for these processes to finish normally, but they never seem
> to 
> > complete.
> 
> This is not an MS problem. I speculate that you do not any or just a bit of 
> rejection at MTA level? It's quite common that spamming machines do not work
> 
> correctly and have all sorts of problems with starting up an SMTP connection.
> 
> If you are hit by this the best way to cope with it is to issue a killall 
> sendmail before you restart ms/sendmail. If you use strict measures who you 
> allow to send mail to you you can reduce this very much, although not to
> zero.
> 
> Kai
> 
> -- 
> Kai Schätzl, Berlin, Germany
> Get your web at Conactive Internet Services: http://www.conactive.com
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 


Kai,

Thanks,

I kinda figured there were bad things happening with sendmail due to the low
process numbers and the "Data Read" part of the ps listing. I just thought
sendmail was supposed to do the killall. Guess not.

I block as much as I can determine should be truly blocked, but mostly at our
firewall. This leaves a lot to be desired as the MTA could probably do a little
more generic testing than just by IPs. 

I haven't put any milters on, and a lot of the sendmail parameters don't seem to
apply to a lot of overall crap, but I guess a little here, a little there would,
 add up.

I will try the killall the next time and see how that goes.

Thanks again.

Steve

-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Thu Dec 22 23:45:40 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:34 2006
Subject: spam.assassin.prefs.conf not being read - was Re: Problem with
    ALL_TRUSTED since 4.48
Message-ID: <mailman.18246.1137101494.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Brian Lewis spake the following on 12/22/2005 8:25 AM:
> Ok after further testing on another server I find that using a different 
> SA.pm doesn't fix the issue.  The only 'work around' I have found is to 
> place a copy of all the .cf files into /usr/etc/mail/spamassassin that I 
> already have in /etc/mail/spamassassin.
> Basically spamassassin properly uses /etc/mail/spamassassin when launched 
> command line or from web php test, but if MailScanner 4.49.4-1 calls up 
> SpamAssassin, it will not load the cf files from /etc/mail/spamassassin
> Thus my 'snfilter.cf' that exists in that folder isn't included in the 
> Mailscanner called upon SA.
> 
> Hopefully we could fix this in future versions so that the .cf files that 
> already exist in /etc/mail/spamassassin are included.  Or at least 
> document that we must move those files into /usr/etc/mail/spamassassin if 
> thats the perl site dir for SA which it is in my case.
> 
Or just make /usr/etc/mail/spamassassin be a link to
/etc/mail/spamassassin. I had to do just that after I upgraded to
spamassassin 3.1.0.

-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Thu Dec 22 23:51:15 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:34 2006
Subject: Best Way to test Spam Ability
Message-ID: <mailman.18247.1137101494.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Nathan Olson spake the following on 12/21/2005 8:41 PM:
> On 12/21/05, Fajar <fajarep@simplimobile.com> wrote:
> 
>>is there a way to flood our mailserver with spam email?
> 
> 
> Put it into production ;)
> 
> Nate
> 
I second that !!!

-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From test at NEXTMILL.NET  Fri Dec 23 00:02:03 2005
From: test at NEXTMILL.NET (Brian Lewis)
Date: Thu Jan 12 21:31:34 2006
Subject: spam.assassin.prefs.conf not being read - was Re: Problem with
    ALL_TRUSTED since 4.48
Message-ID: <mailman.18248.1137101494.24926.mailscanner@lists.mailscanner.info>

That link exists already, the problem is that is just one file, there is 
local.cf, v310.pre, init.pre, as well as custom scripts like snfilter.cf 
that need to execute as well.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From csweeney at OSUBUCKS.ORG  Fri Dec 23 04:33:11 2005
From: csweeney at OSUBUCKS.ORG (Chris Sweeney)
Date: Thu Jan 12 21:31:34 2006
Subject: Warning: recent vendor perl patch may harm MailScanner
Message-ID: <mailman.18249.1137101494.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Same here no problems with the Perl upgrade on RedHat ES 4

Chris


Denis Beauchemin wrote:

> Kai Schaetzl wrote:
>
>> SuSE has issued a perl patch on Dec. 19 for all its supported 
>> platforms which may cause you problems with MailScanner, be careful! 
>> It's the fix
>> SPRINTF0 - fixes for sprintf formatting issues - CVE-2005-3962
>> Other vendors will probably push this important patch as well.
>>
>> Problems may only occur if you used CPAN to install some modules 
>> required by MailScanner.
>>
>> But I'm not convinced that it only affects those. Reason: That patch 
>> seems to either overwrite MIME::Base64 with the version current when 
>> the OS version was released (in this case 2.20) or write this 
>> information to some housekeeping file belonging to Perl. This clash 
>> could occur with rpm-installed MIME::Base64 as well.
>>
>> Symptoms: MailScanner dies with
>> MIME::Base64 object version 2.20 does not match bootstrap parameter 
>> 3.05 at /usr/lib/perl5/5.8.1/i586-linux-thread-multi/DynaLoader.pm 
>> line 249. Compilation failed in require at /usr/sbin/MailScanner line 
>> 55. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 59.
>>
>> You get the same error when opening the CPAN shell and just doing "i 
>> MIME::Base64" (LWP failed with code[500] message[MIME::Base64 object 
>> version 2.20 does not match bootstrap parameter 3.05]). It also says 
>> "strange package name" or so. I tried upgrading (via CPAN) to version 
>> 3.07 (current) of MIME::Base64 and when this didn't help installing 
>> all perl rpms coming with the MailScanner tar.gz. Nothing helped, 
>> even worse this made MailScanner grab memory ad infinitum. And 
>> Spamassassin make test as well. Only the abovementioned trick helped. 
>> Perl says now that the version of MIME::Base64 installed is 2.20 on 
>> the machine with a working (!) MailScanner and 3.0.5 on a machine 
>> where MailScanner doesn't work and where I did nothing to fix the 
>> problem.
>>
>> Going back to the last Perl patch version is obviously not 
>> recommended since the fixed problem is a serious one. This problem 
>> may indeed only occur under circumstances, but better beware!
>>
>> Julian, any thoughts on the nature of the problem and how to solve it 
>> and keep the patch?
>>
>>
>>
>>
>>
>> Kai
>>
>>  
>>
> Upgraded Perl on RHEL 3 and 4 servers yesterday running MS 4.47.4 and 
> 4.46.2 without any problem.  All is fine.  No error messages either.  
> All Perl modules bundled with MS were installed by MS (not CPAN).  
> MailScanner -v says:
> 3.05    MIME::Base64
>
> I guess Red Hat did it better than SuSE...
>
> Happy holidays to everybody!  I hope everyone will be able to forget 
> about the mail servers for at least a couple of days...  that includes 
> you, Julian... you deserve it!!!
>
> Denis
>

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From P.G.M.Peters at UTWENTE.NL  Fri Dec 23 08:26:21 2005
From: P.G.M.Peters at UTWENTE.NL (Peter Peters)
Date: Thu Jan 12 21:31:34 2006
Subject: delete from the mailq
Message-ID: <mailman.18250.1137101494.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Res wrote on 19-12-2005 21:58:

>> The 50k messages are blocking new mails.
>>
>> Get the bulk away, so new messages are processed, and then examine the
>> 50k to remove the dud ones.
> 
> if he wants to rmeove the bulk he must know what to look for now? seems
> like you  ppl are suggesting to tim to do more work then is neccessary,
> I do this regulary clearing out spammers trash, almost every 3 days, and
> im talking a damn sight more than 50K emails in the queue, also I
> suggest he changes his sendmail config..

I clean out messages from the queue every night. Every message from
mailer-daemon and tried more than a number of times are moved to a
seperate queue. Onze a day I do a queuerun in that queue. I used to have
thousands of messages in the queue. Today the queue is only a few
hundred in size.

But occasionally I get several thousand message in the incoming queue.
That is the main problem. This stops processing all mail. I check what
unique identifier is in the file and move all those message away.

And I stop incoming mail for a few minutes. My other servers will just
accept the normal flow untill I get to them.

> define(`confQUEUE_SORT_ORDER', `time')dnl

This will slow down the dellivery of e-mail. When you sort on host
sendmail can keep using a connection to a host. If the sort order is any
different those connections disappear from the connectionlist and have
to be re-established (almost) each time.

> that should solve his immediate problem, its not a default option, and
> if not already he should also add in:
> define(`confSEPARATE_PROC',`True')dnl

Will this not drive the number of processes through the roof?

> define(`confDOUBLE_BOUNCE_ADDRESS',`')dnl

I use nobody and alias that to the appropriate address (currently
/dev/null) without the need of rebuilding the configuration an
restarting sendmail.

- --
Peter Peters, senior beheerder (Security)
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente,  Postbus 217,  7500 AE  Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDq7StMbmy+DDgnIURAmewAJ9MxLgJ22N/LT/QiqVrkMam102MAgCfX5ze
6wJMksQbdK7zOcr6mCh26Qs=
=Epup
-----END PGP SIGNATURE-----

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From P.G.M.Peters at UTWENTE.NL  Fri Dec 23 09:28:01 2005
From: P.G.M.Peters at UTWENTE.NL (Peter Peters)
Date: Thu Jan 12 21:31:34 2006
Subject: Reduction in Spam?
Message-ID: <mailman.18251.1137101494.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Glenn Steen wrote on 21-12-2005 13:57:

> Anyway, a better article on the subject is the one at el Reg:
> http://www.theregister.co.uk/2005/12/21/can-spam/ ... including a link
> to the actual FTC report (which certainly looks a bit like a "pat on
> the back" affair to me:-). I certainly wouldn't attribute any
> perceived or measured drop to the opt-out feature... Perhaps to the
> legal actions, but not to the opt-out as such. But thats just me;).

We have an FTC-like orgainzation (called OPTA) that has also put out a
press release claiming the number of spam messages has dropped. After
reading the release it turns out the number of Dutch orginated spam has
dropped. Or at least the number of complaints they got.

- --
Peter Peters, senior beheerder (Security)
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente,  Postbus 217,  7500 AE  Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDq8MhMbmy+DDgnIURAgxdAKCClJiQXjDneKMAe1KfIa/EfX/dNACg2kFE
C4LS5imsZXK+WVbhN1MlqKU=
=xPr3
-----END PGP SIGNATURE-----

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From gmatt at NERC.AC.UK  Fri Dec 23 10:07:29 2005
From: gmatt at NERC.AC.UK (Greg Matthews)
Date: Thu Jan 12 21:31:34 2006
Subject: delete from the mailq
Message-ID: <mailman.18252.1137101494.24926.mailscanner@lists.mailscanner.info>

On Fri, 2005-12-16 at 19:25 -0600, Jan Agermose wrote:
> Does anyone have a script or something to delete mails in queue based
> on a regex? Or passing a mail address as sender or receiver address? 
> 

I've used the attached perl script in the past, edit one of the regexs
to match your mails. Seems pretty fast.

G


> Jan
> 
>  
-- 
Greg Matthews           01491 692445
Head of UNIX/Linux, iTSS Wallingford

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From brad at BECKENHAUER.COM  Fri Dec 23 13:41:38 2005
From: brad at BECKENHAUER.COM (Brad Beckenhauer)
Date: Thu Jan 12 21:31:34 2006
Subject: Wait During Bayes Rebuild
Message-ID: <mailman.18253.1137101494.24926.mailscanner@lists.mailscanner.info>

Julian,
 
In MailScanner.conf what are the valid options for the "Wait During Bayes Rebuild"?

# The Bayesian database rebuild and expiry may take a 2 or 3 minutes
# to complete. During this time you can either wait, or simply
# disable SpamAssassin checks until it has completed.
Wait During Bayes Rebuild = no
  
From martinh at SOLID-STATE-LOGIC.COM  Fri Dec 23 13:56:03 2005
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:31:34 2006
Subject: Wait During Bayes Rebuild
Message-ID: <mailman.18255.1137101494.24926.mailscanner@lists.mailscanner.info>

Brad

Valid options are 

No

Yes

To be consistent with the other settings, but I agree an extra couple of
wordd might help..

--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Brad Beckenhauer
> Sent: 23 December 2005 13:42
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: [MAILSCANNER] Wait During Bayes Rebuild
> 
> Julian,
> 
> In MailScanner.conf what are the valid options for the "Wait During Bayes
> Rebuild"?
> 
> # The Bayesian database rebuild and expiry may take a 2 or 3 minutes
> # to complete. During this time you can either wait, or simply
> # disable SpamAssassin checks until it has completed.
> Wait During Bayes Rebuild = no
> 
> From reading the text, it appears the only options are "no" and "wait"
> which I would interpret to "yes".
> Would you add another comment line stating all the valid options.
> 
> Thanks
> Brad
> 
> 
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Kevin_Miller at CI.JUNEAU.AK.US  Fri Dec 23 18:00:04 2005
From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller)
Date: Thu Jan 12 21:31:34 2006
Subject: Reduction in Spam?
Message-ID: <mailman.18256.1137101494.24926.mailscanner@lists.mailscanner.info>

Glenn Steen wrote:
> On 23/12/05, Peter Peters <P.G.M.Peters@utwente.nl> wrote:
> Ah... The quality of work done in the journalistic field.... Amazing,
> isn't it:-):-).

I just figured it was due to the widespread adoption of MailScanner!

Merry Christmas to all...

...Kevin
-- 
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Fri Dec 23 18:07:59 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:34 2006
Subject: Reduction in Spam?
Message-ID: <mailman.18257.1137101494.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 23/12/05, Kevin Miller <Kevin_Miller@ci.juneau.ak.us> wrote:
> Glenn Steen wrote:
> > On 23/12/05, Peter Peters <P.G.M.Peters@utwente.nl> wrote:
> > Ah... The quality of work done in the journalistic field.... Amazing,
> > isn't it:-):-).
>
> I just figured it was due to the widespread adoption of MailScanner!
>
> Merry Christmas to all...
>
Hadn't realised it (MailScanner) would have a beneficial effect on
journalists too .... Indeed amazing:-):-) ... (Yeah, I understood your
meaning Kevin, just cound resist....:-)

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Fri Dec 23 17:54:42 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:34 2006
Subject: Reduction in Spam?
Message-ID: <mailman.18258.1137101494.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 23/12/05, Peter Peters <P.G.M.Peters@utwente.nl> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Glenn Steen wrote on 21-12-2005 13:57:
>
> > Anyway, a better article on the subject is the one at el Reg:
> > http://www.theregister.co.uk/2005/12/21/can-spam/ ... including a link
> > to the actual FTC report (which certainly looks a bit like a "pat on
> > the back" affair to me:-). I certainly wouldn't attribute any
> > perceived or measured drop to the opt-out feature... Perhaps to the
> > legal actions, but not to the opt-out as such. But thats just me;).
>
> We have an FTC-like orgainzation (called OPTA) that has also put out a
> press release claiming the number of spam messages has dropped. After
> reading the release it turns out the number of Dutch orginated spam has
> dropped. Or at least the number of complaints they got.
>

Ah... The quality of work done in the journalistic field.... Amazing,
isn't it:-):-).
We do have a similar thing (the IT incident center of sweden). One
could well describe them best as ... "toothless"... Still turns out a
fair anount of non-pressreleases... (At least to my eyes:-)

Merry Christmas, all and sundry.... We'll "talk" more after I come out
of the (alcohol induced) fog ...:-)
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Fri Dec 23 21:03:09 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:34 2006
Subject: Clam Win Virus Checker
Message-ID: <mailman.18259.1137101494.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 22/12/05, Matt Kettler <mkettler@evi-inc.com> wrote:
> Dj Ajos1 wrote:
> > -
> >
> > Just a quick question...
> >
> > Is the  "Clam Win Virus Checker" any good or not?
> >
> > I have never used it before and just wondering how successful it is?
>
> It works pretty well, every bit as well as clamav for *nix.
>
> However, one thing to be aware of is that clamwin does not at this time do any
> realtime monitoring. It's on-demand scanning only. Realtime file access
> monitoring is being developed, but isn't completed yet.
>
> Clamwin does come with an OE plugin to get outlook to scan your mail with clamwin.
>
> There is also a plugin to firefox (via mozilla.org, doesn't come with clamav) to
> make it use clamwin on all downloaded files.
>
CC Matt.

If one is looking for "El Cheapo AV for Windoze", I'd suggest looking
at the triple (I think? Too much wine already (unlike most, Xmas Eve
is the Big Day, here in Sweden... So today is kind of "the day
before"... Getting the tree in order (the bl**dy lights not working...
talk about HW problem:) and all), so everything with a grain of
salt... (If you
ve followed my use of parenthesis so far, you should be programming
lisp;)): AVG, Nod32 (not sure about this, check their site) and lastly
Antivir (http://www.free-av.com). At least the last contain on demand
as well as on access scanning.

A slightly lopsided Merry Xmas!
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Fri Dec 23 21:51:40 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:34 2006
Subject: Joe Jobbed, etc.
Message-ID: <mailman.18260.1137101494.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 22/12/05, Kevin Miller <Kevin_Miller@ci.juneau.ak.us> wrote:
> Glenn Steen wrote:
> >> I'm not sure if I'm the victim of a joe job, or reverse NDR, but in
> >> thinking about it, milter-ahead won't solve the greater problem
> >> anyway. Right now, my Exchange box is replying to the NDRs.
> >> Milter-ahead would just cause my MS gateway to do that instead.
> >
> > Um, no.... The thing is it'll reject the erroneous addresses early in
> > the SMTP conversation, at the RCPT TO: stage, way before any hefty
> > DATA has been sent, and _mostimportantly *before* you have accepted
> > the mail_... This means that the mail is still the senders problem,
> > and it is the _sending MTA_ that need generate the NDNs/NDRs, not you.
> > Nice, eh?
>
> Ah, you're right.  Sometimes one loses site of the forest for the trees.

:-).
Been there, done that (and any admin who says other is either lying or
not really worth their salt..... Or incredibly lucky:-).

>
> >> I think the better thing
> >> to do is to accept the mail and deep six it.
> >
> > No! Why take responsibility for something that really *shouldn't be
> > your problem*?
>
> Well, spam/viruses *shouldn't* be any of our problem and if they brought
> back public tar and feathering it wouldn't be <g>.  But it is.  So I'm
> just looking for the easiest way to ride out this storm.
>
*chuckle* True. But then, the next best thing is setting things up so
that *you* don't have to care;).

>
> >> Anybody see any problems with that,
> > (snip)
> >
> > More of a science project than handling it at the MTA, if you ask
> > me;-).
>
> Not really - a one line entry in spam.blacklist.rules is pretty simple,
> and would solve the immeditate problem until I can get milter-ahead or
> some other more robust solution implemented.  Not as optimal as doing it
> at the MTA perhaps, but definitely a testimony to the flexibilty of
> MailScanner!  Syncing active directory and sendmail is certainly doable
> but it's not a five minute job.
>
> Question is, would the example I gave work, and if not, what would?
>

You answered that nicely way before my "wine-reddled" fingers could
> > Merry Xmas!
> type an answer, so... yeah, well. Perhaps I should shut up.

> Thanks, you too.  And a spam-free New Year...

It'd better be... I'm 600 Km OoO, and not really planning to return
until after NY, so ... MailScanner will cover for me... as
always:-):-)

Cheers
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From drew at THEMARSHALLS.CO.UK  Sat Dec 24 01:57:02 2005
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:31:34 2006
Subject: Other blocked content ruleset
Message-ID: <mailman.18261.1137101494.24926.mailscanner@lists.mailscanner.info>

On 15 Dec 2005, at 22:00, Desai, Jason wrote:
> Drew,
>
> Sorry for the late reply - still catching up on the list.  I just  
> dealt
> with this recently.  Here's what I did.  I modified languages.conf,
> changing AttachmentTooSmall to be "Attachment is too small (too- 
> small)".
> For completeness, I changed AttachmentTooLarge in the same way.   
> Then I
> modified MailScanner.conf, and added "too-small" to the list of Silent
> Viruses.  This seems to prevent notifications.  You don't have to use
> "too-small", you could use some other string which has no spaces in
> AttachmentTooSmall and Silent Viruses.
>
> Hope this helps.

Jason

Sorry for the delay in coming back to you. I have only just found  
time to try this and I am delighted to say it works a treat!

Thanks very much and Happy Christmas.

Drew

-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From alex at NKPANAMA.COM  Sat Dec 24 15:07:16 2005
From: alex at NKPANAMA.COM (Alex Neuman van der Hans)
Date: Thu Jan 12 21:31:34 2006
Subject: Reduction in Spam?
Message-ID: <mailman.18262.1137101494.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I've seen a steady increase in the spam that's dropped at the MTA level 
because the spammers wants to send the message before the "220" SMTP 
greeting (thanks to Sendmail's GreetPause feature), as well as spam 
being blocked because of RBL's. Spam that makes it through those two has 
increased somewhat less, though. What *has* increased dramatically is 
the amount of "sober" and other worms/variants, which I usually find out 
about when perusing the logs - clamav-milter usually takes care of it 
*before* anything hits MailScanner.

What's also increased is the control some ISP's are exerting on 
end-users; some of the local ISP's (even *more* so across their dialup 
IP blocks) are blocking port 25 except to their own mailservers, and you 
can only use *those* if you use SMTP AUTH first. Since my clients 
usually use SMTPS on port 465 (or have been using SMTP+AUTH on 587) they 
don't have a problem.

I've also seen an increase in the amount of open wifi access points in 
downtown Panama City, Republic of Panama (where I live). Since most of 
these are hooked up to unrestricted DSL/Cable connections, it opens the 
door for local spammers working for local (or foreign) companies to do 
some damage while robbing the clueless of their bandwidth and possibly 
making them liable for what they did.

Let's hope we, as responsible sysadmins/consultants, can do something 
about this during next year...

Happy Holidays to all!

Martin Hepworth wrote:

>Quite
>
>The article does seem confused about where the reduction is.....
>
>My stats do NOT concur with theres. Over the last 6 months I still an
>increase...
>
>--
>Martin Hepworth 
>Snr Systems Administrator
>Solid State Logic
>Tel: +44 (0)1865 842300
>
>  
>
>>-----Original Message-----
>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
>>Behalf Of Drew Marshall
>>Sent: 21 December 2005 09:18
>>To: MAILSCANNER@JISCMAIL.AC.UK
>>Subject: [MAILSCANNER] Reduction in Spam?
>>
>>I am not convinced by this article as my stats read quite differently!
>>
>>http://news.bbc.co.uk/1/hi/technology/4547474.stm
>>
>>The interesting quote is '"similarly report a decrease in the amount of
>>spam reaching consumers' inboxes"'
>>
>>Perhaps this is because of the amount of mail being processed by
>>MailScanner on a daily basis?
>>
>>Merry Christmas & A Happy New Year all!
>>
>>Drew
>>
>>
>>--
>>In line with our policy, this message has
>>been scanned for viruses and dangerous
>>content by MailScanner, and is believed to be clean.
>>www.themarshalls.co.uk/policy
>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>Support MailScanner development - buy the book off the website!
>>    
>>
>
>
>**********************************************************************
>
>This email and any files transmitted with it are confidential and
>intended solely for the use of the individual or entity to whom they
>are addressed. If you have received this email in error please notify
>the system manager.
>
>This footnote confirms that this email message has been swept
>for the presence of computer viruses and is believed to be clean.	
>
>**********************************************************************
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>  
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From alex at NKPANAMA.COM  Sat Dec 24 15:22:50 2005
From: alex at NKPANAMA.COM (Alex Neuman van der Hans)
Date: Thu Jan 12 21:31:34 2006
Subject: Best Way to test Spam Ability
Message-ID: <mailman.18263.1137101494.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Scott Silva wrote:

>Nathan Olson spake the following on 12/21/2005 8:41 PM:
>  
>
>>On 12/21/05, Fajar <fajarep@simplimobile.com> wrote:
>>
>>    
>>
>>>is there a way to flood our mailserver with spam email?
>>>      
>>>
>>Put it into production ;)
>>
>>Nate
>>
>>    
>>
>I second that !!!
>
>  
>
I set up a new server for a client that was hosting his e-mail at his 
ISP's facility. I made the change to his DNS records to point the MX at 
the new server at his office. I "tail -f /var/log/maillog" to see that 
mailscanner and everything else was working fine, then opened up a 
browser window to go to my webmail account to test everything out.

Before the browser was even finished loading (and about 20 seconds after 
the DNS change to reflect the new MX), MailScanner was already rejecting 
spam.

The moral of the story is that you can test your server in many 
different ways; there's no substitute, however, for hooking it up 
directly to the internet, where spammers can track you down in 20 
seconds or less.

Good luck with your new server!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Sun Dec 25 12:47:28 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:35 2006
Subject: Mailscanner.conf 4.46.2-3
Message-ID: <mailman.18264.1137101494.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

The old versions of MailScanner are always available on the web site. 
Just look at the URL of the version that is displayed on the downloads 
page, and tweak the URL to produce the version number of what you want 
to download and you will get it. I keep a complete archive on there, 
back to version 4.00.1 at least. The structure was rather different 
before that, so people wanting 3.27 or earlier would need to contact me 
for a copy. Though hopefully there aren't too many people out there 
still running earlier versions than 4, they are mostly Debian "woody" 
users, of which there are still some.

Kevin Dermody wrote:

> Actually sorry, forget this, I got a copy from installing on another 
> machine.
>
> Kevin Dermody wrote:
>
>> Hi all,
>>
>> Hopefully someone is awake now who has a copy of the default config 
>> file for version 4.46.2-3 (Debian/Ununtu).
>>
>> If so, could you please send it my way.
>>
>> Thanks,
>>
>> Kevin
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!


-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Sun Dec 25 13:06:20 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:35 2006
Subject: Alternative "From" address for me
Message-ID: <mailman.18265.1137101495.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

There are various SpamAssassin rulesets out there, notable the 
bogus-anti-virus-warnings set, which mark up postings from me as spam. 
The biggest problem this causes is that people miss my announcements on 
the mailing list.

The easiest solution for all is for me to use a different "From:" 
address for my mailing list postings, so it doesn't hit these rules. 
They hit on the From: address containing the string "mailscanner" in any 
combination of upper and lower case.

They could simply come from jkf@ecs.soton.ac.uk. Quite a few of the 
possibilities have mailscanner in the domain name, which reduces the 
scope somewhat. Others include jules.fm, jools.fm, joul.es, 
phishingnet.info, julianfield.com/net/org, julesfield.com/net/org/info, 
mail-scanner.com/net/org/info. I have a load of others too, but they all 
contain the string "mailscanner" in them somewhere.

Any suggestions? I'll register a new one if someone has any good ideas, 
which are related to mailscanner but don't actually contain mailscanner. 
The mail-scanner.com sounds like one of the better ones.

All thoughts and ideas are welcome.

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Sun Dec 25 13:29:44 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:35 2006
Subject: smart host postifx and MS
Message-ID: <mailman.18266.1137101495.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Put a ruleset on the "Scan Messages" setting in MailScanner.conf. If 
this evaluates to 0 (no) then no further scanning is done on the message 
at all. It is just delivered straight back out again with very minimal 
speed overhead.

By far the simplest solution :-)

Erick Perez wrote:

>If I setup my postfix box to be a smart host for another machine with
>another domain, can I tell MS *not* to do filtering at all?
>
>--
>
>-------------------------------------------
>Erick Perez
>Linux User 376588
>http://counter.li.org/  (Get counted!!!)
>Panama, Republic of Panama
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>  
>

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Sun Dec 25 13:25:29 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:35 2006
Subject: Joe Jobbed, etc.
Message-ID: <mailman.18267.1137101495.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Kevin Miller wrote:

>
>Having the option to change the score on a case by case basis would be
>handy, but maybe not handy enough for Julian to go the trouble.  If it's
>not worthwhile for more than just me then that's fine - I'm
>accomplishing my immediate goal w/the current setup...
>  
>
You could do with this a "Custom Spam Scanner" which is run after the 
whitelist and blacklist code but before anything else. It could look to 
see which RBLs hit (if any) and modify the sascore and gsscore 
appropriately. The code you need to hook into is all in Message.pm. The 
API is described briefly elsewhere, it's all pretty simple.

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Sun Dec 25 13:36:06 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:35 2006
Subject: Not allowing filename
Message-ID: <mailman.18268.1137101495.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Sorry, I meant "your" and not "our". The line you need to add is your
allow   \.qxd\.pdf$   -   -
line (notice the extra \ I have added to it)
This needs to go near the top of the file.
Note that the 4 "words" on this line need to be tab-separated.

Chris Boyd wrote:

>Sorry what line do I add to the top of it? 
>
>  
>
>>>>MailScanner@ECS.SOTON.AC.UK 12/21/05 3:29  >>>
>>>>        
>>>>
>-----BEGIN PGP SIGNED MESSAGE-----
>
>Leave the filename.rules.conf file exactly where it is, just add our  
>line to the top of it. No need to edit MailScanner.conf at all, it's  
>all set right already.
>
>On 21 Dec 2005, at 14:42, Chris Boyd wrote:
>
>  
>
>>I need to allow files with .qxd.pdf. I thought I did it right in  
>>the rules but Mailscanner wont seem to pick up the changes.
>>In Mailscanner.conf I have:
>>
>># Rulesets directory containing your ".rules" files
>>%rules-dir% = /etc/MailScanner/rules
>>
>>In filename.rules.conf I have:
>>
>>#Customized by Chris
>>allow   \.qxd.pdf$              -       -
>>
>>I read that rules need to be in the rules directory and be  
>>named .rules
>>So i copied over filename.rules.conf to /etc/Mailscanner/rules/ 
>>filename.rules, and it still doesn't pick up the changes.
>>Here's the message from blocked extension
>>
>>t Tue Dec 20 17:06:30 2005 the virus scanner said:
>>   MailScanner: Attempt to hide real filename extension (.qxd.pdf)
>>
>>
>>
>>
>>-----------------------------------------------------------------
>>This email message is intended only for the addressee(s)
>>and contains information that may be confidential and/or
>>copyrighted.  If you are not the intended recipient please
>>notify the sender by reply email and immediately delete
>>this email. Use, disclosure or reproduction of this email
>>by anyone other than the intended recipient(s) is strictly
>>prohibited. USIT has scanned this email for viruses and
>>dangerous content and believes it to be clean. However,
>>virus scanning is ultimately the responsibility of the recipient.
>>-----------------------------------------------------------------
>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>Support MailScanner development - buy the book off the website!
>>    
>>
>
>- -- 
>Julian Field
>www.MailScanner.info 
>Buy the MailScanner book at www.MailScanner.info/store 
>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGP Desktop 9.0.3 (Build 2932)
>
>iQEVAwUBQ6l0y/w32o+k+q+hAQHvqAf/RHQGrmNpWYFw4dTltoqDmMyGy+lxbXZJ
>lAIz/R0F38HAwR0H05+ofQ7732rnqGvjvD7pS8yfbnKJh+RDnA9WO7dB/0/GjD3u
>knlww40vBiG3SaIxFpX9hxnFisc2RTgbSnjngqxTQ3ASNjWY48AlVb2TvF37pAF/
>vTcz+m3XcJAT/4eUjsWdAmK7fdIPos26JbMVVFIA/GIsG5wa5nDQCKzEQIA4CzVu
>cWB/0Ca24hNhUE6X2r1z/tSv2yR2LkiGtpKMemrInCZ8+ZF9BJFIQoArPRediNlo
>yAbhkavsjmB07Mak6A3UHoiIf1GkNLy82GxZ577henJ6PThBC2E1Aw==
>=REWN
>-----END PGP SIGNATURE-----
>
>  
>

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From gborders at jlewiscooper.com  Mon Dec 26 13:53:30 2005
From: gborders at jlewiscooper.com (Greg Borders)
Date: Thu Jan 12 21:31:35 2006
Subject: Best Way to test Spam Ability
Message-ID: <mailman.18269.1137101495.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Alex Neuman van der Hans wrote:
> Scott Silva wrote:
>
>> Nathan Olson spake the following on 12/21/2005 8:41 PM:
>>  
>>
>>> On 12/21/05, Fajar <fajarep@simplimobile.com> wrote:
>>>
>>>   
>>>> is there a way to flood our mailserver with spam email?
>>>>     
>>> Put it into production ;)
>>>
>>> Nate
>>>
>>>   
>> I second that !!!
>>
>>  
>>
> <snip>

> you can test your server in many different ways; there's no 
> substitute, however, for hooking it up directly to the internet, where 
> spammers can track you down in 20 seconds or less.
If the real world barrage of crap e-mails don't fit the bill, you can 
always feed some messages through to your system using your MTA 
program.  For example, it's really easy for sendmail, just cat out a 
mailbox laden with spam, and pipe it to Sendmail. It will deliver those 
to your mailscanner system as fast as your hardware allows. :)

--
This transmission may contain information that is privileged, confidential
and/or exempt from disclosure under applicable law. If you are not the
intended recipient, you are hereby notified that any disclosure, copying,
distribution, or use of the information contained herein (including any
reliance thereon) is STRICTLY PROHIBITED. If you received this transmission
in error, please immediately contact the sender and destroy the material in
its entirety, whether in electronic or hard copy format. Thank you.

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From michele at BLACKNIGHT.IE  Mon Dec 26 14:30:43 2005
From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight)
Date: Thu Jan 12 21:31:35 2006
Subject: Best Way to test Spam Ability
Message-ID: <mailman.18270.1137101495.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

There's a few perl scripts out there that will generate "spams" for you...


-- 
Mr Michele Neylon
Blacknight Solutions
Quality Business Hosting & Colocation
http://www.blacknight.ie/
Tel. 1850 927 280
Intl. +353 (0) 59  9183072
Direct Dial: +353 (0)59 9183090
Fax. +353 (0) 59  9164239

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dhawal at NETMAGICSOLUTIONS.COM  Mon Dec 26 15:04:18 2005
From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy)
Date: Thu Jan 12 21:31:35 2006
Subject: Best Way to test Spam Ability
Message-ID: <mailman.18271.1137101495.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Michele Neylon :: Blacknight wrote:
> There's a few perl scripts out there that will generate "spams" for you...

Do you have an existing mail server? if yes, Configure roundhouse 
http://www.snertsoft.com/sendmail/roundhouse/ on your existing mail 
server and copy the incoming stream to your new server.. quite useful (i 
remember Steve or someone else suggesting this as well)

- dhawal

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From amoore at DEKALBMEMORIAL.COM  Tue Dec 27 14:06:27 2005
From: amoore at DEKALBMEMORIAL.COM (Aaron K. Moore)
Date: Thu Jan 12 21:31:35 2006
Subject: Alternative "From" address for me
Message-ID: <mailman.18272.1137101495.24926.mailscanner@lists.mailscanner.info>

I just whitelisted the list address in SpamAssassin.  If you're running
mailscanner, you should be able to whitelist an address as it is pretty
straight forward.

Julian Field wrote:
> There are various SpamAssassin rulesets out there, notable the
> bogus-anti-virus-warnings set, which mark up postings from me as spam.
> The biggest problem this causes is that people miss my announcements
> on the mailing list.
> 
> The easiest solution for all is for me to use a different "From:"
> address for my mailing list postings, so it doesn't hit these rules.
> They hit on the From: address containing the string "mailscanner" in
> any combination of upper and lower case.
> 
> They could simply come from jkf@ecs.soton.ac.uk. Quite a few of the
> possibilities have mailscanner in the domain name, which reduces the
> scope somewhat. Others include jules.fm, jools.fm, joul.es,
> phishingnet.info, julianfield.com/net/org,
> julesfield.com/net/org/info, mail-scanner.com/net/org/info. I have a
> load of others too, but they all contain the string "mailscanner" in
> them somewhere. 
> 
> Any suggestions? I'll register a new one if someone has any good
> ideas, which are related to mailscanner but don't actually contain
> mailscanner. The mail-scanner.com sounds like one of the better ones.
> 
> All thoughts and ideas are welcome.
> 
> --
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> 
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-- 
Aaron Kent Moore
Information Technology Services
DeKalb Memorial Hospital, Inc.
Auburn, IN
Phone:  260.920.2808
E-mail:  amoore@dekalbmemorial.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From francisco at myipaddress.com.ar  Tue Dec 27 14:45:46 2005
From: francisco at myipaddress.com.ar (francisco)
Date: Thu Jan 12 21:31:35 2006
Subject: [Rule]Spam Action(Open)
Message-ID: <mailman.18273.1137101495.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hello.
I have 2 accounts of mail:
  francisco@myipaddress.com.ar and  spam1@myipaddress.com.ar.
To Francisco is  fordward email´s of other account sg@3net.com.ar).
The configuration of "Spam ACTION" is the following one:

To: francisco@myipaddress.com.ar delete// to erase the Spam to:francisco

default deliver// that passes the Spam to spam1

The problem that continues entering Spam Francisco.
That Rule I must add so that it does not happen?
I add the HEADER of Francisco
NOTE:santaclara@3net.com.ar it is not of my property

Received: from localhost.localdomain [192.168.0.77] by mail.e-viamonte.com.ar with ESMTP
  (SMTPD32-7.07) id A70C4C1009E; Tue, 27 Dec 2005 02:54:20 -0300
Received: from relay.insystems.com.ar ([192.168.0.101])
by localhost.localdomain (8.13.1/8.13.1) with ESMTP id jBMJaB0W002780
for <francisco@myipaddress.com.ar>; Thu, 22 Dec 2005 16:36:11 -0300
Received: from w2kserver02 ([192.168.0.101]) by relay.insystems.com.ar with Microsoft SMTPSVC(5.0.2195.6713);
Tue, 27 Dec 2005 02:47:31 -0300
Received: FROM w2kserver02 BY w2kserver02 ; Tue Dec 27 02:47:30 2005 -0300
Received: from SMTP32-FWD by 3net.com.ar
  (SMTP32) id A00000A3C; Tue, 27 Dec 2005 02:47:29 -0300
Received: from pcp08146039pcs.tsclos01.al.comcast.net [68.62.155.16] by 3net.com.ar
  (SMTPD32-7.07) id A56A1DF400CE; Tue, 27 Dec 2005 02:47:22 -0300
X-Apparently-To: santaclara@3net.com.ar
Received: from  (HELO 1)
        as user @ by www..com.ar with Mosap;
        Tue, 27 Dec 2005 07:46:32 +0200
Date: Tue, 27 Dec 2005 03:41:32 -0200
Message-Id: <68TR87FE.0K24.YFOQIFCO@yahoo.com>
From: "Elton Stewart" <YFOQIFCO@yahoo.com>
To: <santaclara@3net.com.ar>
Subject: {Spam?} Hard Like Rock mKW
X-Mailer: Evolution/1.0-5mdk
X-OriginalArrivalTime: 27 Dec 2005 05:47:31.0015 (UTC) FILETIME=[0704E570:01C60AA9]
MIME-Version: 1.0
X-Insystems-MyIpAddress-MailScanner-Information: Please contact the ISP for more information
X-Insystems-MyIpAddress-MailScanner: Found to be clean
X-Insystems-MyIpAddress-MailScanner-SpamCheck: spam,
SpamAssassin (puntaje=20.854, requerido 6, autolearn=spam,
BAYES_99 1.89, FORGED_YAHOO_RCVD 2.70, HELO_DYNAMIC_COMCAST 3.70,
RCVD_IN_BL_SPAMCOP_NET 1.22, RCVD_IN_DSBL 3.81,
RCVD_IN_NJABL_DUL 0.09, RCVD_IN_NJABL_PROXY 0.44,
RCVD_IN_SORBS_DUL 1.99, RCVD_IN_XBL 3.08, ROUND_THE_WORLD 1.96)
X-Insystems-MyIpAddress-MailScanner-SpamScore: ssssssssssssssssssss
X-Insystems-MyIpAddress-MailScanner-From: yfoqifco@yahoo.com
X-RCPT-TO: <francisco@myipaddress.com.ar>
Status: U
X-UIDL: 434159899

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mailscanner at LISTS.COM.AR  Tue Dec 27 16:31:25 2005
From: mailscanner at LISTS.COM.AR (Leonardo Helman)
Date: Thu Jan 12 21:31:35 2006
Subject: Newer TNEF
Message-ID: <mailman.18274.1137101495.24926.mailscanner@lists.mailscanner.info>

Hi

We are having a couple of unparsable TNEF (whith the external one),
and found out, that the people from TNEF have one or two version
ahead of us.

Have anyone try it?
  http://sourceforge.net/projects/tnef
  # TNEF v1.3.4 Released   2005-10-11

I'm downloading and testing now.


Saludos

--  
Leonardo Helman
Pert Consultores
Argentina

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From vinet138 at YAHOO.COM  Tue Dec 27 19:24:46 2005
From: vinet138 at YAHOO.COM (Bill Smith)
Date: Thu Jan 12 21:31:35 2006
Subject: problem sending large message
Message-ID: <mailman.18275.1137101495.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi Folks,
<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office"
/> 
I have a problem sending mail from Echange2K3 to SendMail. (MailScanner
is the gateway).
When sending small mail. It is OK.
It only happens to when sending large email
 
The error is ^Ópremature EOM: Connection reset by^Ô
 
Can anyone tell me what is wrong plz.?
 
Thx,
 
Bill

________________________________________________________________________________
Yahoo! DSL Something to write home about. Just $16.99/mo. or less
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From maillists at CONACTIVE.COM  Tue Dec 27 20:27:04 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:35 2006
Subject: Alternative "From" address for me
Message-ID: <mailman.18276.1137101495.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote on         Sun, 25 Dec 2005 13:06:20 +0000:

> They could simply come from jkf@ecs.soton.ac.uk. Quite a few of the 
> possibilities have mailscanner in the domain name, which reduces the 
> scope somewhat. Others include jules.fm, jools.fm, joul.es, 
> phishingnet.info, julianfield.com/net/org, julesfield.com/net/org/info, 
> mail-scanner.com/net/org/info. I have a load of others too, but they all 
> contain the string "mailscanner" in them somewhere. 
>  
> Any suggestions? I'll register a new one if someone has any good ideas, 
> which are related to mailscanner but don't actually contain mailscanner. 
> The mail-scanner.com sounds like one of the better ones.

Julian, last time this rule hit for me (and I then whitelisted your email 
address) it hit on the *user* part. Only the user part makes sense. So, 
just using "announcements@mailscanner.info" will solve this. Unless there 
are other rules which are not so carefully constructed. However, if there 
*are* rules hitting on the domain part we better contact the maintainer of 
the rules because it is obviously complete nonsense to make them so loose 
that they hit on the domain part as well.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Dave  Tue Dec 27 22:06:52 2005
From: Dave (Dave)
Date: Thu Jan 12 21:31:35 2006
Subject: Newer TNEF
Message-ID: <mailman.18277.1137101495.24926.mailscanner@lists.mailscanner.info>

On Tue, Dec 27, 2005 at 01:31:25PM -0300, Leonardo Helman wrote:
> Hi
> 
> We are having a couple of unparsable TNEF (whith the external one),
> and found out, that the people from TNEF have one or two version
> ahead of us.
> 
> Have anyone try it?
>   http://sourceforge.net/projects/tnef
>   # TNEF v1.3.4 Released   2005-10-11
> 
> I'm downloading and testing now.
>

I have used this for 2 months and I am now seeing a problem.
 
> 
> Saludos
> 
> --  
> Leonardo Helman
> Pert Consultores
> Argentina
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Dave  Tue Dec 27 22:12:11 2005
From: Dave (Dave)
Date: Thu Jan 12 21:31:35 2006
Subject: Newer TNEF
Message-ID: <mailman.18278.1137101495.24926.mailscanner@lists.mailscanner.info>

On Tue, Dec 27, 2005 at 03:06:52PM -0700, Dave Shariff Yadallee - System Administrator a.k.a. The Root of              the Problem wrote:
> On Tue, Dec 27, 2005 at 01:31:25PM -0300, Leonardo Helman wrote:
> > Hi
> > 
> > We are having a couple of unparsable TNEF (whith the external one),
> > and found out, that the people from TNEF have one or two version
> > ahead of us.
> > 
> > Have anyone try it?
> >   http://sourceforge.net/projects/tnef
> >   # TNEF v1.3.4 Released   2005-10-11
> > 
> > I'm downloading and testing now.
> >
> 
> I have used this for 2 months and I am now seeing a problem.
>

Sorry that should read NOT seeing a problem.

Keyboards!!!!
  
> > 
> > Saludos
> > 
> > --  
> > Leonardo Helman
> > Pert Consultores
> > Argentina
> > 
> > ------------------------ MailScanner list ------------------------
> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> > 
> > Support MailScanner development - buy the book off the website!
> > 
> > -- 
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean.
> > 
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mlm at LOANPROCESSING.NET  Tue Dec 27 22:22:56 2005
From: mlm at LOANPROCESSING.NET (Mike McMullen)
Date: Thu Jan 12 21:31:35 2006
Subject: Any potential gotchas using Maildir with MailScanner?
Message-ID: <mailman.18279.1137101495.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "Windows-1252" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi All,

I'm considering switching over from mbox format to maildir on our
IMAP/MailScanner server. (We're small enough the two live quite
happily on one box.)

We use MailScanner/SA/ClamAV/Sendmail/Procmail. On a test box,
I've configured sendmail/procmail/dovecot and they all seem to be working
with maildir format just fine. I brought over about 20,000-30,000 emails and
folders and converted them from mbox to maildir.

Are there any potential gotchas to layering MailScanner et all on top of sendmail
/procmail with maildirs that I need to be aware of?

If my testing continues to go ok, I'd roll it out on the production system over the
new years holiday.

Any feedback or insight appreciated.

Thanks!

Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jaearick at COLBY.EDU  Wed Dec 28 01:46:08 2005
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:31:35 2006
Subject: Any potential gotchas using Maildir with MailScanner?
Message-ID: <mailman.18280.1137101495.24926.mailscanner@lists.mailscanner.info>

This isn't a MailScanner issue, but you are probably aware that
maildir gobbles up zillions of inodes on your mailbox filesystem,
and you need to plan for this...

Jeff Earickson
Colby College

On Tue, 27 Dec 2005, Mike McMullen wrote:

> Date: Tue, 27 Dec 2005 14:22:56 -0800
> From: Mike McMullen <mlm@LOANPROCESSING.NET>
> Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Any potential gotchas using Maildir with MailScanner?
> 
> Hi All,
>
> I'm considering switching over from mbox format to maildir on our
> IMAP/MailScanner server. (We're small enough the two live quite
> happily on one box.)
>
> We use MailScanner/SA/ClamAV/Sendmail/Procmail. On a test box,
> I've configured sendmail/procmail/dovecot and they all seem to be working
> with maildir format just fine. I brought over about 20,000-30,000 emails and
> folders and converted them from mbox to maildir.
>
> Are there any potential gotchas to layering MailScanner et all on top of 
> sendmail
> /procmail with maildirs that I need to be aware of?
>
> If my testing continues to go ok, I'd roll it out on the production system 
> over the
> new years holiday.
>
> Any feedback or insight appreciated.
>
> Thanks!
>
> Mike
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From yossimor at HOTMAIL.COM  Wed Dec 28 11:03:04 2005
From: yossimor at HOTMAIL.COM (Yossi Mor)
Date: Thu Jan 12 21:31:35 2006
Subject: removed attachment and notification to recipients
Message-ID: <mailman.18281.1137101495.24926.mailscanner@lists.mailscanner.info>

Hi Julian,

First of all thanks for tour solution but users still get notification on 
those removed files.

Is there an option to send a notification to system admin only and not to 
recipients? So he will take care for those emails.

If i quarentine the whole message is it suitable enough?

I am working on MR version 4.30.3

Regards, Mor

Yossi

On Mon, 12 Dec 2005 14:36:35 +0000, Julian Field 
<MailScanner@ECS.SOTON.AC.UK> wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>
>Try using "deny+delete" in filename.rules.conf and
>filetype.rules.conf. It may well help you.
>
>On 12 Dec 2005, at 13:24, Yossi Mor wrote:
>
>> Hello forum,
>>
>> I am currently running MR 4.38-10 and i have a question regarding
>> attachment removing from emails.
>>
>> Is it possible that for certain removed attachments recipients will
>> not be
>> informed?
>>
>> I got 2 specific .exe files that i have configured in the
>> filename.rules.conf file and i do not want that emails with those 2
>> files
>> will be delivered nor any notification will be send to the recipients.
>>
>> Thanks,
>>
>> Yossi Mor
>>
>> BTW those attachments comes from many addresses
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>
>- --
>Julian Field
>www.MailScanner.info
>Buy the MailScanner book at www.MailScanner.info/store
>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGP Desktop 9.0.3 (Build 2932)
>
>iQEVAwUBQ52K9fw32o+k+q+hAQEH7wgAtoCgcxhzXC8OAt39Nh/nKZOCVEmNJVwG
>a6T3Mmdn9LBj1HEanp6AEML4FI2yO40S9gmwC0IyRrUwE/XZT4nk8wMhUJxQrJ1f
>1x5IaACnkk1mQJKTUTKJ3jdQ1x8gbdH6k9M+3TJ8+Z/dzd91t4I0QsjKuYZbpOdl
>EVLDPtpIXY7Ma6kAPcyqrlyW0I//sZaKZ5C/5ncbRIPKO2uqxbUMDmKtutKr8wx7
>2ifzXQjc+zETYSMaWYS2+jjRRz1S9Oa1ksFGLi9sjdHj6NmXINTB3UznwiyF+XRN
>dkVYeQ8szZoo5q0s1zM7kVcqMzx+HD921mo17IbJeZah+wrBfME9fQ==
>=OlTq
>-----END PGP SIGNATURE-----
>
>--
>This message has been scanned for viruses and
>dangerous content by MailScanner, and is
>believed to be clean.
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>=========================================================================

From yossimor at HOTMAIL.COM  Wed Dec 28 11:03:04 2005
From: yossimor at HOTMAIL.COM (Yossi Mor)
Date: Thu Jan 12 21:31:35 2006
Subject: removed attachment and notification to recipients
Message-ID: <mailman.18282.1137101495.24926.mailscanner@lists.mailscanner.info>

Hi Julian,

First of all thanks for tour solution but users still get notification on 
those removed files.

Is there an option to send a notification to system admin only and not to 
recipients? So he will take care for those emails.

If i quarentine the whole message is it suitable enough?

I am working on MR version 4.30.3

Regards, Mor

Yossi

On Mon, 12 Dec 2005 14:36:35 +0000, Julian Field 
<MailScanner@ECS.SOTON.AC.UK> wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>
>Try using "deny+delete" in filename.rules.conf and
>filetype.rules.conf. It may well help you.
>
>On 12 Dec 2005, at 13:24, Yossi Mor wrote:
>
>> Hello forum,
>>
>> I am currently running MR 4.38-10 and i have a question regarding
>> attachment removing from emails.
>>
>> Is it possible that for certain removed attachments recipients will
>> not be
>> informed?
>>
>> I got 2 specific .exe files that i have configured in the
>> filename.rules.conf file and i do not want that emails with those 2
>> files
>> will be delivered nor any notification will be send to the recipients.
>>
>> Thanks,
>>
>> Yossi Mor
>>
>> BTW those attachments comes from many addresses
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>
>- --
>Julian Field
>www.MailScanner.info
>Buy the MailScanner book at www.MailScanner.info/store
>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGP Desktop 9.0.3 (Build 2932)
>
>iQEVAwUBQ52K9fw32o+k+q+hAQEH7wgAtoCgcxhzXC8OAt39Nh/nKZOCVEmNJVwG
>a6T3Mmdn9LBj1HEanp6AEML4FI2yO40S9gmwC0IyRrUwE/XZT4nk8wMhUJxQrJ1f
>1x5IaACnkk1mQJKTUTKJ3jdQ1x8gbdH6k9M+3TJ8+Z/dzd91t4I0QsjKuYZbpOdl
>EVLDPtpIXY7Ma6kAPcyqrlyW0I//sZaKZ5C/5ncbRIPKO2uqxbUMDmKtutKr8wx7
>2ifzXQjc+zETYSMaWYS2+jjRRz1S9Oa1ksFGLi9sjdHj6NmXINTB3UznwiyF+XRN
>dkVYeQ8szZoo5q0s1zM7kVcqMzx+HD921mo17IbJeZah+wrBfME9fQ==
>=OlTq
>-----END PGP SIGNATURE-----
>
>--
>This message has been scanned for viruses and
>dangerous content by MailScanner, and is
>believed to be clean.
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>=========================================================================

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ja at CONVIATOR.COM  Wed Dec 28 12:49:02 2005
From: ja at CONVIATOR.COM (Jan Agermose)
Date: Thu Jan 12 21:31:35 2006
Subject: DMX Upgrade error
Message-ID: <mailman.18283.1137101495.24926.mailscanner@lists.mailscanner.info>


Hi

 

I tried upgradring my DMX testserver to the latest releasecandidate but
now it does not work. My guess is it has to do with this error in the
maillog:

 

Dec 28 07:26:59 scanner2 MailScanner[12301]: DefenderMX MailScanner
version 4.46.2 starting...

Dec 28 07:26:59 scanner2 MailScanner[12301]: Could not read Custom
Functions directory

Dec 28 07:26:59 scanner2 MailScanner[12301]: Using LDAP server localhost

Dec 28 07:27:00 scanner2 MailScanner[12301]: Config: calling custom init
function MailWatchLogging

 

(line 2)

 

But what does that mean? Does anyone know? Is it because perl cannot find
the .pm files under /opt/Fortress/ ? how can I check and correct the
problem?

 

Mvh

Jan

[IMAGE]

 

Jan Agermose
Conviator ApS

Tel. +45 35 266 460

 


Bliv SPAMfri.nu

 


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


    [ Part 2, "image001.gif"  Image/GIF  732bytes. ]
    [ Unable to print this part. ]


From steve.swaney at fsl.com  Wed Dec 28 13:15:16 2005
From: steve.swaney at fsl.com (Stephen Swaney)
Date: Thu Jan 12 21:31:35 2006
Subject: Any potential gotchas using Maildir with MailScanner?
Message-ID: <mailman.18284.1137101495.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Mike McMullen
> Sent: Tuesday, December 27, 2005 5:23 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Any potential gotchas using Maildir with MailScanner?
> 
> Hi All,
> 
> I'm considering switching over from mbox format to maildir on our
> IMAP/MailScanner server. (We're small enough the two live quite
> happily on one box.)
> 
> We use MailScanner/SA/ClamAV/Sendmail/Procmail. On a test box,
> I've configured sendmail/procmail/dovecot and they all seem to be working
> with maildir format just fine. I brought over about 20,000-30,000 emails
> and
> folders and converted them from mbox to maildir.
> 
> Are there any potential gotchas to layering MailScanner et all on top of
> sendmail
> /procmail with maildirs that I need to be aware of?
> 
> If my testing continues to go ok, I'd roll it out on the production system
> over the
> new years holiday.
> 
> Any feedback or insight appreciated.
> 

Mike,

We have several customer who run similar setups on single servers without
problems. 

If your local email delivery is setup correctly all will work fine with
MailScanner. 

Steve

Stephen Swaney
Fort Systems Ltd.
stephen.swaney@fsl.com
www.fsl.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Wed Dec 28 16:41:40 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:35 2006
Subject: problem sending large message
Message-ID: <mailman.18285.1137101495.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Bill Smith wrote on         Tue, 27 Dec 2005 11:24:46 -0800:

> (MailScanner is the gateway).

No, it's not. It's the "filter" *on* the gateway and the sendmail sits 
*before* it.

> Can anyone tell me what is wrong plz.?

It's not a MailScanner thing. You have to troubleshoot between your 
sendmail and Exchange.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Wed Dec 28 16:41:42 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:35 2006
Subject: Any potential gotchas using Maildir with MailScanner?
Message-ID: <mailman.18286.1137101495.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Jeff A. Earickson wrote on         Tue, 27 Dec 2005 20:46:08 -0500:

> This isn't a MailScanner issue, but you are probably aware that 
> maildir gobbles up zillions of inodes on your mailbox filesystem, 
> and you need to plan for this...

And how? Smaller block-size on separate partition for the mail 
spool/storage? Do I need one inode per message?

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From campbell at CNPAPERS.COM  Wed Dec 28 16:49:42 2005
From: campbell at CNPAPERS.COM (Steve Campbell)
Date: Thu Jan 12 21:31:35 2006
Subject: Bayes score question - sort of a rehash
Message-ID: <mailman.18287.1137101495.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I recalled a while back a thread about the Bayes score not being added to 
the message headers, so I found the old thread but don't know if it 
explained the problem, at least to me. I am not seeing the Bayes_?? scores 
in the headers on one of my servers.

I did have an old improper parm in my spam.assassassin.prefs.conf file, and 
fixed that. My bayes_seen file was huge, so I wiped them clean since 
the --force-expire didn't seem to help. I am running 4.36 and am planning an 
upgrade of MS/ClamAV/SA/MW as soon as I get the machine to myself. So here 
is my question:

At what point do the Bayes_00, etc start showing up again. I have enough 
spam emails, but not enough ham emails, in my new Bayes DBs. Should I see 
something before I reach 200 of both, or should I see something with just 
the 200+ spam entries. I did not use FSL's starter DB files. My DB files are 
growing, so I know they are being used.

Thanks for any insight and sorry for the rehashing of this problem.

Steve Campbell
campbell@cnpapers.com
Charleston Newspapers

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Wed Dec 28 16:52:25 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:35 2006
Subject: Any potential gotchas using Maildir with MailScanner?
Message-ID: <mailman.18288.1137101495.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Kai Schaetzl spake the following on 12/28/2005 8:41 AM:
> Jeff A. Earickson wrote on         Tue, 27 Dec 2005 20:46:08 -0500:
> 
> 
>>This isn't a MailScanner issue, but you are probably aware that 
>>maildir gobbles up zillions of inodes on your mailbox filesystem, 
>>and you need to plan for this...
> 
> 
> And how? Smaller block-size on separate partition for the mail 
> spool/storage? Do I need one inode per message?
> 
> Kai
> 
A simple solution would be to use ReiserFS on that partition, as it
stores its metadata in a b-tree index, and doesn't suffer with the inode
limit problem. It is supposed to be much faster with the smaller file
sizes also.



-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Wed Dec 28 19:32:07 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:35 2006
Subject: Bayes score question - sort of a rehash
Message-ID: <mailman.18289.1137101495.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Steve Campbell wrote on         Wed, 28 Dec 2005 11:49:42 -0500:

> At what point do the Bayes_00, etc start showing up again. I have enough 
> spam emails, but not enough ham emails, in my new Bayes DBs. Should I see 
> something before I reach 200 of both, or should I see something with just 
> the 200+ spam entries. I did not use FSL's starter DB files. My DB files are 
> growing, so I know they are being used.

There will only be Bayes scores once you have at least those mentioned 200 ham 
*and* spam. However, there is a setting which allows you to change that limit 
in sa. In the past, this option didn't allow to go under the 200, but from 
newer documentation it seems you can do this now, f.i. for testing (not 
recommended for production). Also running a spamassassin -D on a message will 
show you if Bayes seems to be at least usable, although not getting used yet. 
You should actively learn the first 200 (or more) of ham and spam unless you 
want to wait for a long time before it kicks in.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Wed Dec 28 20:24:31 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:35 2006
Subject: DMX Upgrade error
Message-ID: <mailman.18290.1137101495.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Contact Fort Systems for help with this. support@fsl.com should be able 
to help you.

Jan Agermose wrote:

> Hi
>
>  
>
> I tried upgradring my DMX testserver to the latest releasecandidate 
> but now it does not work. My guess is it has to do with this error in 
> the maillog:
>
>  
>
> Dec 28 07:26:59 scanner2 MailScanner[12301]: DefenderMX MailScanner 
> version 4.46.2 starting...
>
> Dec 28 07:26:59 scanner2 MailScanner[12301]: Could not read Custom 
> Functions directory
>
> Dec 28 07:26:59 scanner2 MailScanner[12301]: Using LDAP server localhost
>
> Dec 28 07:27:00 scanner2 MailScanner[12301]: Config: calling custom 
> init function MailWatchLogging
>
>  
>
> (line 2)
>
>  
>
> But what does that mean? Does anyone know? Is it because perl cannot 
> find the .pm files under /opt/Fortress/ ? how can I check and correct 
> the problem?
>
>  
>
> Mvh
>
> Jan
>
> [http://www.conviator.com/] <http://www.conviator.com/>
>
>  
>
> 	
>
> *Jan Agermose*
> Conviator ApS
>
> 	
>
> Tel. +45 35 266 460
>
>  
>
>
> Bliv SPAMfri.nu <http://www.spamfri.nu/>
>
>  
>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> *Support MailScanner development - buy the book off the website!*


-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Wed Dec 28 20:47:51 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:35 2006
Subject: removed attachment and notification to recipients
Message-ID: <mailman.18291.1137101495.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

So if there are also wanted attachments or not, you want the recipient 
to just get the body of the message and the allowed attachments (if any).

It's not easy, but it is possible. I need to search the message entity 
tree until I find the right attachment, which also has the right 
safe-name, and then remove it from the tree without causing a memory leak.

If other people need this as well, then I'll consider doing it. 
Financial bribery may be necessary unless several other people are going 
to use this feature. Essentially, as far as you are concerned, there will be
    allow
    deny
    deny+delete
    deny+deletesilently
as possible type of statement in filename.rules.conf and 
filetype.rules.conf.

Yossi Mor wrote:

>Hi Julian,
>
>First of all thanks for tour solution but users still get notification on 
>those removed files.
>
>Is there an option to send a notification to system admin only and not to 
>recipients? So he will take care for those emails.
>
>If i quarentine the whole message is it suitable enough?
>
>I am working on MR version 4.30.3
>
>Regards, Mor
>
>Yossi
>
>On Mon, 12 Dec 2005 14:36:35 +0000, Julian Field 
><MailScanner@ECS.SOTON.AC.UK> wrote:
>
>  
>
>>-----BEGIN PGP SIGNED MESSAGE-----
>>
>>Try using "deny+delete" in filename.rules.conf and
>>filetype.rules.conf. It may well help you.
>>
>>On 12 Dec 2005, at 13:24, Yossi Mor wrote:
>>
>>    
>>
>>>Hello forum,
>>>
>>>I am currently running MR 4.38-10 and i have a question regarding
>>>attachment removing from emails.
>>>
>>>Is it possible that for certain removed attachments recipients will
>>>not be
>>>informed?
>>>
>>>I got 2 specific .exe files that i have configured in the
>>>filename.rules.conf file and i do not want that emails with those 2
>>>files
>>>will be delivered nor any notification will be send to the recipients.
>>>
>>>Thanks,
>>>
>>>Yossi Mor
>>>
>>>BTW those attachments comes from many addresses
>>>
>>>------------------------ MailScanner list ------------------------
>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>>'leave mailscanner' in the body of the email.
>>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>>Support MailScanner development - buy the book off the website!
>>>      
>>>
>>- --
>>Julian Field
>>www.MailScanner.info
>>Buy the MailScanner book at www.MailScanner.info/store
>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>
>>
>>-----BEGIN PGP SIGNATURE-----
>>Version: PGP Desktop 9.0.3 (Build 2932)
>>
>>iQEVAwUBQ52K9fw32o+k+q+hAQEH7wgAtoCgcxhzXC8OAt39Nh/nKZOCVEmNJVwG
>>a6T3Mmdn9LBj1HEanp6AEML4FI2yO40S9gmwC0IyRrUwE/XZT4nk8wMhUJxQrJ1f
>>1x5IaACnkk1mQJKTUTKJ3jdQ1x8gbdH6k9M+3TJ8+Z/dzd91t4I0QsjKuYZbpOdl
>>EVLDPtpIXY7Ma6kAPcyqrlyW0I//sZaKZ5C/5ncbRIPKO2uqxbUMDmKtutKr8wx7
>>2ifzXQjc+zETYSMaWYS2+jjRRz1S9Oa1ksFGLi9sjdHj6NmXINTB3UznwiyF+XRN
>>dkVYeQ8szZoo5q0s1zM7kVcqMzx+HD921mo17IbJeZah+wrBfME9fQ==
>>=OlTq
>>-----END PGP SIGNATURE-----
>>
>>--
>>This message has been scanned for viruses and
>>dangerous content by MailScanner, and is
>>believed to be clean.
>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>Support MailScanner development - buy the book off the website!
>>=========================================================================
>>    
>>
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>  
>

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mlm at LOANPROCESSING.NET  Wed Dec 28 23:47:21 2005
From: mlm at LOANPROCESSING.NET (Mike McMullen)
Date: Thu Jan 12 21:31:35 2006
Subject: Any potential gotchas using Maildir with MailScanner?
Message-ID: <mailman.18292.1137101495.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

----- Original Message ----- 
From: "Scott Silva" <ssilva@SGVWATER.COM>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Wednesday, December 28, 2005 8:52 AM
Subject: Re: Any potential gotchas using Maildir with MailScanner?


> Kai Schaetzl spake the following on 12/28/2005 8:41 AM:
>> Jeff A. Earickson wrote on         Tue, 27 Dec 2005 20:46:08 -0500:
>> 
>> 
>>>This isn't a MailScanner issue, but you are probably aware that 
>>>maildir gobbles up zillions of inodes on your mailbox filesystem, 
>>>and you need to plan for this...
>> 
>> 
>> And how? Smaller block-size on separate partition for the mail 
>> spool/storage? Do I need one inode per message?
>> 
>> Kai
>> 
> A simple solution would be to use ReiserFS on that partition, as it
> stores its metadata in a b-tree index, and doesn't suffer with the inode
> limit problem. It is supposed to be much faster with the smaller file
> sizes also.
> 

Thank you to everyone who responded. After reading feedback from the
list and my testing on a dev box, I converted my mail folders to Maildir
format last night on the production system as a "pilot". 

I converted roughly 100,000 emails of my biz and personal stuff from mbox
to maildir (roughly 60 folders) using mb2md-3.20.pl. It worked like a champ
with the exception of  ~20 emails ending up with dates of 1969.

I had to do some minor mods to my procmailrc file and recipes so 
that procmail knew to use maildir format and where the folders were 
but it went very smooth. My list mail is getting sorted in the right folders
and dovecot found everything without me having to do anything. 

Regarding inodes, according to "inndf -i" I have just under 50 million inodes
free so I think I am fine. There are only 10 of us on the server. 

I use s/w raid 1 (mirroring). Can you use reiserfs with a software raid device?

I use rsync for offsite mirroring as a backup strategy. After the initial rsync to
get all the new folders/files etc to the offsite system, I found backup times
greatly improved over using mbox. My guess is no huge compressed diffs
for big mboxes that only had one or two emails added to them.

There were no MailScanner/SA/Sendmail issues at aside from slightly changing
my bayes training script.

So all in all a big success so far. Now I can convert everyone else over
the weekend.

Again thanks to everyone who responded!

Mike
 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ka at PACIFIC.NET  Thu Dec 29 00:40:19 2005
From: ka at PACIFIC.NET (Ken A)
Date: Thu Jan 12 21:31:35 2006
Subject: phishing from same domain?
Message-ID: <mailman.18293.1137101495.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hello,

Is there any way to tell the phishing code to ignore matches like this I 
see in the log now and then?

MailScanner[4228]: Found phishing fraud from email.capitalone.com 
claiming to be www.capitalone.com in jBT0Dh5c006095

I'd like it if MailScanner had an option so it would decide something 
was phishing ONLY if the domain name didn't match, but ignore the 
hostname. This assumes that most people can control hosts within their 
own domain, but I think it would be a nice option.

The text of the email:

You can view our privacy policy and contact information at <a 
href="http://email.capitalone.com/TBXX034D3DDDDDD10614XX" 
target="_blank"><font color="red"><b>MailScanner has detected a possible 
fraud attempt from "email.capitalone.com" claiming to be</b></font> 
http://www.capitalone.com</a>.

Thanks,
Ken A

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From taz at TAZ-MANIA.COM  Thu Dec 29 00:42:39 2005
From: taz at TAZ-MANIA.COM (Dennis Willson)
Date: Thu Jan 12 21:31:35 2006
Subject: phishing from same domain?
Message-ID: <mailman.18294.1137101495.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Yes, that would be a great option!

Ken A wrote:
> Hello,
> 
> Is there any way to tell the phishing code to ignore matches like this I 
> see in the log now and then?
> 
> MailScanner[4228]: Found phishing fraud from email.capitalone.com 
> claiming to be www.capitalone.com in jBT0Dh5c006095
> 
> I'd like it if MailScanner had an option so it would decide something 
> was phishing ONLY if the domain name didn't match, but ignore the 
> hostname. This assumes that most people can control hosts within their 
> own domain, but I think it would be a nice option.
> 
> The text of the email:
> 
> You can view our privacy policy and contact information at <a 
> href="http://email.capitalone.com/TBXX034D3DDDDDD10614XX" 
> target="_blank"><font color="red"><b>MailScanner has detected a possible 
> fraud attempt from "email.capitalone.com" claiming to be</b></font> 
> http://www.capitalone.com</a>.
> 
> Thanks,
> Ken A
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From eaperezh at GMAIL.COM  Thu Dec 29 01:44:34 2005
From: eaperezh at GMAIL.COM (Erick Perez)
Date: Thu Jan 12 21:31:35 2006
Subject: MS gateway checking for valid users before delivery
Message-ID: <mailman.18295.1137101495.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi, I've never implemented or read about how to setup the following
config, so I wish some ideas can be given by the members of this list.

in the past few days our microsoft exchange server is taking about 25k
to 35k emails per day. All spam, destined in 80% of the cases to
non-existent addresses in our company. So i think is a good time to
give MS a try.

I will use centos 4.2, MS, Postfix (or sendmail, but like postfix),
MySQL,ClamAV and mailwatch to setup the antispam gateway (yes, we do
not have spam protection blame the board of directors and the budget
cuts).

I got a script in perl that lets me export the smtp addresses of the 4
domains we handle in the exchange server and i want to setup the
centos box to *not* even try to check for spam/virus/etc if the
recipient does not exist and silently discard the email. If the
recipients emails is valid, then do the anti-spam/virus/etc stuff.

the centos box will also have to be a smart relay since my exchange
server will use it to send to the internet and of course the centos
box will smart forward all processed emails to the exchange box.

I have no idea how to setup this in terms of postfix configuration and
MS configuration.

I posted a smilar question to one postfix forum but I think I didn't
explain myself very well.

Comments, suggestions?

Thanks in advance.


--

-------------------------------------------
Erick Perez
Linux User 376588
http://counter.li.org/  (Get counted!!!)
Panama, Republic of Panama

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From cstone at AXINT.NET  Thu Dec 29 01:55:57 2005
From: cstone at AXINT.NET (Chris Stone)
Date: Thu Jan 12 21:31:35 2006
Subject: MS gateway checking for valid users before delivery
Message-ID: <mailman.18296.1137101495.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On Wednesday 28 December 2005 06:44 pm, Erick Perez wrote:
> Hi, I've never implemented or read about how to setup the following
> config, so I wish some ideas can be given by the members of this list.
>
> in the past few days our microsoft exchange server is taking about 25k
> to 35k emails per day. All spam, destined in 80% of the cases to
> non-existent addresses in our company. So i think is a good time to
> give MS a try.
>
> I will use centos 4.2, MS, Postfix (or sendmail, but like postfix),
> MySQL,ClamAV and mailwatch to setup the antispam gateway (yes, we do
> not have spam protection blame the board of directors and the budget
> cuts).

Don't know how to do it with Postfix as the MTA but with Sendmail it's as easy 
as installing milter-sender (commercial) or milter-ahead (free). They will 
check the backend server defined through the mailertable.db file for valid 
addresses - if that backend server accepts the message, then sendmail will 
and it'll go through your MailScanner processing, otherwise, Sendmail 
(actually milter-ahead) will cause rejection of the messages. Works quite 
well.


Chris

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From eaperezh at GMAIL.COM  Thu Dec 29 02:11:05 2005
From: eaperezh at GMAIL.COM (Erick Perez)
Date: Thu Jan 12 21:31:35 2006
Subject: MS gateway checking for valid users before delivery
Message-ID: <mailman.18297.1137101495.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

good lord! I've been out of sendmail business for quite a while. Just
read the milter page in http://www.milter.info//sendmail/milter-ahead/
and it was like chinesse (no offense) to me.

Will keep reading the milter page but hope some other postfix-aware
solution gets posted.

BTW thanks Chris!!!!


On 12/28/05, Chris Stone <cstone@axint.net> wrote:
> On Wednesday 28 December 2005 06:44 pm, Erick Perez wrote:
> > Hi, I've never implemented or read about how to setup the following
> > config, so I wish some ideas can be given by the members of this list.
> >
> > in the past few days our microsoft exchange server is taking about 25k
> > to 35k emails per day. All spam, destined in 80% of the cases to
> > non-existent addresses in our company. So i think is a good time to
> > give MS a try.
> >
> > I will use centos 4.2, MS, Postfix (or sendmail, but like postfix),
> > MySQL,ClamAV and mailwatch to setup the antispam gateway (yes, we do
> > not have spam protection blame the board of directors and the budget
> > cuts).
>
> Don't know how to do it with Postfix as the MTA but with Sendmail it's as easy
> as installing milter-sender (commercial) or milter-ahead (free). They will
> check the backend server defined through the mailertable.db file for valid
> addresses - if that backend server accepts the message, then sendmail will
> and it'll go through your MailScanner processing, otherwise, Sendmail
> (actually milter-ahead) will cause rejection of the messages. Works quite
> well.
>
>
> Chris
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>


--

-------------------------------------------
Erick Perez
Linux User 376588
http://counter.li.org/  (Get counted!!!)
Panama, Republic of Panama

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From chris at TAC.ESI.NET  Thu Dec 29 02:14:35 2005
From: chris at TAC.ESI.NET (Chris Hammond)
Date: Thu Jan 12 21:31:35 2006
Subject: MS gateway checking for valid users before delivery
Message-ID: <mailman.18298.1137101495.24926.mailscanner@lists.mailscanner.info>

Add the following two lines to main.cf

relay_recipient_maps = hash:/etc/postfix/auth_recipients
show_user_unknown_table_name = no 

Create the file /etc/postfix/auth_recipients and add the allowed addresses in the following format.

user@domain.com  OK

Then run postmap against the file.

postmap /etc/postfix/auth_recipients

I always do a "service MailScanner restart".  Don't know if it is necessary and a postfix reload would do the job but this covers all the bases.

Just make sure that everyone that should get mail is in the list or they will not get it.

Chris
 
>>> cstone@AXINT.NET 12/28/05 8:55 pm >>> 
On Wednesday 28 December 2005 06:44 pm, Erick Perez wrote:
> Hi, I've never implemented or read about how to setup the following
> config, so I wish some ideas can be given by the members of this list.
>
> in the past few days our microsoft exchange server is taking about 25k
> to 35k emails per day. All spam, destined in 80% of the cases to
> non- existent addresses in our company. So i think is a good time to
> give MS a try.
>
> I will use centos 4.2, MS, Postfix (or sendmail, but like postfix),
> MySQL,ClamAV and mailwatch to setup the antispam gateway (yes, we do
> not have spam protection blame the board of directors and the budget
> cuts).

Don't know how to do it with Postfix as the MTA but with Sendmail it's as easy 
as installing milter- sender (commercial) or milter- ahead (free). They will 
check the backend server defined through the mailertable.db file for valid 
addresses -  if that backend server accepts the message, then sendmail will 
and it'll go through your MailScanner processing, otherwise, Sendmail 
(actually milter- ahead) will cause rejection of the messages. Works quite 
well.


Chris

------------------------  MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development -  buy the book off the website!

--  
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From pete at ENITECH.COM.AU  Thu Dec 29 04:46:37 2005
From: pete at ENITECH.COM.AU (Pete Russell)
Date: Thu Jan 12 21:31:35 2006
Subject: MS gateway checking for valid users before delivery
Message-ID: <mailman.18299.1137101495.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

If you want a perl script that will
1. query AD for ALL valid usernames
2. Build the map file in the correct postfix format
3. Postmap it and reload postfix
All you need to do is cron it and you have implemnted milter ahead for 
postfix and exchange, let me know and i will email it to you.

We have been using this for years and it works flawlessly and can be 
implmented in realtime without causing downtime.

Maybe its in the wiki too?



Chris Hammond wrote:
> Add the following two lines to main.cf
> 
> relay_recipient_maps = hash:/etc/postfix/auth_recipients
> show_user_unknown_table_name = no 
> 
> Create the file /etc/postfix/auth_recipients and add the allowed addresses in the following format.
> 
> user@domain.com  OK
> 
> Then run postmap against the file.
> 
> postmap /etc/postfix/auth_recipients
> 
> I always do a "service MailScanner restart".  Don't know if it is necessary and a postfix reload would do the job but this covers all the bases.
> 
> Just make sure that everyone that should get mail is in the list or they will not get it.
> 
> Chris
>  
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Thu Dec 29 05:21:39 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:35 2006
Subject: MS gateway checking for valid users before delivery
Message-ID: <mailman.18300.1137101495.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 29/12/05, Pete Russell <pete@enitech.com.au> wrote:
> If you want a perl script that will
> 1. query AD for ALL valid usernames
> 2. Build the map file in the correct postfix format
> 3. Postmap it and reload postfix
> All you need to do is cron it and you have implemnted milter ahead for
> postfix and exchange, let me know and i will email it to you.
>
> We have been using this for years and it works flawlessly and can be
> implmented in realtime without causing downtime.
>
> Maybe its in the wiki too?
>

Yes.... Didn't you write that Pete? Anyway, here's a link:
http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:how_to:reject_non_existent_users#rejecting_unknown_non-local_users

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Thu Dec 29 05:26:30 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:35 2006
Subject: MS gateway checking for valid users before delivery
Message-ID: <mailman.18301.1137101495.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 29/12/05, Glenn Steen <glenn.steen@gmail.com> wrote:
> On 29/12/05, Pete Russell <pete@enitech.com.au> wrote:
> > If you want a perl script that will
> > 1. query AD for ALL valid usernames
> > 2. Build the map file in the correct postfix format
> > 3. Postmap it and reload postfix
> > All you need to do is cron it and you have implemnted milter ahead for
> > postfix and exchange, let me know and i will email it to you.
> >
> > We have been using this for years and it works flawlessly and can be
> > implmented in realtime without causing downtime.
> >
> > Maybe its in the wiki too?
> >
>
> Yes.... Didn't you write that Pete? Anyway, here's a link:
> http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:how_to:reject_non_existent_users#rejecting_unknown_non-local_users
>
Hm, the eatathome link seems to have gone stale (there's a joke hidden
in there .... somewhere:-)... Would you mind updating that Pete?

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From smcguane at MAILSHIELD.COM.AU  Thu Dec 29 06:30:16 2005
From: smcguane at MAILSHIELD.COM.AU (ShaunM [MailShield])
Date: Thu Jan 12 21:31:35 2006
Subject: MailScanner Will Not Start
Message-ID: <mailman.18302.1137101495.24926.mailscanner@lists.mailscanner.info>

Heya, 

I have this problem when starting mailscanner. Anyone know what it is ? or
how to fix it?

It does not start even when it says ok.


root@filter1 [~/msinstall]# service MailScanner restart
Shutting down MailScanner daemons:
         MailScanner:                                      [FAILED]
Starting MailScanner daemons:
         MailScanner:       Can't locate Net/CIDR.pm in @INC (@INC contains:
/usr/mailscanner/lib /usr/lib/perl5/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/5.8.0 /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl
/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl
/usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 .
/usr/mailscanner/lib) at /usr/mailscanner/lib/MailScanner/Config.pm line 34.
BEGIN failed--compilation aborted at
/usr/mailscanner/lib/MailScanner/Config.pm line 34.
Compilation failed in require at /usr/mailscanner/bin/MailScanner line 64.
BEGIN failed--compilation aborted at /usr/mailscanner/bin/MailScanner line
64.
                                                           [  OK  ]
root@filter1 [~/msinstall]#

Thanks
Shaun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From gdoris at rogers.com  Thu Dec 29 07:28:03 2005
From: gdoris at rogers.com (Gerry Doris)
Date: Thu Jan 12 21:31:35 2006
Subject: MailScanner Will Not Start
Message-ID: <mailman.18303.1137101495.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

ShaunM [MailShield] wrote:
> Heya, 
> 
> I have this problem when starting mailscanner. Anyone know what it is ? or
> how to fix it?
> 
> It does not start even when it says ok.
> 
> 
> root@filter1 [~/msinstall]# service MailScanner restart
> Shutting down MailScanner daemons:
>          MailScanner:                                      [FAILED]
> Starting MailScanner daemons:
>          MailScanner:       Can't locate Net/CIDR.pm in @INC (@INC contains:
> /usr/mailscanner/lib /usr/lib/perl5/5.8.0/i386-linux-thread-multi
> /usr/lib/perl5/5.8.0 /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi
> /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl
> /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi
> /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl
> /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 .
> /usr/mailscanner/lib) at /usr/mailscanner/lib/MailScanner/Config.pm line 34.
> BEGIN failed--compilation aborted at
> /usr/mailscanner/lib/MailScanner/Config.pm line 34.
> Compilation failed in require at /usr/mailscanner/bin/MailScanner line 64.
> BEGIN failed--compilation aborted at /usr/mailscanner/bin/MailScanner line
> 64.
>                                                            [  OK  ]
> root@filter1 [~/msinstall]#
> 
> Thanks
> Shaun

Have you considered installing Net::CIDR?

Gerry

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From smcguane at MAILSHIELD.COM.AU  Thu Dec 29 06:20:53 2005
From: smcguane at MAILSHIELD.COM.AU (ShaunM [MailShield])
Date: Thu Jan 12 21:31:35 2006
Subject: MailScanner Will Not Start
Message-ID: <mailman.18304.1137101495.24926.mailscanner@lists.mailscanner.info>

Heya, 

I have this problem when starting mailscanner. Anyone know what it is ? or
how to fix it?

It does not start even when it says ok.


root@filter1 [~/msinstall]# service MailScanner restart
Shutting down MailScanner daemons:
         MailScanner:                                      [FAILED]
Starting MailScanner daemons:
         MailScanner:       Can't locate Net/CIDR.pm in @INC (@INC contains:
/usr/mailscanner/lib /usr/lib/perl5/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/5.8.0 /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl
/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl
/usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 .
/usr/mailscanner/lib) at /usr/mailscanner/lib/MailScanner/Config.pm line 34.
BEGIN failed--compilation aborted at
/usr/mailscanner/lib/MailScanner/Config.pm line 34.
Compilation failed in require at /usr/mailscanner/bin/MailScanner line 64.
BEGIN failed--compilation aborted at /usr/mailscanner/bin/MailScanner line
64.
                                                           [  OK  ]
root@filter1 [~/msinstall]#

Thanks
Shaun



---------------------------------------------------------------------------------------------------
MailShield E-mail Anti-Virus, Anti-Spam and Content Filtering Service. http://www.mailshield.com.au

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From miguelk at KONSULTEX.COM.BR  Thu Dec 29 11:47:37 2005
From: miguelk at KONSULTEX.COM.BR (Miguel Koren O'Brien de Lacy)
Date: Thu Jan 12 21:31:35 2006
Subject: MailScanner Will Not Start
Message-ID: <mailman.18305.1137101495.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Shaun;

On Nov. 10th I had a strange problem with MailScanner due to perl. It 
was not quite like yours although the result was the same: it would not 
start. I solved it by rebooting the machine. I hate to do that but there 
was no magic that would make it work.

Of course, Gerry's idea makes sense too. But in my case I also had 
strange messages telling me that things that I did have were not installed.

Miguel

Gerry Doris wrote:

> ShaunM [MailShield] wrote:
>
>> Heya,
>> I have this problem when starting mailscanner. Anyone know what it is 
>> ? or
>> how to fix it?
>>
>> It does not start even when it says ok.
>>
>>
>> root@filter1 [~/msinstall]# service MailScanner restart
>> Shutting down MailScanner daemons:
>>          MailScanner:                                      [FAILED]
>> Starting MailScanner daemons:
>>          MailScanner:       Can't locate Net/CIDR.pm in @INC (@INC 
>> contains:
>> /usr/mailscanner/lib /usr/lib/perl5/5.8.0/i386-linux-thread-multi
>> /usr/lib/perl5/5.8.0 
>> /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi
>> /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl
>> /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi
>> /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl
>> /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 .
>> /usr/mailscanner/lib) at /usr/mailscanner/lib/MailScanner/Config.pm 
>> line 34.
>> BEGIN failed--compilation aborted at
>> /usr/mailscanner/lib/MailScanner/Config.pm line 34.
>> Compilation failed in require at /usr/mailscanner/bin/MailScanner 
>> line 64.
>> BEGIN failed--compilation aborted at /usr/mailscanner/bin/MailScanner 
>> line
>> 64.
>>                                                            [  OK  ]
>> root@filter1 [~/msinstall]#
>>
>> Thanks
>> Shaun
>
>
> Have you considered installing Net::CIDR?
>
> Gerry
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

-- 
Esta mensagem foi verificada pelo sistema de antivírus e
 acredita-se estar livre de perigo.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From AHKAPLAN at PARTNERS.ORG  Thu Dec 29 13:13:17 2005
From: AHKAPLAN at PARTNERS.ORG (Kaplan, Andrew H.)
Date: Thu Jan 12 21:31:35 2006
Subject: Problem Starting MailScanner
Message-ID: <mailman.18306.1137101495.24926.mailscanner@lists.mailscanner.info>


Hi there &#8211;

 

We have MailScanner running on an HP-UX 10.20 secured/trusted system and
are having problems getting it to run on startup.

The script to start the program is in /sbin/init.d. During system boot,
the script comes back with a failed message. When we

try to start the program via the script, we get the output that is shown
below:

 

[IMAGE]

 

As you can see, MailScanner does not appear to be running. Consequently,
while the sendmail daemon is running, mail messages

are not being passed to it and subsequently delivered to their
recipients.

 

What steps do I need to take to correct this matter? Thanks.

 


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


    [ Part 2, "image002.jpg"  Image/JPEG  18KB. ]
    [ Unable to print this part. ]


From drew at THEMARSHALLS.CO.UK  Thu Dec 29 13:36:36 2005
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:31:35 2006
Subject: MS gateway checking for valid users before delivery
Message-ID: <mailman.18307.1137101495.24926.mailscanner@lists.mailscanner.info>

On 29 Dec 2005, at 05:21, Glenn Steen wrote:

> On 29/12/05, Pete Russell <pete@enitech.com.au> wrote:
>> If you want a perl script that will
>> 1. query AD for ALL valid usernames
>> 2. Build the map file in the correct postfix format
>> 3. Postmap it and reload postfix
>> All you need to do is cron it and you have implemnted milter ahead  
>> for
>> postfix and exchange, let me know and i will email it to you.
>>
>> We have been using this for years and it works flawlessly and can be
>> implmented in realtime without causing downtime.
>>
>> Maybe its in the wiki too?
>>
>
> Yes.... Didn't you write that Pete? Anyway, here's a link:
> http://wiki.mailscanner.info/doku.php? 
> id=documentation:configuration:mta:postfix:how_to:reject_non_existent_ 
> users#rejecting_unknown_non-local_users

Pete wrote the original for Notes/ Dominio in the old MAQ and I  
converted it to the wiki (And added a couple of bits for Exchange).  
Anyway to the OP the wiki covers how I would do it.

However, if you want to implement a milter ahead style feature,  
Postfix comes with this built in have a look at  
reject_unverified_recipient under smtpd_recipient_restrictions. You  
can read more here http://www.postfix.org/postconf. 
5.html#smtpd_recipient_restrictions be aware though you must have  
implemented smtp filtering on the Exchange server for this to work  
(So unknown recipients are rejected at smtp stage and not bounced  
later) or else non of these types of checks will work (No matter  
which MTA you use).

Drew

-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From shuttlebox at GMAIL.COM  Thu Dec 29 14:07:07 2005
From: shuttlebox at GMAIL.COM (shuttlebox)
Date: Thu Jan 12 21:31:35 2006
Subject: Problem Starting MailScanner
Message-ID: <mailman.18308.1137101495.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 12/29/05, Kaplan, Andrew H. <AHKAPLAN@partners.org> wrote:

      What steps do I need to take to correct this matter? Thanks.


Are you using the Linux startup script or something else? You seem to
have several errors, post the script here otherwise we can't help you.


--
/Peter
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From lists at hbcs.org  Thu Dec 29 14:12:11 2005
From: lists at hbcs.org (Dave C)
Date: Thu Jan 12 21:31:35 2006
Subject: Problem Starting MailScanner
Message-ID: <mailman.18309.1137101495.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "windows-1252" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Kaplan, Andrew H. wrote:
> Hi there ^Ö
> 
> We have MailScanner running on an HP-UX 10.20 secured/trusted system and 
> are having problems getting it to run on startup.
> 
> The script to start the program is in /sbin/init.d. During system boot, 
> the script comes back with a failed message. When we
> 
> try to start the program via the script, we get the output that is shown 
> below:
> 
<snip image>
> As you can see, MailScanner does not appear to be running. Consequently, 
> while the sendmail daemon is running, mail messages
> are not being passed to it and subsequently delivered to their recipients.
> What steps do I need to take to correct this matter? Thanks.
> 

Not knowing what is in the script that is used to start your MailScanner 
makes it kind of difficult to see where it fails...

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From AHKAPLAN at PARTNERS.ORG  Thu Dec 29 14:24:53 2005
From: AHKAPLAN at PARTNERS.ORG (Kaplan, Andrew H.)
Date: Thu Jan 12 21:31:35 2006
Subject: Problem Starting MailScanner
Message-ID: <mailman.18310.1137101495.24926.mailscanner@lists.mailscanner.info>


Hi there &#8211;

 

Thank-you for your reply. As requested, I am enclosing a copy of the
startup script. Thank-you also for your patience on this.

 

 

 


________________________________________________________________________________


From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of shuttlebox
Sent: Thursday, December 29, 2005 9:07 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Problem Starting MailScanner

 

On 12/29/05, Kaplan, Andrew H. <AHKAPLAN@partners.org> wrote:

      What steps do I need to take to correct this matter? Thanks.


Are you using the Linux startup script or something else? You seem to
have several errors, post the script here otherwise we can't help you.


--
/Peter
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


    [ Part 2, "MailScanner"  Application/OCTET-STREAM (Name: ]
    [ "MailScanner")  4.1KB. ]
    [ Unable to print this part. ]


From b_kiziltan at HOTMAIL.COM  Thu Dec 29 14:26:00 2005
From: b_kiziltan at HOTMAIL.COM (Bahadir Kiziltan)
Date: Thu Jan 12 21:31:35 2006
Subject: MS gateway checking for valid users before delivery
Message-ID: <mailman.18311.1137101495.24926.mailscanner@lists.mailscanner.info>

Have MS 4.47-4 with Postfix on a server running Fedora Core 4, in charge of 
protecting Exchange 2003 :-). Here are the steps in order to accept mails 
only for valid users defined in Active Directory.

- Be sure that following perl modules are available, if not dw and install
perl-Net-LDAP (should already be available)
perl-Authen-SASL
perl-Net-SSLeay
perl-IO-Socket-SSL

- Find and modify the perl script called "getadsmtp.pl" appropriately.
$VALID = "/etc/postfix/AD_user_list"
$dc1="hostname.domain.com";
$dc2="hostname.domain.com";
$hqbase="dc=domain,dc=com";
$user="any_user\@domain.com";
$passwd="password";

- Then run it. Cron the pl script to be run periodically.

- Edit your /etc/postfix/main.cf file and add the following line...
relay_recipient_maps = /etc/postfix/AD_user_list

- Postmap the file created.
postmap /etc/postfix/AD_user_list

- Stop/start MTA.

Don't need to reload/restart postfix after every time re-mapping the file.

- Bahadir.





>From: Erick Perez <eaperezh@GMAIL.COM>
>Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
>To: MAILSCANNER@JISCMAIL.AC.UK
>Subject: MS gateway checking for valid users before delivery
>Date: Wed, 28 Dec 2005 20:44:34 -0500
>
>Hi, I've never implemented or read about how to setup the following
>config, so I wish some ideas can be given by the members of this list.
>
>in the past few days our microsoft exchange server is taking about 25k
>to 35k emails per day. All spam, destined in 80% of the cases to
>non-existent addresses in our company. So i think is a good time to
>give MS a try.
>
>I will use centos 4.2, MS, Postfix (or sendmail, but like postfix),
>MySQL,ClamAV and mailwatch to setup the antispam gateway (yes, we do
>not have spam protection blame the board of directors and the budget
>cuts).
>
>I got a script in perl that lets me export the smtp addresses of the 4
>domains we handle in the exchange server and i want to setup the
>centos box to *not* even try to check for spam/virus/etc if the
>recipient does not exist and silently discard the email. If the
>recipients emails is valid, then do the anti-spam/virus/etc stuff.
>
>the centos box will also have to be a smart relay since my exchange
>server will use it to send to the internet and of course the centos
>box will smart forward all processed emails to the exchange box.
>
>I have no idea how to setup this in terms of postfix configuration and
>MS configuration.
>
>I posted a smilar question to one postfix forum but I think I didn't
>explain myself very well.
>
>Comments, suggestions?
>
>Thanks in advance.
>
>
>--
>
>-------------------------------------------
>Erick Perez
>Linux User 376588
>http://counter.li.org/  (Get counted!!!)
>Panama, Republic of Panama
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From pete at ENITECH.COM.AU  Thu Dec 29 14:42:51 2005
From: pete at ENITECH.COM.AU (Pete Russell)
Date: Thu Jan 12 21:31:35 2006
Subject: MS gateway checking for valid users before delivery
Message-ID: <mailman.18312.1137101495.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hmmm - buggar. Those files are now lost, i didnt grab them when i moved 
hosts. I will clean up the ones i use at work and put them back in the 
wiki - next week when i return from hols.

IN the meantime do you want me to em ail the exhcnage one to you Erick?

Pete


>>
>>Yes.... Didn't you write that Pete? Anyway, here's a link:
>>http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:how_to:reject_non_existent_users#rejecting_unknown_non-local_users
>>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From rgreen at TRAYERPRODUCTS.COM  Thu Dec 29 15:45:34 2005
From: rgreen at TRAYERPRODUCTS.COM (Rodney Green)
Date: Thu Jan 12 21:31:35 2006
Subject: OT (Sort of) header_checks
Message-ID: <mailman.18313.1137101495.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]


Hello,


I would like to add a line to my header_checks file for Postfix.
MailScanner has the line /^Received:/ HOLD
Is it okay to add the following to the header_checks? Should I add it
above or below the MailScanner line?

 /^content-(type|disposition):.*name[[:space:]]*=.*\.(exe|vbs|wmf|bat|scr|pif|com)/
               REJECT Bad attachment file name extension: $2

Thanks,
--
Rodney Green
--
"Cross country skiing is great if you live in a small country."

 - Steven Wright

Honor the Fallen

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From shuttlebox at GMAIL.COM  Thu Dec 29 15:55:41 2005
From: shuttlebox at GMAIL.COM (shuttlebox)
Date: Thu Jan 12 21:31:35 2006
Subject: Problem Starting MailScanner
Message-ID: <mailman.18314.1137101495.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "WINDOWS-1252" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 12/29/05, Kaplan, Andrew H. <AHKAPLAN@partners.org> wrote:

      Hi there ^Ö


      Thank-you for your reply. As requested, I am enclosing a copy
      of the startup script. Thank-you also for your patience on
      this.

My guess is that your script is for Linux and the bash shell. It looks
like the commands fail because they have no parameters, try removing the
comments from the debug echo lines in the beginning, I think you will
find those variables empty. Looks like a pretty complicated script if you
ask me, mine is much simpler (and works). I'm not at work now but if you
can't fix your script I can post mine at request.

--
/Peter

From rgreen at TRAYERPRODUCTS.COM  Thu Dec 29 15:53:09 2005
From: rgreen at TRAYERPRODUCTS.COM (Rodney Green)
Date: Thu Jan 12 21:31:35 2006
Subject: WMF Exploit
Message-ID: <mailman.18315.1137101495.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

With the WMF Zero-day exploit on the loose does MailScanner have the
ability to detect WMF files - other than by extension - using the
filetype.rules.conf file?

Thanks,
--
Rodney Green

"Cross country skiing is great if you live in a small country."

 - Steven Wright

Honor the Fallen

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From shuttlebox at GMAIL.COM  Thu Dec 29 16:00:30 2005
From: shuttlebox at GMAIL.COM (shuttlebox)
Date: Thu Jan 12 21:31:35 2006
Subject: WMF Exploit
Message-ID: <mailman.18316.1137101495.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 12/29/05, Rodney Green <rgreen@trayerproducts.com> wrote:
      With the WMF Zero-day exploit on the loose does MailScanner
      have the ability to detect WMF files - other than by
      extension - using the filetype.rules.conf file?


Try the file command on a wmf-file, if you're lucky it's detected as
something unique and you can use that in the filetype.rules.conf-file but
if it's something like "data" or other generic type you can always roll
your own magic signature, look in /etc/magic.

I just blocked it in filename.rules.conf myself.

--
/Peter
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From ka at PACIFIC.NET  Thu Dec 29 17:21:40 2005
From: ka at PACIFIC.NET (Ken A)
Date: Thu Jan 12 21:31:35 2006
Subject: .wmf vulnerability
Message-ID: <mailman.18317.1137101495.24926.mailscanner@lists.mailscanner.info>

Wess Bechard wrote:

> Ken,
> 
> Filename rules will work without the file command.  
> 
> You will need the file command to use the FileType rules.
> 
> Sincerely,
> 
> Wess

Thanks Wess, I do understand that, but what I'm wondering about is the 
strings returned by the file command are based on /usr/share/file/magic, 
which reports things like perl and shell scripts as executable - so they 
are blocked in the default filetype.rules.conf. I don't want to treat 
them the same as a windows metafile hiding as some innocent .txt file.

Does anyone has a real world filetype.rules.conf file that is a bit more 
permissive than the default, but still catches the windows junk.

Thanks,

Ken A.
Pacific.Net


> 
> On Thu, 2005-12-29 at 08:19 -0800, Ken A wrote:
> 
> 
>>Any suggestions for blocking the latest unpatched remote hole in windows?
>>
>>http://www.us-cert.gov/cas/techalerts/TA05-362A.html
>>
>>I've added \.wmf to filename.rules.conf (under Julian's "More Microsoft 
>>security vulnerabilities"), but I don't have the file command turned on 
>>to use filetype rules.
>>
>>What is the implications of enabling the "File Command =" config option? 
>>Are there any 'gotchas' I should be aware of?
>>
>>Thanks,
>>
>>Ken A
>>Pacific.Net
>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>Support MailScanner development - buy the book off the website!
> 
> 
> 
> ___________________________________________
> 
> Wess Bechard
> Information Technology Manager
> eliquidMEDIA International Inc.
> Visit: www.eliquid.com
> Office: 519.973.1930  -  1.800.561.7525
> Fax: 519.253.0337
> Cell: 519.791.9492
> ___________________________________________
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jlmiller at MMTNETWORKS.COM.AU  Wed Dec 28 07:10:37 2005
From: jlmiller at MMTNETWORKS.COM.AU (Jon Miller)
Date: Thu Jan 12 21:31:35 2006
Subject: Mail not going out
Message-ID: <mailman.18318.1137101495.24926.mailscanner@lists.mailscanner.info>

Have no idea what has happened, just that mail has stopped going out.  Still comes in okay.  Restarted the server, services, etc.  using postfix and sophos but cannot figure out why mail has stopped.
Is there a way to set the program in debug mode and /or generate a log file to try to track down the problem?


Jon

Jon L. Miller,  ASE, CNS, CLS, MCNE, CCNA
Director/Sr Systems Consultant
MMT Networks Pty Ltd
http://www.mmtnetworks.com.au
Resellers for: Novell Gold Partner, Cisco Partner, Peopletelecom, Westnet, Sophos Anti-Virus, 

"I don't know the key to success, but the key to failure
 is trying to please everybody." -Bill Cosby

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, "HTML"  Text/PLAIN  32 lines. ]
    [ Unable to print this part. ]


From drolland at KDINET.COM  Thu Dec 29 15:50:36 2005
From: drolland at KDINET.COM (Diane Rolland)
Date: Thu Jan 12 21:31:35 2006
Subject: archiving to a file location - what are the qf and df files?
Message-ID: <mailman.18319.1137101495.24926.mailscanner@lists.mailscanner.info>


Greetings;

 

I&#8217;m wanting to set up an archive rule that send email to a specific
file location.  I have the rule working and they go into the YYYYMMDD
folder.  My question is what are the qf and df files?  Ultimately,
I&#8217;ll want to extract file attachments from the document and process
them in an application.

 

Has anyone done something similar to this and have any suggestions?

 

Thanks in advance,

Diane


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From MailScanner at ecs.soton.ac.uk  Thu Dec 29 16:35:39 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:35 2006
Subject: Beta 4.49.5 released --- Postfix speedups
Message-ID: <mailman.18320.1137101495.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I have managed to implement the same speed improvements for Postfix that 
I have already implemented for sendmail and Exim. Hopefully this will 
make somewhere near the speed improvement on Postfix that has been seen 
on the others.

Please let me know if you see any speedup on Postfix systems.

I have also upgraded the version of the tnef expander that I ship, to 
the latest available version. Full details of all changes are in the 
Change Log.

Download as usual from www.mailscanner.info.

Many thanks to the Vodafone SHARK team for their contributions! They are 
much appreciated by everyone.

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Thu Dec 29 16:50:04 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:35 2006
Subject: OT (Sort of) header_checks
Message-ID: <mailman.18321.1137101495.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I would add it above the MailScanner line, as it appears to reject a 
load of messages. Then hopefully only messages failing this test will be 
passed to MailScanner.
I'm no expert Postfix user though, so I would double check it by hand 
with a few test messages.

Rodney Green wrote:

>
> Hello,
>
>
> I would like to add a line to my header_checks file for Postfix. 
> MailScanner has the line /^Received:/ HOLD
> Is it okay to add the following to the header_checks? Should I add it 
> above or below the MailScanner line?
>
>/^content-(type|disposition):.*name[[:space:]]*=.*\.(exe|vbs|wmf|bat|scr|pif|com)/
>               REJECT Bad attachment file name extension: $2
>
>
> Thanks,
> -- 
> Rodney Green
> --
> "Cross country skiing is great if you live in a small country."
>
>	- Steven Wright
>  
>
>
> Honor the Fallen <http://www.militarycity.com/valor/honor.html>
>
> -- 
> This message has been scanned for viruses and
> dangerous content by *MailScanner* <http://www.mailscanner.info/>, and is
> believed to be clean.
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> *Support MailScanner development - buy the book off the website!*


-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Thu Dec 29 16:33:35 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:35 2006
Subject: MailScanner Will Not Start
Message-ID: <mailman.18322.1137101495.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

ShaunM [MailShield] spake the following on 12/28/2005 10:20 PM:
> Heya, 
> 
> I have this problem when starting mailscanner. Anyone know what it is ? or
> how to fix it?
> 
> It does not start even when it says ok.
> 
> 
> root@filter1 [~/msinstall]# service MailScanner restart
> Shutting down MailScanner daemons:
>          MailScanner:                                      [FAILED]
> Starting MailScanner daemons:
>          MailScanner:       Can't locate Net/CIDR.pm in @INC (@INC contains:
> /usr/mailscanner/lib /usr/lib/perl5/5.8.0/i386-linux-thread-multi
> /usr/lib/perl5/5.8.0 /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi
> /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl
> /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi
> /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl
> /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 .
> /usr/mailscanner/lib) at /usr/mailscanner/lib/MailScanner/Config.pm line 34.
> BEGIN failed--compilation aborted at
> /usr/mailscanner/lib/MailScanner/Config.pm line 34.
> Compilation failed in require at /usr/mailscanner/bin/MailScanner line 64.
> BEGIN failed--compilation aborted at /usr/mailscanner/bin/MailScanner line
> 64.
>                                                            [  OK  ]
> root@filter1 [~/msinstall]#
> 
Is this a new install? Looks like you are missing the Net::CIDR perl module.


-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From rgreen at TRAYERPRODUCTS.COM  Thu Dec 29 16:03:28 2005
From: rgreen at TRAYERPRODUCTS.COM (Rodney Green)
Date: Thu Jan 12 21:31:35 2006
Subject: WMF Exploit
Message-ID: <mailman.18323.1137101495.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

shuttlebox wrote:
> On 12/29/05, *Rodney Green* <rgreen@trayerproducts.com 
> <mailto:rgreen@trayerproducts.com>> wrote:
>
>     With the WMF Zero-day exploit on the loose does MailScanner have
>     the ability to detect WMF files - other than by extension - using
>     the filetype.rules.conf file?
>
>
> Try the file command on a wmf-file, if you're lucky it's detected as 
> something unique and you can use that in the filetype.rules.conf-file 
> but if it's something like "data" or other generic type you can always 
> roll your own magic signature, look in /etc/magic.
>
> I just blocked it in filename.rules.conf myself.
>

I did block it in filename.rules.conf. However, I just read the 
following at http://isc.sans.org

"Update 23:19 UTC: Not that we didn't have enough "good" news already, 
but if you are relying on perimeter filters to block files with WMF 
extension from reaching your browser, you might have a surprise waiting 
for you. Windows XP will detect and process a WMF file based on its 
content ("magic bytes") and not rely on the extension alone, which means 
that a WMF sailing in disguise with a different extension might still be 
able to get you."

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From prandal at HEREFORDSHIRE.GOV.UK  Thu Dec 29 16:02:43 2005
From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil)
Date: Thu Jan 12 21:31:35 2006
Subject: WMF Exploit
Message-ID: <mailman.18324.1137101495.24926.mailscanner@lists.mailscanner.info>

I've added
 
deny    metafont        No Windows metafont files       No Windows
Metafont Files allowed
 
(tab delimited) to my filetype.rules.conf (having checked in
/usr/share/file/magic)
 
Cheers,
 
Phil
 
----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
 

________________________________________________________________________________
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]
On Behalf Of Rodney Green
Sent: 29 December 2005 15:53
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: WMF Exploit

With the WMF Zero-day exploit on the loose does MailScanner have
the ability to detect WMF files - other than by extension - using
the filetype.rules.conf file?

Thanks,
--
Rodney Green

"Cross country skiing is great if you live in a small country."

	- Steven Wright

Honor the Fallen

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From rgreen at TRAYERPRODUCTS.COM  Thu Dec 29 16:10:18 2005
From: rgreen at TRAYERPRODUCTS.COM (Rodney Green)
Date: Thu Jan 12 21:31:35 2006
Subject: WMF Exploit
Message-ID: <mailman.18325.1137101495.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Randal, Phil wrote:
> I've added
>  
> deny    metafont        No Windows metafont files       No Windows 
> Metafont Files allowed
>  
> (tab delimited) to my filetype.rules.conf (having checked in 
> /usr/share/file/magic)
>  
> Cheers,
>  
> Phil
>  
> -

Thanks Phil. I found a .wmf file on my system and ran "file" on it and 
it gave me the correct type. I've added your deny statement to 
filetype.rules.conf.

Rod

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ka at PACIFIC.NET  Thu Dec 29 16:19:49 2005
From: ka at PACIFIC.NET (Ken A)
Date: Thu Jan 12 21:31:35 2006
Subject: .wmf vulnerability
Message-ID: <mailman.18326.1137101495.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Any suggestions for blocking the latest unpatched remote hole in windows?

http://www.us-cert.gov/cas/techalerts/TA05-362A.html

I've added \.wmf to filename.rules.conf (under Julian's "More Microsoft 
security vulnerabilities"), but I don't have the file command turned on 
to use filetype rules.

What is the implications of enabling the "File Command =" config option? 
Are there any 'gotchas' I should be aware of?

Thanks,

Ken A
Pacific.Net

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mailscanner at ELIQUID.COM  Thu Dec 29 16:21:53 2005
From: mailscanner at ELIQUID.COM (Wess Bechard)
Date: Thu Jan 12 21:31:35 2006
Subject: .wmf vulnerability
Message-ID: <mailman.18327.1137101495.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "utf-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Ken,

Filename rules will work without the file command. 

You will need the file command to use the FileType rules.

Sincerely,

Wess

On Thu, 2005-12-29 at 08:19 -0800, Ken A wrote:

 Any suggestions for blocking the latest unpatched remote hole in windows?

http://www.us-cert.gov/cas/techalerts/TA05-362A.html

I've added \.wmf to filename.rules.conf (under Julian's "More Microsoft 
security vulnerabilities"), but I don't have the file command turned on 
to use filetype rules.

What is the implications of enabling the "File Command =" config option? 
Are there any 'gotchas' I should be aware of?

Thanks,

Ken A
Pacific.Net

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


___________________________________________

Wess Bechard
Information Technology Manager
eliquidMEDIA International Inc.
Visit: www.eliquid.com
Office: 519.973.1930  -  1.800.561.7525
Fax: 519.253.0337
Cell: 519.791.9492
___________________________________________
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From maillists at CONACTIVE.COM  Thu Dec 29 17:26:10 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:35 2006
Subject: Warning: recent vendor perl patch may harm MailScanner
Message-ID: <mailman.18328.1137101495.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Denis Beauchemin wrote on         Thu, 22 Dec 2005 09:23:31 -0500:

> I guess Red Hat did it better than SuSE...

Updated my single CentOS box yesterday and MailScanner is still working. 
However, I notice that some Perl modules installed from Dag's repo got 
updated as well, so they may have included fixes to keep them going.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Thu Dec 29 17:26:14 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:35 2006
Subject: Any potential gotchas using Maildir with MailScanner?
Message-ID: <mailman.18329.1137101495.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Mike, thanks for sharing your experience. Is there any need to tell 
procmail about it if there's no .procmailrc in use? I mean, no user has a 
procmailrc or .forward and incoming mail is just delivered (by LDA 
procmail) to the INBOX of that user.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From eaperezh at GMAIL.COM  Thu Dec 29 17:47:16 2005
From: eaperezh at GMAIL.COM (Erick Perez)
Date: Thu Jan 12 21:31:35 2006
Subject: MS gateway checking for valid users before delivery
Message-ID: <mailman.18330.1137101495.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

will be nice Pete....send it to
eaperezh _at_gmail_dot_com

With so much info from you guys, I have to read and test it very
quickly...i hope by the end of the week i will have it up and running
and a howto created for those who face the same issue in the future.

On 12/29/05, Pete Russell <pete@enitech.com.au> wrote:
> Hmmm - buggar. Those files are now lost, i didnt grab them when i moved
> hosts. I will clean up the ones i use at work and put them back in the
> wiki - next week when i return from hols.
>
> IN the meantime do you want me to em ail the exhcnage one to you Erick?
>
> Pete
>
>
> >>
> >>Yes.... Didn't you write that Pete? Anyway, here's a link:
> >>http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:how_to:reject_non_existent_users#rejecting_unknown_non-local_users
> >>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>


--

-------------------------------------------
Erick Perez
Linux User 376588
http://counter.li.org/  (Get counted!!!)
Panama, Republic of Panama

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Kevin_Miller at CI.JUNEAU.AK.US  Thu Dec 29 17:37:25 2005
From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller)
Date: Thu Jan 12 21:31:35 2006
Subject: .wmf vulnerability
Message-ID: <mailman.18331.1137101495.24926.mailscanner@lists.mailscanner.info>

Ken A wrote:

> Thanks Wess, I do understand that, but what I'm wondering about is the
> strings returned by the file command are based on
> /usr/share/file/magic, which reports things like perl and shell
> scripts as executable - so they are blocked in the default
> filetype.rules.conf. I don't want to treat them the same as a windows
> metafile hiding as some innocent .txt file. 
> 
> Does anyone has a real world filetype.rules.conf file that is a bit
> more permissive than the default, but still catches the windows junk.

In my (default) filetype.rules.conf the first four lines are:

allow   text            -                       -
allow   script          -                       -
allow   archive         -                       -
allow   postscript      -                       -

The second should allow perl and shell scripts through.  I just sent
myself a bash script, and a .pl file and they came through just fine.

HTH...

...Kevin
-- 
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jlmiller at MMTNETWORKS.COM.AU  Thu Dec 29 18:14:14 2005
From: jlmiller at MMTNETWORKS.COM.AU (Jon Miller)
Date: Thu Jan 12 21:31:35 2006
Subject: Mailwatch
Message-ID: <mailman.18332.1137101495.24926.mailscanner@lists.mailscanner.info>

Can I ask a mailwatch question here?
If so here is the problem.  A few days ago on a debian server 3.01 the mailscanner program failed to start and the server would not load until I had to update-rc.d remove mailscanner and uninstall mailscanner, spamassassin and mailwatch.  I then reinstalled the programs and from what I can see it looks okay.  However I cannot get mailwatch to work.  My mysql program sits on another server and in the conf.php and /opt/MailScanner/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm files on the mail server I have the variable db_host pointing to the correct server.  However I still get the following message when I try to run mailwatch

 Warning: mysql_pconnect(): Can't connect to MySQL server on '192.168.10.4' (4) in /var/www/mailscanner/functions.php on line 497
Could not connect to database: Can't connect to MySQL server on '192.168.10.4' (4) 

This function is trying to call the MySQL database and for some reason the information is not going through.

Any thoughts?


Thanks


Jon L. Miller,  ASE, CNS, CLS, MCNE, CCNA
Director/Sr Systems Consultant
MMT Networks Pty Ltd
http://www.mmtnetworks.com.au
Resellers for: Novell Gold Partner, Cisco Partner, Peopletelecom, Westnet, Sophos Anti-Virus, 

"I don't know the key to success, but the key to failure
 is trying to please everybody." -Bill Cosby

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, "HTML"  Text/PLAIN  49 lines. ]
    [ Unable to print this part. ]


From smf at F2S.COM  Thu Dec 29 18:33:20 2005
From: smf at F2S.COM (Steve Freegard)
Date: Thu Jan 12 21:31:35 2006
Subject: Mailwatch
Message-ID: <mailman.18333.1137101495.24926.mailscanner@lists.mailscanner.info>

Hi Jon,

On Fri, 2005-12-30 at 02:14 +0800, Jon Miller wrote:
> Can I ask a mailwatch question here?

There is a MailWatch list on SourceForge (see
http://www.sourceforge.net/projects/mailwatch).

> If so here is the problem.  A few days ago on a debian server 3.01 the mailscanner program failed to start and the server would not load until I had to update-rc.d remove mailscanner and uninstall mailscanner, spamassassin and mailwatch.  I then reinstalled the programs and from what I can see it looks okay.  However I cannot get mailwatch to work.  My mysql program sits on another server and in the conf.php and /opt/MailScanner/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm files on the mail server I have the variable db_host pointing to the correct server.  However I still get the following message when I try to run mailwatch
> 
>  Warning: mysql_pconnect(): Can't connect to MySQL server on '192.168.10.4' (4) in /var/www/mailscanner/functions.php on line 497
> Could not connect to database: Can't connect to MySQL server on '192.168.10.4' (4) 
> 
> This function is trying to call the MySQL database and for some reason the information is not going through.
> 
> Any thoughts?
> 

Is the MySQL server started and accepting TCP connections?, is there a
firewall in the way?

To test to see if you can connect to the MySQL host - run the following
on the mail host:

telnet 192.168.10.4 3306

Does it connect - do you get any output??

Kind regards,
Steve.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Chris.Russell at KNOWLEDGEIT.CO.UK  Thu Dec 29 18:05:48 2005
From: Chris.Russell at KNOWLEDGEIT.CO.UK (Chris Russell)
Date: Thu Jan 12 21:31:35 2006
Subject: Mailwatch
Message-ID: <mailman.18334.1137101495.24926.mailscanner@lists.mailscanner.info>

The contents of this e-mail may be privileged and are confidential.
It may not be disclosed to or used by anyone other than the addressee(s), nor copied in any way. Any views or opinions presented are solely those of the author and do not necessarily represent those of Knowledge Limited.

If received in error, please advise the sender, then delete it from your system.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!
From mlm at LOANPROCESSING.NET  Thu Dec 29 18:46:03 2005
From: mlm at LOANPROCESSING.NET (Mike McMullen)
Date: Thu Jan 12 21:31:35 2006
Subject: OT: Re: Any potential gotchas using Maildir with MailScanner?
Message-ID: <mailman.18335.1137101495.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Moved this to OT since it's not really MailScanner related. -Mike

----- Original Message ----- 
From: "Kai Schaetzl" <maillists@CONACTIVE.COM>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Thursday, December 29, 2005 9:26 AM
Subject: Re: Any potential gotchas using Maildir with MailScanner?


> Mike, thanks for sharing your experience. Is there any need to tell 
> procmail about it if there's no .procmailrc in use? I mean, no user has a 
> procmailrc or .forward and incoming mail is just delivered (by LDA 
> procmail) to the INBOX of that user.
> 
> Kai
> 
Hi Kai,

I used a .procmailrc file in my home directory on the mail server. You 
have to tell procmail somewhere that you are using maildir format. 

Since I already had a .procmailrc to handle message sorting I added the
following to the top of my .procmailrc file:

MAILDIR=$HOME/Maildir/
DEFAULT=$MAILDIR

The trailing slash on $HOME/Maildir is important!

One advantage of using the .procmailrc in my home directory is that
it enabled me to convert all my folders and mail to maildir format on the
production system while all the other users stayed with mbox.

You can put the same two lines in /etc/procmailrc and it will be the default
behavior for the entire system.

My setup is FC4 with milter-greylist/sendmail/MailScanner/SA/ClamAV and 
dovecot for IMAP service. If you are using dovecot after you do your mbox 
to Maildir conversion rename your mbox directory (typically ~/mail)
to something else or dovecot will use it over Maildir.

All this can be set in /etc/dovecot.conf.

Once your comfortable that your email was converted correctly and is getting
stored in the right place, you can delete your mbox directory.

I still have to get used to my inbox not being in /var/spool/mail anymore!

Hope this helps,

Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mlm at LOANPROCESSING.NET  Thu Dec 29 18:51:33 2005
From: mlm at LOANPROCESSING.NET (Mike McMullen)
Date: Thu Jan 12 21:31:35 2006
Subject: Any potential gotchas using Maildir with MailScanner?
Message-ID: <mailman.18336.1137101495.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I forgot to add on the last posting that the version of procmail
you are using is important!

FC4 has procmail v3.22. It's my understanding that Maildir
format support is in that version or higher. You can check
by doing a "procmail -v". v3.22 came out in 2001/09/10
so I'm assuming all distros have at least that version. But
you can never be too sure!

Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jlmiller at MMTNETWORKS.COM.AU  Thu Dec 29 19:06:10 2005
From: jlmiller at MMTNETWORKS.COM.AU (Jon Miller)
Date: Thu Jan 12 21:31:35 2006
Subject: Help in resolving problem
Message-ID: <mailman.18337.1137101495.24926.mailscanner@lists.mailscanner.info>

I ran 
# spamassassin -D -p /etc/MailScanner/spam.assassin.prefs.conf --lint
came back with one issue and I would like to know how do I fix the following:
debug: failed to load Net::DNS::Resolver: Can't locate Net/DNS.pm in @INC (@INC contains: /usr/share/perl5 /etc/perl /usr/local/lib/perl/5.8.4 /usr/local/share/perl/5.8.4 /usr/lib/perl5 /usr/lib/perl/5.8 /usr/share/perl/5.8 /usr/local/lib/site_perl) at /usr/share/perl5/Mail/SpamAssassin/Plugin/URIDNSBL.pm line 113.

I running this on Debian 3.1 with 
SpamAssassin version 3.0.3
  running on Perl version 5.8.4

Thanks

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, "HTML"  Text/PLAIN  27 lines. ]
    [ Unable to print this part. ]


From mkettler at EVI-INC.COM  Thu Dec 29 19:04:42 2005
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:31:35 2006
Subject: Help in resolving problem
Message-ID: <mailman.18338.1137101495.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Jon Miller wrote:
> I ran 
> # spamassassin -D -p /etc/MailScanner/spam.assassin.prefs.conf --lint
> came back with one issue and I would like to know how do I fix the following:
> debug: failed to load Net::DNS::Resolver: Can't locate Net/DNS.pm in @INC (@INC contains: /usr/share/perl5 /etc/perl /usr/local/lib/perl/5.8.4 /usr/local/share/perl/5.8.4 /usr/lib/perl5 /usr/lib/perl/5.8 /usr/share/perl/5.8 /usr/local/lib/site_perl) at /usr/share/perl5/Mail/SpamAssassin/Plugin/URIDNSBL.pm line 113.
> 
> I running this on Debian 3.1 with 
> SpamAssassin version 3.0.3
>   running on Perl version 5.8.4


In order to use SpamAssassin's DNS based tests, such as URIBLs, SPF and RBLs,
you need to install the Net::DNS perl module, either from distribution packages
for your OS, or using perl's CPAN.

If you don't want to use any DNS tests, comment out the loadplugin command for
the URIBL plugin in your init.pre file (should be in /etc/mail/spamassassin or
similar).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ka at PACIFIC.NET  Thu Dec 29 18:56:56 2005
From: ka at PACIFIC.NET (Ken A)
Date: Thu Jan 12 21:31:35 2006
Subject: .wmf vulnerability
Message-ID: <mailman.18339.1137101495.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Kevin,
Thank you. I didn't realize the allow rules worked that way, though I 
should have! .. more coffee!
Ken


Kevin Miller wrote:
> Ken A wrote:
> 
>> Thanks Wess, I do understand that, but what I'm wondering about is the
>> strings returned by the file command are based on
>> /usr/share/file/magic, which reports things like perl and shell
>> scripts as executable - so they are blocked in the default
>> filetype.rules.conf. I don't want to treat them the same as a windows
>> metafile hiding as some innocent .txt file. 
>>
>> Does anyone has a real world filetype.rules.conf file that is a bit
>> more permissive than the default, but still catches the windows junk.
> 
> In my (default) filetype.rules.conf the first four lines are:
> 
> allow   text            -                       -
> allow   script          -                       -
> allow   archive         -                       -
> allow   postscript      -                       -
> 
> The second should allow perl and shell scripts through.  I just sent
> myself a bash script, and a .pl file and they came through just fine.
> 
> HTH...
> 
> ...Kevin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From wintermutecx at GMAIL.COM  Thu Dec 29 19:28:55 2005
From: wintermutecx at GMAIL.COM (Dave)
Date: Thu Jan 12 21:31:35 2006
Subject: .wmf vulnerability
Message-ID: <mailman.18340.1137101495.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 12/29/05, Ken A <ka@pacific.net> wrote:
> Any suggestions for blocking the latest unpatched remote hole in windows?

I just added wmf also. But will that only catch attachments? What
about links in the message body? Anyone know if the virus scanners
scan embedded images as well?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Kevin_Miller at CI.JUNEAU.AK.US  Thu Dec 29 19:34:01 2005
From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller)
Date: Thu Jan 12 21:31:35 2006
Subject: .wmf vulnerability
Message-ID: <mailman.18341.1137101495.24926.mailscanner@lists.mailscanner.info>

Ken A wrote:
> Kevin,
> Thank you. I didn't realize the allow rules worked that way, though I
> should have! .. more coffee!
> Ken

You're welcome.  Truth be told, I didn't either, but I have a terciary
level mail gateway that MailWatch shows catching 76.3% high scoring
spam, and 14.3% spam.  I hardly ever see a legitimate message traverse
it so it's a great box to test things on!  Guess the spammers theory is
that the lowest level MX gateway is the least likely to be up to date,
but in my case it's the first one I do when I upgrade.  I can blow it up
all day long and nobody will notice! <g>  

I knew the allows were in there, but always took them for granted.  Nice
doing a science experiment every now and again to broaden my horizons...

...Kevin
-- 
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From drew at THEMARSHALLS.CO.UK  Thu Dec 29 18:52:52 2005
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:31:36 2006
Subject: OT (Sort of) header_checks
Message-ID: <mailman.18342.1137101495.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On Thu, December 29, 2005 15:45, Rodney Green wrote:
>
>  Hello,
>
>
>  I would like to add a line to my header_checks file for Postfix.
> MailScanner has the line /^Received:/ HOLD
>  Is it okay to add the following to the header_checks? Should I add it
> above or below the MailScanner line?
>
>  /^content-(type|disposition):.*name[[:space:]]*=.*\.(exe|vbs|wmf|bat|scr|pif|com)/
>                REJECT Bad attachment file name extension: $2

As the checks are done a 'first match basis, above the mailscanner one is
certainly where this should be put.

Drew


-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Thu Dec 29 20:31:52 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:36 2006
Subject: .wmf vulnerability
Message-ID: <mailman.18343.1137101496.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Ken A wrote on         Thu, 29 Dec 2005 09:21:40 -0800:

> Does anyone has a real world filetype.rules.conf file that is a bit more 
> permissive than the default, but still catches the windows junk.

Why don't you just comment out those you don't want to block?

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From drew at THEMARSHALLS.CO.UK  Thu Dec 29 20:39:48 2005
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:31:36 2006
Subject: Mail not going out
Message-ID: <mailman.18344.1137101496.24926.mailscanner@lists.mailscanner.info>

On 28 Dec 2005, at 07:10, Jon Miller wrote:

> Have no idea what has happened, just that mail has stopped going  
> out.  Still comes in okay.  Restarted the server, services, etc.   
> using postfix and sophos but cannot figure out why mail has stopped.
> Is there a way to set the program in debug mode and /or generate a  
> log file to try to track down the problem?

Try turning on the debug options at the bottom of MailScanner.conf,  
oh and some logs would be helpful too.

Drew

-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From KevinS at BMRB.CO.UK  Thu Dec 29 22:09:20 2005
From: KevinS at BMRB.CO.UK (Spicer, Kevin)
Date: Thu Jan 12 21:31:36 2006
Subject: WMF Exploit
Message-ID: <mailman.18345.1137101496.24926.mailscanner@lists.mailscanner.info>

My file command didn't detect wmf files, so for anyone else in that boat
heres how to add it (assuming the magic file is /usr/share/magic)

Add this line to /usr/share/magic
0       lelong          0x9ac6cdd7      Windows Metafile Image data

Run this command
file -C -m /usr/share/magic


Add this to /etc/MailScanner/filetype.rules.conf (tab separated)
deny    Windows Metafile        No Windows Metafiles    No Windows
Metafiles alllowed


/etc/init.d/MailScanner reload

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of Rodney Green
Sent: 29 December 2005 16:10
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: WMF Exploit

Randal, Phil wrote:
> I've added
>  
> deny    metafont        No Windows metafont files       No Windows 
> Metafont Files allowed
>  
> (tab delimited) to my filetype.rules.conf (having checked in 
> /usr/share/file/magic)
>  
> Cheers,
>  
> Phil
>  
> -

Thanks Phil. I found a .wmf file on my system and ran "file" on it and 
it gave me the correct type. I've added your deny statement to 
filetype.rules.conf.

Rod

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

=================================================================

BMRB wins two BMRA awards - http://www.bmrb.co.uk
_________________________________________________________________
This message (and any attachment) is intended only for the 
recipient and may contain confidential and/or privileged 
material.  If you have received this in error, please contact the 
sender and delete this message immediately.  Disclosure, copying 
or other action taken in respect of this email or in 
reliance on it is prohibited.  BMRB Limited accepts no liability 
in relation to any personal emails, or content of any email which 
does not directly relate to our business.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From spamtrap71892316634 at ANIME.NET  Thu Dec 29 22:26:27 2005
From: spamtrap71892316634 at ANIME.NET (Dan Hollis)
Date: Thu Jan 12 21:31:36 2006
Subject: WMF Exploit
Message-ID: <mailman.18346.1137101496.24926.mailscanner@lists.mailscanner.info>

On Thu, 29 Dec 2005, Spicer, Kevin wrote:
> My file command didn't detect wmf files, so for anyone else in that boat
> heres how to add it (assuming the magic file is /usr/share/magic)
>
> Add this line to /usr/share/magic
> 0       lelong          0x9ac6cdd7      Windows Metafile Image data

This signature seems wrong.

# Ripped straight from wmf_exp.wmf
sub wmf_head {
         return
         "\x01\x00\x09\x00\x00\x03\x52\x1f\x00\x00\x06\x00\x3d\x00\x00\x00".
         "\x00\x00\x11\x00\x00\x00\x26\x06\x0f\x00\x18\x00\xff\xff\xff\xff".
         "\xff\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0\x03\x85\x00".
         "\xd0\x02\x00\x00\x09\x00\x00\x00\x26\x06\x0f\x00\x08\x00\xff\xff".
         "\xff\xff\x02\x00\x00\x00\x17\x00\x00\x00\x26\x06\x0f\x00\x23\x00".
         "\xff\xff\xff\xff\x04\x00\x1b\x00\x54\x4e\x50\x50\x14\x00\x20\x00".
         "\xb8\x00\x32\x06\x00\x00\xff\xff\x4f\x00\x14\x00\x00\x00\x4d\x00".
         "\x69\x00\x00\x00\x0a\x00\x00\x00\x26\x06\x0f\x00\x0a\x00\x54\x4e".

-Dan

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Thu Dec 29 22:56:18 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:36 2006
Subject: WMF Exploit
Message-ID: <mailman.18347.1137101496.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Dan Hollis spake the following on 12/29/2005 2:26 PM:
> On Thu, 29 Dec 2005, Spicer, Kevin wrote:
> 
>> My file command didn't detect wmf files, so for anyone else in that boat
>> heres how to add it (assuming the magic file is /usr/share/magic)
>>
>> Add this line to /usr/share/magic
>> 0       lelong          0x9ac6cdd7      Windows Metafile Image data
> 
> 
> This signature seems wrong.
> 
> # Ripped straight from wmf_exp.wmf
> sub wmf_head {
>         return
>         "\x01\x00\x09\x00\x00\x03\x52\x1f\x00\x00\x06\x00\x3d\x00\x00\x00".
>         "\x00\x00\x11\x00\x00\x00\x26\x06\x0f\x00\x18\x00\xff\xff\xff\xff".
>         "\xff\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0\x03\x85\x00".
>         "\xd0\x02\x00\x00\x09\x00\x00\x00\x26\x06\x0f\x00\x08\x00\xff\xff".
>         "\xff\xff\x02\x00\x00\x00\x17\x00\x00\x00\x26\x06\x0f\x00\x23\x00".
>         "\xff\xff\xff\xff\x04\x00\x1b\x00\x54\x4e\x50\x50\x14\x00\x20\x00".
>         "\xb8\x00\x32\x06\x00\x00\xff\xff\x4f\x00\x14\x00\x00\x00\x4d\x00".
>         "\x69\x00\x00\x00\x0a\x00\x00\x00\x26\x06\x0f\x00\x0a\x00\x54\x4e".
> 
> -Dan
> 
I have this in my /usr/share/magic;
# Microsoft Advanced Streaming Format (ASF) <mpruett@sgi.com>
0       belong                  0x3026b275      Microsoft ASF


-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From yossimor at HOTMAIL.COM  Thu Dec 29 23:19:35 2005
From: yossimor at HOTMAIL.COM (Yossi Mor)
Date: Thu Jan 12 21:31:36 2006
Subject: removed attachment and notification to recipients
Message-ID: <mailman.18348.1137101496.24926.mailscanner@lists.mailscanner.info>

Julian,

Thanks for your answer.

So as mush as i understand from your posting there is no option to remove 
the attachment silently.

In the MailScanner.conf there is an option to quarantine the whole message 
+ attachment. Will this may resolve the issue?

Can i define a ruleset that emails with specific removed attachment will 
be forward to admin mailbox, on the same basis of treating spam eamils?

Regards,

Yossi Mor

From yossimor at HOTMAIL.COM  Thu Dec 29 23:19:35 2005
From: yossimor at HOTMAIL.COM (Yossi Mor)
Date: Thu Jan 12 21:31:36 2006
Subject: removed attachment and notification to recipients
Message-ID: <mailman.18349.1137101496.24926.mailscanner@lists.mailscanner.info>

Julian,

Thanks for your answer.

So as mush as i understand from your posting there is no option to remove 
the attachment silently.

In the MailScanner.conf there is an option to quarantine the whole message 
+ attachment. Will this may resolve the issue?

Can i define a ruleset that emails with specific removed attachment will 
be forward to admin mailbox, on the same basis of treating spam eamils?

Regards,

Yossi Mor

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From spamtrap71892316634 at ANIME.NET  Thu Dec 29 23:08:21 2005
From: spamtrap71892316634 at ANIME.NET (Dan Hollis)
Date: Thu Jan 12 21:31:36 2006
Subject: WMF Exploit
Message-ID: <mailman.18350.1137101496.24926.mailscanner@lists.mailscanner.info>

On Thu, 29 Dec 2005, Scott Silva wrote:
> Dan Hollis spake the following on 12/29/2005 2:26 PM:
>> On Thu, 29 Dec 2005, Spicer, Kevin wrote:
>>> My file command didn't detect wmf files, so for anyone else in that boat
>>> heres how to add it (assuming the magic file is /usr/share/magic)
>>> Add this line to /usr/share/magic
>>> 0       lelong          0x9ac6cdd7      Windows Metafile Image data
>> This signature seems wrong.
>> # Ripped straight from wmf_exp.wmf
>> sub wmf_head {
>>         return
>>         "\x01\x00\x09\x00\x00\x03\x52\x1f\x00\x00\x06\x00\x3d\x00\x00\x00".
> I have this in my /usr/share/magic;
> # Microsoft Advanced Streaming Format (ASF) <mpruett@sgi.com>
> 0       belong                  0x3026b275      Microsoft ASF

also wrong. thats ASF, not WMF

-Dan

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From yossimor at HOTMAIL.COM  Thu Dec 29 23:22:54 2005
From: yossimor at HOTMAIL.COM (Yossi Mor)
Date: Thu Jan 12 21:31:36 2006
Subject: Handling quarentine via web
Message-ID: <mailman.18351.1137101496.24926.mailscanner@lists.mailscanner.info>

Hello forum,

Is there an option to setup MS to support quarentine release from web? Or 
send url link in its reports?

Regards,

Yossi Mor

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Thu Dec 29 23:14:03 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:36 2006
Subject: WMF Exploit
Message-ID: <mailman.18352.1137101496.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Dan Hollis spake the following on 12/29/2005 3:08 PM:
> On Thu, 29 Dec 2005, Scott Silva wrote:
> 
>> Dan Hollis spake the following on 12/29/2005 2:26 PM:
>>
>>> On Thu, 29 Dec 2005, Spicer, Kevin wrote:
>>>
>>>> My file command didn't detect wmf files, so for anyone else in that
>>>> boat
>>>> heres how to add it (assuming the magic file is /usr/share/magic)
>>>> Add this line to /usr/share/magic
>>>> 0       lelong          0x9ac6cdd7      Windows Metafile Image data
>>>
>>> This signature seems wrong.
>>> # Ripped straight from wmf_exp.wmf
>>> sub wmf_head {
>>>         return
>>>        
>>> "\x01\x00\x09\x00\x00\x03\x52\x1f\x00\x00\x06\x00\x3d\x00\x00\x00".
>>
>> I have this in my /usr/share/magic;
>> # Microsoft Advanced Streaming Format (ASF) <mpruett@sgi.com>
>> 0       belong                  0x3026b275      Microsoft ASF
> 
> 
> also wrong. thats ASF, not WMF
> 
> -Dan
> 
Sorry, should be ;
# Windows Metafont .WMF
0       string  \327\315\306\232\000\000\000\000\000\000   ms-windows
metafont .wmf



-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dnsadmin at 1BIGTHINK.COM  Thu Dec 29 23:29:29 2005
From: dnsadmin at 1BIGTHINK.COM (dnsadmin 1bigthink.com)
Date: Thu Jan 12 21:31:36 2006
Subject: WMF Exploit
Message-ID: <mailman.18353.1137101496.24926.mailscanner@lists.mailscanner.info>

At 06:10 PM 12/29/2005, you wrote:

>Scott Silva spake the following on 12/29/2005 2:56 PM:
> > Dan Hollis spake the following on 12/29/2005 2:26 PM:
> >
> >>On Thu, 29 Dec 2005, Spicer, Kevin wrote:
> >>
> >>
> >>>My file command didn't detect wmf files, so for anyone else in that boat
> >>>heres how to add it (assuming the magic file is /usr/share/magic)
> >>>
> >>>Add this line to /usr/share/magic
> >>>0       lelong          0x9ac6cdd7      Windows Metafile Image data
> >>
> >>
> >>This signature seems wrong.
> >>
> >># Ripped straight from wmf_exp.wmf
> >>sub wmf_head {
> >>        return
> >>        "\x01\x00\x09\x00\x00\x03\x52\x1f\x00\x00\x06\x00\x3d\x00\x00\x00".
> >>        "\x00\x00\x11\x00\x00\x00\x26\x06\x0f\x00\x18\x00\xff\xff\xff\xff".
> >>        "\xff\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0\x03\x85\x00".
> >>        "\xd0\x02\x00\x00\x09\x00\x00\x00\x26\x06\x0f\x00\x08\x00\xff\xff".
> >>        "\xff\xff\x02\x00\x00\x00\x17\x00\x00\x00\x26\x06\x0f\x00\x23\x00".
> >>        "\xff\xff\xff\xff\x04\x00\x1b\x00\x54\x4e\x50\x50\x14\x00\x20\x00".
> >>        "\xb8\x00\x32\x06\x00\x00\xff\xff\x4f\x00\x14\x00\x00\x00\x4d\x00".
> >>        "\x69\x00\x00\x00\x0a\x00\x00\x00\x26\x06\x0f\x00\x0a\x00\x54\x4e".
> >>
> >>-Dan
> >>
> >
> > I have this in my /usr/share/magic;
> > # Microsoft Advanced Streaming Format (ASF) <mpruett@sgi.com>
> > 0       belong                  0x3026b275      Microsoft ASF
> >
> >
>Sorry, small type, tired eyes!

Well, it was in mine and this is what it looked like:

# Windows Metafont .WMF
0       string  \327\315\306\232\000\000\000\000\000\000 
ms-windows metafont .wmf

RedHat ES 3.0

Cheers!

Merry New Year and all! 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Thu Dec 29 23:10:47 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:36 2006
Subject: WMF Exploit
Message-ID: <mailman.18354.1137101496.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Scott Silva spake the following on 12/29/2005 2:56 PM:
> Dan Hollis spake the following on 12/29/2005 2:26 PM:
> 
>>On Thu, 29 Dec 2005, Spicer, Kevin wrote:
>>
>>
>>>My file command didn't detect wmf files, so for anyone else in that boat
>>>heres how to add it (assuming the magic file is /usr/share/magic)
>>>
>>>Add this line to /usr/share/magic
>>>0       lelong          0x9ac6cdd7      Windows Metafile Image data
>>
>>
>>This signature seems wrong.
>>
>># Ripped straight from wmf_exp.wmf
>>sub wmf_head {
>>        return
>>        "\x01\x00\x09\x00\x00\x03\x52\x1f\x00\x00\x06\x00\x3d\x00\x00\x00".
>>        "\x00\x00\x11\x00\x00\x00\x26\x06\x0f\x00\x18\x00\xff\xff\xff\xff".
>>        "\xff\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0\x03\x85\x00".
>>        "\xd0\x02\x00\x00\x09\x00\x00\x00\x26\x06\x0f\x00\x08\x00\xff\xff".
>>        "\xff\xff\x02\x00\x00\x00\x17\x00\x00\x00\x26\x06\x0f\x00\x23\x00".
>>        "\xff\xff\xff\xff\x04\x00\x1b\x00\x54\x4e\x50\x50\x14\x00\x20\x00".
>>        "\xb8\x00\x32\x06\x00\x00\xff\xff\x4f\x00\x14\x00\x00\x00\x4d\x00".
>>        "\x69\x00\x00\x00\x0a\x00\x00\x00\x26\x06\x0f\x00\x0a\x00\x54\x4e".
>>
>>-Dan
>>
> 
> I have this in my /usr/share/magic;
> # Microsoft Advanced Streaming Format (ASF) <mpruett@sgi.com>
> 0       belong                  0x3026b275      Microsoft ASF
> 
> 
Sorry, small type, tired eyes!



-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From spamtrap71892316634 at ANIME.NET  Thu Dec 29 23:44:52 2005
From: spamtrap71892316634 at ANIME.NET (Dan Hollis)
Date: Thu Jan 12 21:31:36 2006
Subject: WMF Exploit
Message-ID: <mailman.18355.1137101496.24926.mailscanner@lists.mailscanner.info>

On Thu, 29 Dec 2005, dnsadmin 1bigthink.com wrote:
> Well, it was in mine and this is what it looked like:
> # Windows Metafont .WMF
> 0       string  \327\315\306\232\000\000\000\000\000\000 ms-windows metafont  .wmf
> RedHat ES 3.0

that's a metafont. not the same thing.

here's a hexdump from an _actual_ real life wmf exploit being used right now:

$ hexdump xpl.wmf | more
0000000 0001 0009 0300 1f52 0000 0006 003d 0000
0000010 0000 0011 0000 0626 000f 0018 ffff ffff
0000020 00ff 0010 0000 0000 0000 0000 03c0 0085
0000030 02d0 0000 0009 0000 0626 000f 0008 ffff
0000040 ffff 0002 0000 0017 0000 0626 000f 0023
0000050 ffff ffff 0004 001b 4e54 5050 0014 0020
0000060 00b8 0632 0000 ffff 004f 0014 0000 004d
0000070 0069 0000 000a 0000 0626 000f 000a 4e54
0000080 5050 0000 0002 03f4 0009 0000 0626 000f
0000090 0008 ffff ffff 0003 0000 000f 0000 0626
00000a0 000f 0014 4e54 5050 0004 000c 0001 0000
00000b0 0001 0000 0000 0000 0005 0000 020b 0000
00000c0 0000 0005 0000 020c 02d0 03c0 0004 0000

-Dan

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Fri Dec 30 00:52:29 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:36 2006
Subject: Handling quarentine via web
Message-ID: <mailman.18356.1137101496.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Yossi Mor spake the following on 12/29/2005 3:22 PM:
> Hello forum,
> 
> Is there an option to setup MS to support quarentine release from web? Or 
> send url link in its reports?
> 
> Regards,
> 
> Yossi Mor
> 
Mailwatch.
http://mailwatch.sourceforge.net/doku.php


-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ka at PACIFIC.NET  Fri Dec 30 01:29:23 2005
From: ka at PACIFIC.NET (Ken A)
Date: Thu Jan 12 21:31:36 2006
Subject: Handling quarentine via web
Message-ID: <mailman.18357.1137101496.24926.mailscanner@lists.mailscanner.info>

Yossi Mor wrote:

> Hello forum,
> 
> Is there an option to setup MS to support quarentine release from web? Or 
> send url link in its reports?
> 
> Regards,
> 
> Yossi Mor
> 


You need to quarantine the whole message as queue files (see 
mailscanner.conf), then dump the queue files back into the outgoing 
queue when the user clicks a link (sendmail).

A perl cgi script can do it pretty easily. The link you put into the 
report should contain the message id and other relevant info you need to 
locate the quarantined queue files. Depending on how you run your 
webserver, you may find suexec and sudo helpful to do the actual file 
moving securely.

Ken
Pacific.Net

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From markee at bandwidthco.com  Fri Dec 30 01:48:25 2005
From: markee at bandwidthco.com (Mark E. Donaldson)
Date: Thu Jan 12 21:31:36 2006
Subject: Mailwatch
Message-ID: <mailman.18358.1137101496.24926.mailscanner@lists.mailscanner.info>

This is a no doubt a MySQL problem. Either MySQL the MySQL daemon is not
running or the MySQL database is corrupted. Another possibility is the
hashing of the password. You may need to reset the password in MySQL using
the OLD_PASSWORD() function instaed of PASSWORD();


##########################################
This is coming from the home and office of:

Mark E. Donaldson
Bandwidthco Computer Security
markee@bandwidthco.com
http://www.bandwidthco.com/

Copyright C 1999 Bandwidthco.com. All rights reserved.

4500 0028 a66b 4000 8006 d307 c0a8 000a
c0a8 0002 0871 0bc3 572b 25f7 ca7d 1b60
5010 f64c c0f6 0000 0000 0000 0000
##########################################
CCNA, OCP, GSEC, GCFW, GCIH, GCIA, GCUX, GCFA, X-Ways (WinHex) Forensics
Certified
##########################################
Hacking is the process of influencing a computer system
in such a way that it performs an action that is useful to you.
##########################################
  .~.    
  /V\     
  /( )\   
^^-^^ 


-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Jon Miller
Sent: Thursday, December 29, 2005 10:14 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Mailwatch

Can I ask a mailwatch question here?
If so here is the problem.  A few days ago on a debian server 3.01 the
mailscanner program failed to start and the server would not load until I
had to update-rc.d remove mailscanner and uninstall mailscanner,
spamassassin and mailwatch.  I then reinstalled the programs and from what I
can see it looks okay.  However I cannot get mailwatch to work.  My mysql
program sits on another server and in the conf.php and
/opt/MailScanner/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm
files on the mail server I have the variable db_host pointing to the correct
server.  However I still get the following message when I try to run
mailwatch

 Warning: mysql_pconnect(): Can't connect to MySQL server on '192.168.10.4'
(4) in /var/www/mailscanner/functions.php on line 497 Could not connect to
database: Can't connect to MySQL server on '192.168.10.4' (4) 

This function is trying to call the MySQL database and for some reason the
information is not going through.

Any thoughts?


Thanks


Jon L. Miller,  ASE, CNS, CLS, MCNE, CCNA Director/Sr Systems Consultant MMT
Networks Pty Ltd http://www.mmtnetworks.com.au Resellers for: Novell Gold
Partner, Cisco Partner, Peopletelecom, Westnet, Sophos Anti-Virus, 

"I don't know the key to success, but the key to failure  is trying to
please everybody." -Bill Cosby

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

########################################################
This message has been scanned for viruses and dangerous content by
MailScanner, and is believed to be clean.

postmaster@bandwidthco.com
MailScanner at Bandwidthco Computer Security is for your absolute
protection.
########################################################




########################################################
This message has been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.

postmaster@bandwidthco.com
MailScanner at Bandwidthco Computer Security is for your absolute protection.
########################################################

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From micoots at YAHOO.COM  Fri Dec 30 03:40:54 2005
From: micoots at YAHOO.COM (Michael Mansour)
Date: Thu Jan 12 21:31:36 2006
Subject: "Restart Every" option in MailScanner.conf?
Message-ID: <mailman.18359.1137101496.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi,

I just have a couple of questions.

Do I really need this option? my current setting
defaults to:

# To avoid resource leaks, re-start periodically
Restart Every = 14400

which means restart MailScanner every 4 hours.

Is it correct to say that this setting is only
relevant when MailScanner is actually started?
(otherwise how could the conf file be read).

I'm using MailScanner on a 2 node cluster, primary
actually runs it (where I don't mind if the restart
happens), while the standby node doesn't until the
filesystems are failed-over to it, whereby I then
start MailScanner.

However, for some reason, MailScanner runs on the
standby node, even though I don't have it starting up
on boot, and I don't have mailscanner-mrtg starting it
up either (there's a setting in mailscanner-mrtg which
monitors MailScanner processes). I'm not sure why
MailScanner starts on the standby node when it
shouldn't.

I'm using MS 4.48.

Any ideas?

Michael.


Send instant messages to your online friends http://au.messenger.yahoo.com 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From shuttlebox at GMAIL.COM  Fri Dec 30 09:08:49 2005
From: shuttlebox at GMAIL.COM (shuttlebox)
Date: Thu Jan 12 21:31:36 2006
Subject: "Restart Every" option in MailScanner.conf?
Message-ID: <mailman.18360.1137101496.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 12/30/05, Michael Mansour <micoots@yahoo.com> wrote:
      Is it correct to say that this setting is only
      relevant when MailScanner is actually started?
      (otherwise how could the conf file be read).

      However, for some reason, MailScanner runs on the
      standby node, even though I don't have it starting up
      on boot, and I don't have mailscanner-mrtg starting it
      up either (there's a setting in mailscanner-mrtg which
      monitors MailScanner processes). I'm not sure why
      MailScanner starts on the standby node when it
      shouldn't.


The parent MailScanner process never stops running, it doesn't perform
any actual mail work but kills off old children and spawns new ones at
those intervals specified in "Restart every..." and when you issue a
MailScanner reload. The children read the config themselves when they
start.

Look for cron jobs that might start MailScanner, both crontab for the
root user and cron.hourly and such directories. On Linux systems they are
added when you install MailScanner.

--
/Peter
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From jlmiller at MMTNETWORKS.COM.AU  Fri Dec 30 10:07:07 2005
From: jlmiller at MMTNETWORKS.COM.AU (Jon Miller)
Date: Thu Jan 12 21:31:36 2006
Subject: installing MailWatch
Message-ID: <mailman.18361.1137101496.24926.mailscanner@lists.mailscanner.info>

Where are the documents to install MySQL, PHP and Apache.  I need these to be integrated in MailScanner in order to install MailWatch.

Thanks

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, "HTML"  Text/PLAIN  17 lines. ]
    [ Unable to print this part. ]


From prandal at HEREFORDSHIRE.GOV.UK  Fri Dec 30 10:06:47 2005
From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil)
Date: Thu Jan 12 21:31:36 2006
Subject: WMF Exploit
Message-ID: <mailman.18362.1137101496.24926.mailscanner@lists.mailscanner.info>

My head hurts after reading this :-)

  http://www.skynet.ie/~caolan/publink/libwmf/libwmf/doc/ora-wmf.html

Cheers,

Phil

----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK  

> -----Original Message-----
> From: MailScanner mailing list 
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Dan Hollis
> Sent: 29 December 2005 23:45
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: WMF Exploit
> 
> On Thu, 29 Dec 2005, dnsadmin 1bigthink.com wrote:
> > Well, it was in mine and this is what it looked like:
> > # Windows Metafont .WMF
> > 0       string  \327\315\306\232\000\000\000\000\000\000 
> ms-windows metafont  .wmf
> > RedHat ES 3.0
> 
> that's a metafont. not the same thing.
> 
> here's a hexdump from an _actual_ real life wmf exploit being 
> used right now:
> 
> $ hexdump xpl.wmf | more
> 0000000 0001 0009 0300 1f52 0000 0006 003d 0000 0000010 0000 
> 0011 0000 0626 000f 0018 ffff ffff 0000020 00ff 0010 0000 
> 0000 0000 0000 03c0 0085 0000030 02d0 0000 0009 0000 0626 
> 000f 0008 ffff 0000040 ffff 0002 0000 0017 0000 0626 000f 
> 0023 0000050 ffff ffff 0004 001b 4e54 5050 0014 0020 0000060 
> 00b8 0632 0000 ffff 004f 0014 0000 004d 0000070 0069 0000 
> 000a 0000 0626 000f 000a 4e54 0000080 5050 0000 0002 03f4 
> 0009 0000 0626 000f 0000090 0008 ffff ffff 0003 0000 000f 
> 0000 0626 00000a0 000f 0014 4e54 5050 0004 000c 0001 0000 
> 00000b0 0001 0000 0000 0000 0005 0000 020b 0000 00000c0 0000 
> 0005 0000 020c 02d0 03c0 0004 0000
> 
> -Dan
> 
> ------------------------ MailScanner list 
> ------------------------ To unsubscribe, email 
> jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) 
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From shuttlebox at GMAIL.COM  Fri Dec 30 10:13:50 2005
From: shuttlebox at GMAIL.COM (shuttlebox)
Date: Thu Jan 12 21:31:36 2006
Subject: installing MailWatch
Message-ID: <mailman.18363.1137101496.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 12/30/05, Jon Miller <jlmiller@mmtnetworks.com.au> wrote:
      Where are the documents to install MySQL, PHP and Apache.  I
      need these to be integrated in MailScanner in order to
      install MailWatch.


They are not needed for MailScanner so any special considerations should
be covered by the installation documents for MailWatch.

--
/Peter
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From shuttlebox at GMAIL.COM  Fri Dec 30 10:31:26 2005
From: shuttlebox at GMAIL.COM (shuttlebox)
Date: Thu Jan 12 21:31:36 2006
Subject: WMF Exploit
Message-ID: <mailman.18364.1137101496.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]


On 12/30/05, Randal, Phil <prandal@herefordshire.gov.uk> wrote:
      My head hurts after reading this :-)

        http://www.skynet.ie/~caolan/publink/libwmf/libwmf/doc/ora-wmf.html


Clam seems to be updated since yesterday so maybe the file type is not an
issue anymore.

ClamAV database updated (2005-Dec-29 22:57 +0000): daily.cvd
version: 1219

Submission: 183665
Sender: Anonymous
Submission notes: MS WMF graphic file exploit.
Added: Exploit.WMF.A
Virus name alias: Trojan-Downloader.Win32.Agent.acd (Kaspersky AVP),
Exploit.Win32.WMF-PFV (Bitdefender)

--
/Peter
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From maillists at CONACTIVE.COM  Fri Dec 30 10:46:38 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:31:36 2006
Subject: Handling quarentine via web
Message-ID: <mailman.18365.1137101496.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Yossi Mor wrote on         Thu, 29 Dec 2005 23:22:54 +0000:

> Is there an option to setup MS to support quarentine release from web?

-> http://www.sourceforge.net/projects/mailwatch

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dhawal at NETMAGICSOLUTIONS.COM  Fri Dec 30 11:10:39 2005
From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy)
Date: Thu Jan 12 21:31:36 2006
Subject: installing MailWatch
Message-ID: <mailman.18366.1137101496.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Jon Miller wrote:
> Where are the documents to install MySQL, PHP and Apache.  I need these to be integrated in MailScanner in order to install MailWatch.

You need to refer to your distribution's documentation for this.. also 
check http://lists.sourceforge.net/lists/listinfo/mailwatch-users, it'll 
be a good idea to subscribe to the mailwatch-users list for further 
queries (once you have apache/php/mysql installed).

- dhawal

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Fri Dec 30 11:17:03 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:36 2006
Subject: Problem Starting MailScanner
Message-ID: <mailman.18367.1137101496.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "WINDOWS-1252" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 29/12/05, shuttlebox <shuttlebox@gmail.com> wrote:
> On 12/29/05, Kaplan, Andrew H. <AHKAPLAN@partners.org> wrote:
> >
> >  Hi there ^Ö
> >
> >
> >  Thank-you for your reply. As requested, I am enclosing a copy of the
> > startup script. Thank-you also for your patience on this.
> >
> My guess is that your script is for Linux and the bash shell. It looks like
> the commands fail because they have no parameters, try removing the comments
> from the debug echo lines in the beginning, I think you will find those
> variables empty. Looks like a pretty complicated script if you ask me, mine
> is much simpler (and works). I'm not at work now but if you can't fix your
> script I can post mine at request.
>
> --
> /Peter
>
True Peter, the variables are probably unset. Changing it into a korn
shell (change first line to /bin/ksh or similar) or using bash (if
available) would probably help... But then again, it seems a bit
convoluted:-).

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

From dmaluski at n1ety.com  Fri Dec 30 13:38:14 2005
From: dmaluski at n1ety.com (Dean Maluski)
Date: Thu Jan 12 21:31:36 2006
Subject: spamassassinprefsfile Unrecognized
Message-ID: <mailman.18368.1137101496.24926.mailscanner@lists.mailscanner.info>

I just upgraded from RHES3 to RHES4 with a fresh install. I keep getting
this error when starting MailScanner.
I'm searching wiki and found nothing related so far.
Any help appreciated.



Syntax error(s) in configuration file:
Dec 30 08:35:30 punk MailScanner[8325]: Unrecognised keyword
"spamassassinprefsfile" at line 1348
Dec 30 08:35:30 punk MailScanner[8325]: Aborting due to syntax errors
in /etc/MailScanner/MailScanner.conf.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From martelm at QUARK.VSC.EDU  Fri Dec 30 13:42:16 2005
From: martelm at QUARK.VSC.EDU (Michael H. Martel)
Date: Thu Jan 12 21:31:36 2006
Subject: spamassassinprefsfile Unrecognized
Message-ID: <mailman.18369.1137101496.24926.mailscanner@lists.mailscanner.info>

--On December 30, 2005 8:38:14 AM -0500 Dean Maluski <dmaluski@n1ety.com> 
wrote:

> Syntax error(s) in configuration file:
> Dec 30 08:35:30 punk MailScanner[8325]: Unrecognised keyword
> "spamassassinprefsfile" at line 1348
> Dec 30 08:35:30 punk MailScanner[8325]: Aborting due to syntax errors
> in /etc/MailScanner/MailScanner.conf.

Can you post your config file, or at least the section around this line ? 
What version of MailScanner ?

Mine looks like this :

# This is the list of spam blacklists (RBLs) which you are using.
# See the "Spam List Definitions" file for more information about what
# you can put here.
# This can also be the filename of a ruleset.
Spam List = /opt/VSC-MailScanner/rules/spam.list.rules




Michael

--

  --------------------------------o---------------------------------
   Michael H. Martel              | Systems Administrator
   michael.martel@vsc.edu         | Vermont State Colleges
   http://www.vsc.edu/~michael    | PH:802-241-2544 FX:802-241-3363

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dmaluski at n1ety.com  Fri Dec 30 13:55:50 2005
From: dmaluski at n1ety.com (Dean Maluski)
Date: Thu Jan 12 21:31:36 2006
Subject: spamassassinprefsfile Unrecognized
Message-ID: <mailman.18370.1137101496.24926.mailscanner@lists.mailscanner.info>

On Fri, 2005-12-30 at 08:42 -0500, Michael H. Martel wrote:
> --On December 30, 2005 8:38:14 AM -0500 Dean Maluski <dmaluski@n1ety.com> 
> wrote:
> 
> > Syntax error(s) in configuration file:
> > Dec 30 08:35:30 punk MailScanner[8325]: Unrecognised keyword
> > "spamassassinprefsfile" at line 1348
> > Dec 30 08:35:30 punk MailScanner[8325]: Aborting due to syntax errors
> > in /etc/MailScanner/MailScanner.conf.
> 
> Can you post your config file, or at least the section around this line ? 

SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf

> What version of MailScanner ?
> 

MailScanner-4.48.4-2

> Mine looks like this :
> 
> # This is the list of spam blacklists (RBLs) which you are using.
> # See the "Spam List Definitions" file for more information about what
> # you can put here.
> # This can also be the filename of a ruleset.
> Spam List = /opt/VSC-MailScanner/rules/spam.list.rules
> 
> 
> 
> 
> Michael
> 
> --
> 
>   --------------------------------o---------------------------------
>    Michael H. Martel              | Systems Administrator
>    michael.martel@vsc.edu         | Vermont State Colleges
>    http://www.vsc.edu/~michael    | PH:802-241-2544 FX:802-241-3363
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Fri Dec 30 14:02:06 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:36 2006
Subject: spamassassinprefsfile Unrecognized
Message-ID: <mailman.18371.1137101496.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

You should run upgrade_MailScanner_conf to upgrade your MailScanner.conf 
to the version you are currently using. This will remove the 
"SpamAssassin Prefs File" setting, and may add new options you are 
missing out on.

Dean Maluski wrote:

>On Fri, 2005-12-30 at 08:42 -0500, Michael H. Martel wrote:
>  
>
>>--On December 30, 2005 8:38:14 AM -0500 Dean Maluski <dmaluski@n1ety.com> 
>>wrote:
>>
>>    
>>
>>>Syntax error(s) in configuration file:
>>>Dec 30 08:35:30 punk MailScanner[8325]: Unrecognised keyword
>>>"spamassassinprefsfile" at line 1348
>>>Dec 30 08:35:30 punk MailScanner[8325]: Aborting due to syntax errors
>>>in /etc/MailScanner/MailScanner.conf.
>>>      
>>>
>>Can you post your config file, or at least the section around this line ? 
>>    
>>
>
>SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf
>
>  
>
>>What version of MailScanner ?
>>
>>    
>>
>
>MailScanner-4.48.4-2
>
>  
>
>>Mine looks like this :
>>
>># This is the list of spam blacklists (RBLs) which you are using.
>># See the "Spam List Definitions" file for more information about what
>># you can put here.
>># This can also be the filename of a ruleset.
>>Spam List = /opt/VSC-MailScanner/rules/spam.list.rules
>>
>>
>>
>>
>>Michael
>>
>>--
>>
>>  --------------------------------o---------------------------------
>>   Michael H. Martel              | Systems Administrator
>>   michael.martel@vsc.edu         | Vermont State Colleges
>>   http://www.vsc.edu/~michael    | PH:802-241-2544 FX:802-241-3363
>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>Support MailScanner development - buy the book off the website!
>>    
>>
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>  
>

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Fri Dec 30 13:59:40 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:36 2006
Subject: "Restart Every" option in MailScanner.conf?
Message-ID: <mailman.18372.1137101496.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

shuttlebox wrote:

> On 12/30/05, *Michael Mansour* <micoots@yahoo.com 
> <mailto:micoots@yahoo.com>> wrote:
>
>     Is it correct to say that this setting is only
>     relevant when MailScanner is actually started?
>     (otherwise how could the conf file be read).
>
>     However, for some reason, MailScanner runs on the
>     standby node, even though I don't have it starting up
>     on boot, and I don't have mailscanner-mrtg starting it
>     up either (there's a setting in mailscanner-mrtg which
>     monitors MailScanner processes). I'm not sure why
>     MailScanner starts on the standby node when it
>     shouldn't.
>
>
> The parent MailScanner process never stops running, it doesn't perform 
> any actual mail work but kills off old children and spawns new ones at 
> those intervals specified in "Restart every..." and when you issue a 
> MailScanner reload. The children read the config themselves when they 
> start.

Apart from re-reading the config files, this is for protection against 
memory leaks and other resources. It is highly likely that Perl leaks 
some memory when running an application the size of MailScanner. So to 
protect against that, the processes periodically die off and are 
re-started, freeing up all the leaked resources.

>
> Look for cron jobs that might start MailScanner, both crontab for the 
> root user and cron.hourly and such directories. On Linux systems they 
> are added when you install MailScanner.

/etc/cron.hourly is where to look. If you stop MailScanner with "service 
MailScanner stop" then it will write a flag that tells the cron job not 
to do anything.

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From martelm at QUARK.VSC.EDU  Fri Dec 30 14:04:11 2005
From: martelm at QUARK.VSC.EDU (Michael H. Martel)
Date: Thu Jan 12 21:31:36 2006
Subject: spamassassinprefsfile Unrecognized
Message-ID: <mailman.18373.1137101496.24926.mailscanner@lists.mailscanner.info>

--On December 30, 2005 8:55:50 AM -0500 Dean Maluski <dmaluski@n1ety.com> 
wrote:

> SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf

Sorry I can't help.  I don't have that line in mine at all. Nor in the 
stock config file that I downloaded from the website just now.


Michael

--

  --------------------------------o---------------------------------
   Michael H. Martel              | Systems Administrator
   michael.martel@vsc.edu         | Vermont State Colleges
   http://www.vsc.edu/~michael    | PH:802-241-2544 FX:802-241-3363

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dmaluski at n1ety.com  Fri Dec 30 14:49:28 2005
From: dmaluski at n1ety.com (Dean Maluski)
Date: Thu Jan 12 21:31:36 2006
Subject: spamassassinprefsfile Unrecognized
Message-ID: <mailman.18374.1137101496.24926.mailscanner@lists.mailscanner.info>

On Fri, 2005-12-30 at 14:02 +0000, Julian Field wrote:
> You should run upgrade_MailScanner_conf to upgrade your MailScanner.conf 
> to the version you are currently using. This will remove the 
> "SpamAssassin Prefs File" setting, and may add new options you are 
> missing out on.
> 
Thankyou!

> Dean Maluski wrote:
> 
> >On Fri, 2005-12-30 at 08:42 -0500, Michael H. Martel wrote:
> >  
> >
> >>--On December 30, 2005 8:38:14 AM -0500 Dean Maluski <dmaluski@n1ety.com> 
> >>wrote:
> >>
> >>    
> >>
> >>>Syntax error(s) in configuration file:
> >>>Dec 30 08:35:30 punk MailScanner[8325]: Unrecognised keyword
> >>>"spamassassinprefsfile" at line 1348
> >>>Dec 30 08:35:30 punk MailScanner[8325]: Aborting due to syntax errors
> >>>in /etc/MailScanner/MailScanner.conf.
> >>>      
> >>>
> >>Can you post your config file, or at least the section around this line ? 
> >>    
> >>
> >
> >SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf
> >
> >  
> >
> >>What version of MailScanner ?
> >>
> >>    
> >>
> >
> >MailScanner-4.48.4-2
> >
> >  
> >
> >>Mine looks like this :
> >>
> >># This is the list of spam blacklists (RBLs) which you are using.
> >># See the "Spam List Definitions" file for more information about what
> >># you can put here.
> >># This can also be the filename of a ruleset.
> >>Spam List = /opt/VSC-MailScanner/rules/spam.list.rules
> >>
> >>
> >>
> >>
> >>Michael
> >>
> >>--
> >>
> >>  --------------------------------o---------------------------------
> >>   Michael H. Martel              | Systems Administrator
> >>   michael.martel@vsc.edu         | Vermont State Colleges
> >>   http://www.vsc.edu/~michael    | PH:802-241-2544 FX:802-241-3363
> >>
> >>------------------------ MailScanner list ------------------------
> >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> >>'leave mailscanner' in the body of the email.
> >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >>
> >>Support MailScanner development - buy the book off the website!
> >>    
> >>
> >
> >------------------------ MailScanner list ------------------------
> >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> >'leave mailscanner' in the body of the email.
> >Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> >Support MailScanner development - buy the book off the website!
> >  
> >
> 
> -- 
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> 
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> 
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jlmiller at MMTNETWORKS.COM.AU  Fri Dec 30 15:13:19 2005
From: jlmiller at MMTNETWORKS.COM.AU (Jon Miller)
Date: Thu Jan 12 21:31:36 2006
Subject: spamassassin question
Message-ID: <mailman.18375.1137101496.24926.mailscanner@lists.mailscanner.info>

Instead of getting mail marked as Spam, I would like to have the mail deleted.  Where and which file do I set this command?

Thanks

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, "HTML"  Text/PLAIN  17 lines. ]
    [ Unable to print this part. ]


From MailScanner at ecs.soton.ac.uk  Fri Dec 30 15:06:52 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:36 2006
Subject: spamassassin question
Message-ID: <mailman.18376.1137101496.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Jon Miller wrote:

>Instead of getting mail marked as Spam, I would like to have the mail deleted.  Where and which file do I set this command?
>  
>
In /etc/MailScanner/MailScanner.conf set
    Spam Actions = delete
    High Scoring Spam Actions = delete
then do
    service MailScanner reload
to force it to re-read the conf files.

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From micoots at YAHOO.COM  Fri Dec 30 15:28:17 2005
From: micoots at YAHOO.COM (Michael Mansour)
Date: Thu Jan 12 21:31:36 2006
Subject: "Restart Every" option in MailScanner.conf?
Message-ID: <mailman.18377.1137101496.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi,

> On 12/30/05, Michael Mansour <micoots@yahoo.com>
> wrote:
> >
> > Is it correct to say that this setting is only
> > relevant when MailScanner is actually started?
> > (otherwise how could the conf file be read).
> >
> > However, for some reason, MailScanner runs on the
> > standby node, even though I don't have it starting
> up
> > on boot, and I don't have mailscanner-mrtg
> starting it
> > up either (there's a setting in mailscanner-mrtg
> which
> > monitors MailScanner processes). I'm not sure why
> > MailScanner starts on the standby node when it
> > shouldn't.
> >
> 
> The parent MailScanner process never stops running,
> it doesn't perform any
> actual mail work but kills off old children and
> spawns new ones at those
> intervals specified in "Restart every..." and when
> you issue a MailScanner
> reload. The children read the config themselves when
> they start.
> 
> Look for cron jobs that might start MailScanner,
> both crontab for the root
> user and cron.hourly and such directories. On Linux
> systems they are added
> when you install MailScanner.

I found this:

# cat /etc/cron.hourly/check_MailScanner
#!/bin/bash

LOCKFILE=/var/lock/check_Mailscanner.lock
MS_LOCKFILE=/var/lock/subsys/MailScanner.off

if [ -f $MS_LOCKFILE ]; then
  echo "MailScanner manually shut down (no
$MS_LOCKFILE file)."
  echo "Not restarting."
  exit
fi

# the lockfile is not meant to be perfect, it's just
in case the
# two makewhatis cron scripts get run close to each
other to keep
# them from stepping on each other's toes.  The worst
that will
# happen is that they will temporarily corrupt the
database...
[ -f $LOCKFILE ] && exit 0
trap "rm -f $LOCKFILE" EXIT
touch $LOCKFILE
/usr/sbin/check_mailscanner -q # >/dev/null 2>&1
exit 0

which runs MailScanner if it's not started. These
scripts are good when you're running on a single host,
but in a cluster they only cause problems for the
standby node.

I guess all I have to do is remove the cron job and be
sure to set a monitor on the process to tell me when
MailScanner is shutdown.

Thanks for the advice Peter.

Michael.

> --
> /Peter
> 
> ------------------------ MailScanner list
> ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with
> the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki
> (http://wiki.mailscanner.info/) and
> the archives
> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off
> the website!
> 


Send instant messages to your online friends http://au.messenger.yahoo.com 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From michele at BLACKNIGHT.IE  Fri Dec 30 15:08:53 2005
From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight)
Date: Thu Jan 12 21:31:36 2006
Subject: spamassassin question
Message-ID: <mailman.18378.1137101496.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Jon Miller wrote:
> Instead of getting mail marked as Spam, I would like to have the mail deleted.  Where and which file do I set this command?
> 
MailScanner.conf

Look for "spam actions"


-- 
Mr Michele Neylon
Blacknight Solutions
Quality Business Hosting & Colocation
http://www.blacknight.ie/
Tel. 1850 927 280
Intl. +353 (0) 59  9183072
Direct Dial: +353 (0)59 9183090
Fax. +353 (0) 59  9164239

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mailscanner at ELIQUID.COM  Fri Dec 30 15:19:23 2005
From: mailscanner at ELIQUID.COM (Wess Bechard)
Date: Thu Jan 12 21:31:36 2006
Subject: spamassassin question
Message-ID: <mailman.18379.1137101496.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "utf-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Simply set your Spam Actions = delete.




On Fri, 2005-12-30 at 23:13 +0800, Jon Miller wrote:

 Instead of getting mail marked as Spam, I would like to have the mail deleted.  Where and which file do I set this command?

Thanks

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


___________________________________________

Wess Bechard
Information Technology Manager
eliquidMEDIA International Inc.
Visit: www.eliquid.com
Office: 519.973.1930  -  1.800.561.7525
Fax: 519.253.0337
Cell: 519.791.9492
___________________________________________
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From richard.thomas at PSYSOLUTIONS.COM  Fri Dec 30 16:12:11 2005
From: richard.thomas at PSYSOLUTIONS.COM (Richard Thomas)
Date: Thu Jan 12 21:31:36 2006
Subject: Log summaries
Message-ID: <mailman.18380.1137101496.24926.mailscanner@lists.mailscanner.info>

I'd like to put some brief summaries about our spam processing to our 
website for the benefit of our users (some of them seem to be under the 
impression that we're letting spam flood through). I know of vispan etc 
but they seem like they are overly complex. Does anyone have a brief 
primer or example code on how to process the logs to get such data? I'm 
looking for Emails/Spam/Viruses/Delivered particularly.

Thanks

Rich

-- 
MIS Department      | Psychiatric Solutions Inc |Phone: +1 615 312 5787
840 Crescent Ctr Dr |                           |Fax:   +1 615 312 5711
Suite 460           +---------------------------+----------------------
Franklin, TN 37067  |Support: helpdesk@psysolutions.com +1 615 312 5888


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, "S/MIME Cryptographic Signature"  ]
    [ Application/X-PKCS7-SIGNATURE  4.4KB. ]
    [ Unable to print this part. ]


From shuttlebox at GMAIL.COM  Fri Dec 30 16:21:29 2005
From: shuttlebox at GMAIL.COM (shuttlebox)
Date: Thu Jan 12 21:31:36 2006
Subject: "Restart Every" option in MailScanner.conf?
Message-ID: <mailman.18381.1137101496.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 12/30/05, Michael Mansour <micoots@yahoo.com> wrote:
      These
      scripts are good when you're running on a single host,
      but in a cluster they only cause problems for the
      standby node.

      I guess all I have to do is remove the cron job and be
      sure to set a monitor on the process to tell me when
      MailScanner is shutdown.


I'm glad you found the problem.

Is there a reason why you want one system just idling, why not running it
instead? It will share the load and still take all the load if one fails.
It's as easy as assigning an MX record in DNS pointing to both your boxes
with the same "cost".

--
/Peter
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From richard.thomas at PSYSOLUTIONS.COM  Fri Dec 30 16:27:46 2005
From: richard.thomas at PSYSOLUTIONS.COM (Richard Thomas)
Date: Thu Jan 12 21:31:36 2006
Subject: vispan logrotate
Message-ID: <mailman.18382.1137101496.24926.mailscanner@lists.mailscanner.info>

Scott Silva wrote:

>Rodney Green spake the following on 12/7/2005 9:37 AM:
>  
>
>>Hello,
>>
>>How does Vispan handle log rotation? When my maillog file is rotated by
>>logrotate and maillog is an empty file will the stats get all messed up
>>because of that?
>>
>>Thanks,
>>Rod
>>
>>    
>>
>I think Vispan reads the logs every x minutes, and then keeps its own
>data file.
>
>
>  
>
I guess you'll get a blank period between the time when vispan last ran 
and when the log is rotated that the statistics will not be accoutned 
for. If it's really important, you could probably run vispan on the 
rotated log just after it is rotated. Though then it might conflict with 
a cron run vispan unless you use lockfiles (or maybe vispan does itself) 
so it might be more trouble than it's worth.

Rich

-- 
MIS Department      | Psychiatric Solutions Inc |Phone: +1 615 312 5787
840 Crescent Ctr Dr |                           |Fax:   +1 615 312 5711
Suite 460           +---------------------------+----------------------
Franklin, TN 37067  |Support: helpdesk@psysolutions.com +1 615 312 5888


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, "S/MIME Cryptographic Signature"  ]
    [ Application/X-PKCS7-SIGNATURE  4.4KB. ]
    [ Unable to print this part. ]


From joost at WAVERSVELD.NL  Fri Dec 30 16:30:32 2005
From: joost at WAVERSVELD.NL (Joost Waversveld)
Date: Thu Jan 12 21:31:36 2006
Subject: "Restart Every" option in MailScanner.conf?
Message-ID: <mailman.18383.1137101496.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

> instead? It will share the load and still take all the load if one fails.
> It's as easy as assigning an MX record in DNS pointing to both your boxes
> with the same "cost".

This is not true!!! If you assign an MX record with the same cost, then 
the DNS will randomly return one ip. If that IP fails, it will NOT try 
the other, but another MX record with an higher cost or fail.

If you want an fallback, then you must assign different costs', but 
then one server will carry the load, except for a small percentage of 
SPAM messages :D

Greetz,

Joost Waversveld

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From shuttlebox at GMAIL.COM  Fri Dec 30 17:02:06 2005
From: shuttlebox at GMAIL.COM (shuttlebox)
Date: Thu Jan 12 21:31:36 2006
Subject: "Restart Every" option in MailScanner.conf?
Message-ID: <mailman.18384.1137101496.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 12/30/05, Joost Waversveld <joost@waversveld.nl> wrote:
      > instead? It will share the load and still take all the load
      if one fails.
      > It's as easy as assigning an MX record in DNS pointing to
      both your boxes
      > with the same "cost".

      This is not true!!! If you assign an MX record with the same
      cost, then
      the DNS will randomly return one ip. If that IP fails, it
      will NOT try
      the other, but another MX record with an higher cost or fail.


The DNS server will return all records in random order and the client
will normally pick the first one. That makes for easy load sharing. MTA:s
try another MX if one is not available, do you mean that with same cost
that principle is void? That would break RFC974 I think:

 If the list of MX RRs is not empty, the mailer should try to deliver
   the message to the MXs in order (lowest preference value tried
   first).  The mailer is required to attempt delivery to the lowest
   valued MX.  Implementors are encouraged to write mailers so that they
   try the MXs in order until one of the MXs accepts the message, or all
   the MXs have been tried.  A somewhat less demanding system, in which
   a fixed number of MXs is tried, is also reasonable.  Note that

   multiple MXs may have the same preference value.  In this case, all
   MXs at with a given value must be tried before any of a higher value
   are tried.  In addition, in the special case in which there are
   several MXs with the lowest preference value,  all of them should be
   tried before a message is deemed undeliverable.

--
/Peter
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From mkettler at EVI-INC.COM  Fri Dec 30 19:11:11 2005
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:31:36 2006
Subject: Log summaries
Message-ID: <mailman.18385.1137101496.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Richard Thomas wrote:
> I'd like to put some brief summaries about our spam processing to our
> website for the benefit of our users (some of them seem to be under the
> impression that we're letting spam flood through). I know of vispan etc
> but they seem like they are overly complex. Does anyone have a brief
> primer or example code on how to process the logs to get such data? I'm
> looking for Emails/Spam/Viruses/Delivered particularly.
> 
> Thanks

Do you want a text-form report, or would graphs work? If graphs work,
mailscanner-mrtg works VERY well for me.

http://mailscannermrtg.sourceforge.net/

You need snmpd working on the local machine for a few of the graphs (cpu,
memory, maybe disk usage) but if you don't need those graphs you don't need SNMPD.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From joost at WAVERSVELD.NL  Fri Dec 30 19:16:04 2005
From: joost at WAVERSVELD.NL (Joost Waversveld)
Date: Thu Jan 12 21:31:36 2006
Subject: "Restart Every" option in MailScanner.conf?
Message-ID: <mailman.18386.1137101496.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

> On 12/30/05, Joost Waversveld <joost@waversveld.nl> wrote:
>>
>> > instead? It will share the load and still take all the load if one
>> fails.
>> > It's as easy as assigning an MX record in DNS pointing to both your
>> boxes
>> > with the same "cost".
>>
>> This is not true!!! If you assign an MX record with the same cost, then
>> the DNS will randomly return one ip. If that IP fails, it will NOT try
>> the other, but another MX record with an higher cost or fail.
>>
>
> The DNS server will return all records in random order and the client will
> normally pick the first one. That makes for easy load sharing. MTA:s try
> another MX if one is not available, do you mean that with same cost that
> principle is void? That would break RFC974 I think:
>
> If the list of MX RRs is not empty, the mailer should try to deliver
>   the message to the MXs in order (lowest preference value tried
>   first).  The mailer is required to attempt delivery to the lowest
>   valued MX.  Implementors are encouraged to write mailers so that they
>   try the MXs in order until one of the MXs accepts the message, or all
>   the MXs have been tried.  A somewhat less demanding system, in which
>   a fixed number of MXs is tried, is also reasonable.  Note that
>   multiple MXs may have the same preference value.  In this case, all
>   MXs at with a given value must be tried before any of a higher value
>   are tried.  In addition, in the special case in which there are
>   several MXs with the lowest preference value,  all of them should be
>   tried before a message is deemed undeliverable.
>
>
> --
> /Peter
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

Yes, this would break the RFC. Unfortunately you're depending on the 
sending MTA so that would mean you COULD lose some e-mail. I've seen it 
happen, but I cannot remember the exact situation.....

Personally I do not want to depend on some one else's mailserver if you 
understand what I mean....

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From taz at TAZ-MANIA.COM  Fri Dec 30 20:02:45 2005
From: taz at TAZ-MANIA.COM (Dennis Willson)
Date: Thu Jan 12 21:31:36 2006
Subject: Log summaries
Message-ID: <mailman.18387.1137101496.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

You could try MailWatch. It can give each user a web login that lets them see all of their own email that MailScanner is keep from 
them. It can also be setup to allow them to "release" anything they decide they actually want.

They can also look at a number of different reports showing how much total email and the how much of it was Spam, etc...

Really cool stuff. I have it set so my users get an email everyday showing what they didn't get with a link to release it if they 
decide they want it.

Dennis

Richard Thomas wrote:
> I'd like to put some brief summaries about our spam processing to our 
> website for the benefit of our users (some of them seem to be under the 
> impression that we're letting spam flood through). I know of vispan etc 
> but they seem like they are overly complex. Does anyone have a brief 
> primer or example code on how to process the logs to get such data? I'm 
> looking for Emails/Spam/Viruses/Delivered particularly.
> 
> Thanks
> 
> Rich
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From naolson at GMAIL.COM  Fri Dec 30 20:08:00 2005
From: naolson at GMAIL.COM (Nathan Olson)
Date: Thu Jan 12 21:31:36 2006
Subject: Log summaries
Message-ID: <mailman.18388.1137101496.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I have a small Perl script that does exactly this.  I'll talk to my
boss and see if I can release it.

Nate

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ryan at MARINOCRANE.COM  Fri Dec 30 20:09:00 2005
From: ryan at MARINOCRANE.COM (Ryan Pitt)
Date: Thu Jan 12 21:31:36 2006
Subject: Log summaries
Message-ID: <mailman.18389.1137101496.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Dennis Willson wrote:

> Really cool stuff. I have it set so my users get an email everyday 
> showing what they didn't get with a link to release it if they decide 
> they want it.

Now that sounds good!  Is this part of MailWatch or something you added 
on?  I dont remember seeing it as a feature.  If its something you added 
on, care to share how you did it.
Many thanks and Happy New Year
Ryan

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From taz at TAZ-MANIA.COM  Fri Dec 30 20:12:29 2005
From: taz at TAZ-MANIA.COM (Dennis Willson)
Date: Thu Jan 12 21:31:36 2006
Subject: Log summaries
Message-ID: <mailman.18390.1137101496.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

It's part of MailWatch... It's a script that runs everyday and builds the reports from the database.

Ryan Pitt wrote:
> Dennis Willson wrote:
> 
>> Really cool stuff. I have it set so my users get an email everyday 
>> showing what they didn't get with a link to release it if they decide 
>> they want it.
> 
> 
> Now that sounds good!  Is this part of MailWatch or something you added 
> on?  I dont remember seeing it as a feature.  If its something you added 
> on, care to share how you did it.
> Many thanks and Happy New Year
> Ryan
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Fri Dec 30 20:20:45 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:36 2006
Subject: "Restart Every" option in MailScanner.conf?
Message-ID: <mailman.18391.1137101496.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 30/12/05, Joost Waversveld <joost@waversveld.nl> wrote:
>(snip)
>
> Yes, this would break the RFC. Unfortunately you're depending on the
> sending MTA so that would mean you COULD lose some e-mail. I've seen it
> happen, but I cannot remember the exact situation.....
>
> Personally I do not want to depend on some one else's mailserver if you
> understand what I mean....
>

?
You *always* (or rather _they_ always) depend on the sending MTA doing
"the right thing"... Fortunately for you, until the time "they"
actually succeed in sending you the message, it's none of your
concern. ... So Peter is right...;)

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Fri Dec 30 20:29:19 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:36 2006
Subject: OT: Happy New Year!
Message-ID: <mailman.18392.1137101496.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

... to all of you who recognize december 31 as the final day of the
"old" year... Well, I'm a bit early, but in the timetested traditional
swedish way... I'm headed straight into the usual alcohol-induced
mists... Will probably not be able to email anything before sometime
in january:-)

Also would like to extend a special thanks to Jules and Steve
(Freegard). Keep up the fantastic work another year guys!

Anyway, have a good one!
Cheers
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From joost at WAVERSVELD.NL  Fri Dec 30 21:06:52 2005
From: joost at WAVERSVELD.NL (Joost Waversveld)
Date: Thu Jan 12 21:31:36 2006
Subject: "Restart Every" option in MailScanner.conf?
Message-ID: <mailman.18393.1137101496.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

> On 30/12/05, Joost Waversveld <joost@waversveld.nl> wrote:
>> (snip)
>>
>> Yes, this would break the RFC. Unfortunately you're depending on the
>> sending MTA so that would mean you COULD lose some e-mail. I've seen it
>> happen, but I cannot remember the exact situation.....
>>
>> Personally I do not want to depend on some one else's mailserver if you
>> understand what I mean....
>>
>
> ?
> You *always* (or rather _they_ always) depend on the sending MTA doing
> "the right thing"... Fortunately for you, until the time "they"
> actually succeed in sending you the message, it's none of your
> concern. ... So Peter is right...;)
>
> --
> -- Glenn
> email: glenn < dot > steen < at > gmail < dot > com
> work: glenn < dot > steen < at > ap1 < dot > se
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

Ok, you're right that it SHOULD be the sender's problem, because they 
use an MTA which does not follow the RFC.

I did not know the text from the RFC till you mentoined it. Now I do, I 
see my advice is wrong, so please ignore it.

On the other hand, I really do not want to explain to our customers 
that they lost e-mail because of this, although we are not to blame. In 
their vision it would be our fault.

Greets,

Joost Waversveld.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From naolson at GMAIL.COM  Fri Dec 30 21:10:17 2005
From: naolson at GMAIL.COM (Nathan Olson)
Date: Thu Jan 12 21:31:36 2006
Subject: Log summaries
Message-ID: <mailman.18394.1137101496.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

The attached may be up your alley.

Nate

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, Application/X-PERL  3.3KB. ]
    [ Unable to print this part. ]


From MailScanner at ecs.soton.ac.uk  Fri Dec 30 21:30:03 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:36 2006
Subject: OT: Happy New Year!
Message-ID: <mailman.18395.1137101496.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Thankyou!
Hopefully 2006 will be a prosperous year. I am putting my toes in the 
water of the commercial world on the back of MailScanner, so hopefully I 
will see some reward before the year is out.

My personal thanks to Steve for writing MailWatch, which has had a huge 
impact on the number of sites installing MailScanner as they can produce 
reports for management and manage their quarantine among all its zillion 
of other features.

May 2006 be even better than 2005 !

Have a good one.
Regards,
Jules.

P.S. I still intend to release 4.49 on Jan 1st.

Glenn Steen wrote:

>... to all of you who recognize december 31 as the final day of the
>"old" year... Well, I'm a bit early, but in the timetested traditional
>swedish way... I'm headed straight into the usual alcohol-induced
>mists... Will probably not be able to email anything before sometime
>in january:-)
>
>Also would like to extend a special thanks to Jules and Steve
>(Freegard). Keep up the fantastic work another year guys!
>
>Anyway, have a good one!
>Cheers
>--
>-- Glenn
>  
>

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Fri Dec 30 22:03:04 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:36 2006
Subject: "Restart Every" option in MailScanner.conf?
Message-ID: <mailman.18396.1137101496.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 30/12/05, Joost Waversveld <joost@waversveld.nl> wrote:
> > On 30/12/05, Joost Waversveld <joost@waversveld.nl> wrote:
> >> (snip)
> >>
> >> Yes, this would break the RFC. Unfortunately you're depending on the
> >> sending MTA so that would mean you COULD lose some e-mail. I've seen it
> >> happen, but I cannot remember the exact situation.....
> >>
> >> Personally I do not want to depend on some one else's mailserver if you
> >> understand what I mean....
> >>
> >
> > ?
> > You *always* (or rather _they_ always) depend on the sending MTA doing
> > "the right thing"... Fortunately for you, until the time "they"
> > actually succeed in sending you the message, it's none of your
> > concern. ... So Peter is right...;)
> >
> > --
> > -- Glenn
> > email: glenn < dot > steen < at > gmail < dot > com
> > work: glenn < dot > steen < at > ap1 < dot > se
> >
> > ------------------------ MailScanner list ------------------------
> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> > Support MailScanner development - buy the book off the website!
> >
>
> Ok, you're right that it SHOULD be the sender's problem, because they
> use an MTA which does not follow the RFC.
>
> I did not know the text from the RFC till you mentoined it. Now I do, I
> see my advice is wrong, so please ignore it.
>
> On the other hand, I really do not want to explain to our customers
> that they lost e-mail because of this, although we are not to blame. In
> their vision it would be our fault.
>
> Greets,
>
> Joost Waversveld.
>
:-)
God save us all from luser customers:-)

Happy new year!

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Fri Dec 30 23:11:49 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:36 2006
Subject: "Restart Every" option in MailScanner.conf?
Message-ID: <mailman.18397.1137101496.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

> 
> Ok, you're right that it SHOULD be the sender's problem, because they
> use an MTA which does not follow the RFC.
> 
> I did not know the text from the RFC till you mentoined it. Now I do, I
> see my advice is wrong, so please ignore it.
> 
> On the other hand, I really do not want to explain to our customers that
> they lost e-mail because of this, although we are not to blame. In their
> vision it would be our fault.
> 
> Greets,
> 
> Joost Waversveld.
> 
IMHO it seems that only spammers seem to use a mailer that won't at
least try several times to send mail, and not consider mail delivered
until actually acnowledged by the receiving MTA.

-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From drew at THEMARSHALLS.CO.UK  Fri Dec 30 23:41:22 2005
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:31:36 2006
Subject: OT: Happy New Year!
Message-ID: <mailman.18398.1137101496.24926.mailscanner@lists.mailscanner.info>

On 30 Dec 2005, at 20:29, Glenn Steen wrote:

> ... to all of you who recognize december 31 as the final day of the
> "old" year... Well, I'm a bit early, but in the timetested traditional
> swedish way... I'm headed straight into the usual alcohol-induced
> mists... Will probably not be able to email anything before sometime
> in january:-)
>
> Also would like to extend a special thanks to Jules and Steve
> (Freegard). Keep up the fantastic work another year guys!
>
> Anyway, have a good one!
> Cheers

Have a good one yourself Glenn and to everyone else out there in  
'MailScanner land' :-)

May 2006 bring spam and infection free inboxes (But not so clear that  
Jules' commercial adventure doesn't achieve the success it deserves)

Drew

-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From micoots at YAHOO.COM  Sat Dec 31 00:08:34 2005
From: micoots at YAHOO.COM (Michael Mansour)
Date: Thu Jan 12 21:31:36 2006
Subject: "Restart Every" option in MailScanner.conf?
Message-ID: <mailman.18399.1137101496.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi Peter,

--- shuttlebox <shuttlebox@GMAIL.COM> wrote:

> On 12/30/05, Michael Mansour <micoots@yahoo.com>
> wrote:
> >
> > These
> > scripts are good when you're running on a single
> host,
> > but in a cluster they only cause problems for the
> > standby node.
> >
> > I guess all I have to do is remove the cron job
> and be
> > sure to set a monitor on the process to tell me
> when
> > MailScanner is shutdown.
> >
> 
> I'm glad you found the problem.
> 
> Is there a reason why you want one system just
> idling, why not running it
> instead? It will share the load and still take all
> the load if one fails.
> It's as easy as assigning an MX record in DNS
> pointing to both your boxes
> with the same "cost".

Yeah I understand that, but the cluster is setup in a
HA failover cluster, there's a shared disk array
between the two, and the inbound mail directory exists
on the shared storage device, which is only mounted on
one server at a time.

The standby node literally does just sit there waiting
for failover, which may not be an ideal "use of
resources", but is the way I want it at present.

Michael.


Send instant messages to your online friends http://au.messenger.yahoo.com 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jlmiller at MMTNETWORKS.COM.AU  Sat Dec 31 01:51:53 2005
From: jlmiller at MMTNETWORKS.COM.AU (Jon Miller)
Date: Thu Jan 12 21:31:36 2006
Subject: Process did not exit cleanly
Message-ID: <mailman.18400.1137101496.24926.mailscanner@lists.mailscanner.info>

Debian 3.1
Mailscanner 4.41.3-2
Spamassassin  3.0.3-2
Postfix  2.1.5-9 
MailWatch 1.0.3

I've had to rebuild Mailscanner and Spamassassin over the last few days and did a complete uninstall and reinstall.
Mail started working okay both incoming and outgoing, had a look at my /var/log/messages and started noticing a continuing entry of the following messages.  Anyone know the fix?

I getting repeated messages in /var/log/messages stating:
Dec 31 09:00:40 mail postfix: Process did not exit cleanly, returned 126 with signal 0
Dec 31 09:00:51 mail postfix: Process did not exit cleanly, returned 126 with signal 0
Dec 31 09:03:44 mail postfix: Process did not exit cleanly, returned 2 with signal 0
Dec 31 09:04:29 mail postfix: Process did not exit cleanly, returned 126 with signal 0
Dec 31 09:08:03 mail postfix: Process did not exit cleanly, returned 2 with signal 0
Dec 31 09:09:36 mail postfix: Process did not exit cleanly, returned 2 with signal 0
Dec 31 09:10:48 mail postfix: Process did not exit cleanly, returned 126 with signal 0
Dec 31 09:16:09 mail postfix: Process did not exit cleanly, returned 2 with signal 0
Dec 31 09:16:23 mail postfix: Process did not exit cleanly, returned 2 with signal 0
Dec 31 09:17:14 mail postfix: Process did not exit cleanly, returned 126 with signal 0
Dec 31 09:17:25 mail postfix: Process did not exit cleanly, returned 2 with signal 0
Dec 31 09:18:32 mail postfix: Process did not exit cleanly, returned 126 with signal 0

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, "HTML"  Text/PLAIN  40 lines. ]
    [ Unable to print this part. ]


From markee at bandwidthco.com  Sat Dec 31 03:14:20 2005
From: markee at bandwidthco.com (Mark E. Donaldson)
Date: Thu Jan 12 21:31:36 2006
Subject: Process did not exit cleanly
Message-ID: <mailman.18401.1137101496.24926.mailscanner@lists.mailscanner.info>

You're K-script for Postfix is either not present or not working. 


##########################################
This is coming from the home and office of:

Mark E. Donaldson
Bandwidthco Computer Security
markee@bandwidthco.com
http://www.bandwidthco.com/

Copyright C 1999 Bandwidthco.com. All rights reserved.

4500 0028 a66b 4000 8006 d307 c0a8 000a
c0a8 0002 0871 0bc3 572b 25f7 ca7d 1b60
5010 f64c c0f6 0000 0000 0000 0000
##########################################
CCNA, OCP, GSEC, GCFW, GCIH, GCIA, GCUX, GCFA, X-Ways (WinHex) Forensics
Certified
##########################################
Hacking is the process of influencing a computer system
in such a way that it performs an action that is useful to you.
##########################################
  .~.    
  /V\     
  /( )\   
^^-^^ 


-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Jon Miller
Sent: Friday, December 30, 2005 5:52 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Process did not exit cleanly

Debian 3.1
Mailscanner 4.41.3-2
Spamassassin  3.0.3-2
Postfix  2.1.5-9
MailWatch 1.0.3

I've had to rebuild Mailscanner and Spamassassin over the last few days and
did a complete uninstall and reinstall.
Mail started working okay both incoming and outgoing, had a look at my
/var/log/messages and started noticing a continuing entry of the following
messages.  Anyone know the fix?

I getting repeated messages in /var/log/messages stating:
Dec 31 09:00:40 mail postfix: Process did not exit cleanly, returned 126
with signal 0 Dec 31 09:00:51 mail postfix: Process did not exit cleanly,
returned 126 with signal 0 Dec 31 09:03:44 mail postfix: Process did not
exit cleanly, returned 2 with signal 0 Dec 31 09:04:29 mail postfix: Process
did not exit cleanly, returned 126 with signal 0 Dec 31 09:08:03 mail
postfix: Process did not exit cleanly, returned 2 with signal 0 Dec 31
09:09:36 mail postfix: Process did not exit cleanly, returned 2 with signal
0 Dec 31 09:10:48 mail postfix: Process did not exit cleanly, returned 126
with signal 0 Dec 31 09:16:09 mail postfix: Process did not exit cleanly,
returned 2 with signal 0 Dec 31 09:16:23 mail postfix: Process did not exit
cleanly, returned 2 with signal 0 Dec 31 09:17:14 mail postfix: Process did
not exit cleanly, returned 126 with signal 0 Dec 31 09:17:25 mail postfix:
Process did not exit cleanly, returned 2 with signal 0 Dec 31 09:18:32 mail
postfix: Process did not exit cleanly, returned 126 with signal 0

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

########################################################
This message has been scanned for viruses and dangerous content by
MailScanner, and is believed to be clean.

postmaster@bandwidthco.com
MailScanner at Bandwidthco Computer Security is for your absolute
protection.
########################################################




########################################################
This message has been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.

postmaster@bandwidthco.com
MailScanner at Bandwidthco Computer Security is for your absolute protection.
########################################################

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jlmiller at MMTNETWORKS.COM.AU  Sat Dec 31 07:26:44 2005
From: jlmiller at MMTNETWORKS.COM.AU (Jon Miller)
Date: Thu Jan 12 21:31:36 2006
Subject: Process did not exit cleanly
Message-ID: <mailman.18402.1137101496.24926.mailscanner@lists.mailscanner.info>

I figured out what you meant by the K script (duh), but why would I need one... just curious

>>> "Mark E. Donaldson" <markee@BANDWIDTHCO.COM> 11:14:20 am 31/12/2005 >>>
You're K-script for Postfix is either not present or not working. 


##########################################
This is coming from the home and office of:

Mark E. Donaldson
Bandwidthco Computer Security
markee@bandwidthco.com
http://www.bandwidthco.com/

Copyright C 1999 Bandwidthco.com. All rights reserved.

4500 0028 a66b 4000 8006 d307 c0a8 000a
c0a8 0002 0871 0bc3 572b 25f7 ca7d 1b60
5010 f64c c0f6 0000 0000 0000 0000
##########################################
CCNA, OCP, GSEC, GCFW, GCIH, GCIA, GCUX, GCFA, X-Ways (WinHex) Forensics
Certified
##########################################
Hacking is the process of influencing a computer system
in such a way that it performs an action that is useful to you.
##########################################
  .~.    
  /V\     
  /( )\   
^^-^^ 


-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Jon Miller
Sent: Friday, December 30, 2005 5:52 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Process did not exit cleanly

Debian 3.1
Mailscanner 4.41.3-2
Spamassassin  3.0.3-2
Postfix  2.1.5-9
MailWatch 1.0.3

I've had to rebuild Mailscanner and Spamassassin over the last few days and
did a complete uninstall and reinstall.
Mail started working okay both incoming and outgoing, had a look at my
/var/log/messages and started noticing a continuing entry of the following
messages.  Anyone know the fix?

I getting repeated messages in /var/log/messages stating:
Dec 31 09:00:40 mail postfix: Process did not exit cleanly, returned 126
with signal 0 Dec 31 09:00:51 mail postfix: Process did not exit cleanly,
returned 126 with signal 0 Dec 31 09:03:44 mail postfix: Process did not
exit cleanly, returned 2 with signal 0 Dec 31 09:04:29 mail postfix: Process
did not exit cleanly, returned 126 with signal 0 Dec 31 09:08:03 mail
postfix: Process did not exit cleanly, returned 2 with signal 0 Dec 31
09:09:36 mail postfix: Process did not exit cleanly, returned 2 with signal
0 Dec 31 09:10:48 mail postfix: Process did not exit cleanly, returned 126
with signal 0 Dec 31 09:16:09 mail postfix: Process did not exit cleanly,
returned 2 with signal 0 Dec 31 09:16:23 mail postfix: Process did not exit
cleanly, returned 2 with signal 0 Dec 31 09:17:14 mail postfix: Process did
not exit cleanly, returned 126 with signal 0 Dec 31 09:17:25 mail postfix:
Process did not exit cleanly, returned 2 with signal 0 Dec 31 09:18:32 mail
postfix: Process did not exit cleanly, returned 126 with signal 0

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

########################################################
This message has been scanned for viruses and dangerous content by
MailScanner, and is believed to be clean.

postmaster@bandwidthco.com
MailScanner at Bandwidthco Computer Security is for your absolute
protection.
########################################################




########################################################
This message has been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.

postmaster@bandwidthco.com
MailScanner at Bandwidthco Computer Security is for your absolute protection.
########################################################

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, "HTML"  Text/HTML  92 lines. ]
    [ Unable to print this part. ]


From lbcadmin at GMAIL.COM  Sat Dec 31 23:14:43 2005
From: lbcadmin at GMAIL.COM (Information Services)
Date: Thu Jan 12 21:31:36 2006
Subject: archiving to a file location - what are the qf and df files?
Message-ID: <mailman.18403.1137101496.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

qf and df files are the message and message header, but I am not sure
what you are wanting to do with the file attachements

On 12/29/05, Diane Rolland <drolland@kdinet.com> wrote:

      Greetings;

       

      I'm wanting to set up an archive rule that send email to a
      specific file location.  I have the rule working and they go
      into the YYYYMMDD folder.  My question is what are the qf and
      df files?  Ultimately, I'll want to extract file attachments
      from the document and process them in an application.

       

      Has anyone done something similar to this and have any
      suggestions?

       

      Thanks in advance,

      Diane


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki ( http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html
).

Support MailScanner development - buy the book off the website!



------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From P.G.M.Peters at UTWENTE.NL  Sat Dec 31 23:19:36 2005
From: P.G.M.Peters at UTWENTE.NL (Peter Peters)
Date: Thu Jan 12 21:31:36 2006
Subject: page did not come through
Message-ID: <mailman.18404.1137101496.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "UTF-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Information Services wrote on 31-12-2005 23:47:

> /var/log/maillog info:
> Dec 31 10:12:29 wks-lin9 sendmail[12114]: jBVGCKYm012097: to=tmunged@imap.munged.com <mailto:tmunged@imap.munged.com> ,rcmunged@imap.munged.com
>  <mailto:rcmunged@imap.munged.com>,btmunged@imap.munged.com <mailto:btmunged@imap.munged.com>, delay=00:00:09, xdelay=00:00:00, mailer=esmtp, pri=213456, relay=imap.munged.com <http://imap.munged.com>. [
> 172.16.3.106 <http://172.16.3.106>], dsn=2.0.0, stat=Sent (jBVGCT1x004535 Message accepted for delivery)

Have you checked the logs on 172.16.3.106 and looked for jBVGCT1x004535?

- --
Peter Peters, senior beheerder (Security)
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente,  Postbus 217,  7500 AE  Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDtxIIMbmy+DDgnIURArsJAJ9rIOU69M4dqET5kPDZ54cqt43uUgCg5FUv
EEUXtvzQpHsRaOHJ+hfpKYo=
=EvWg
-----END PGP SIGNATURE-----

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From lbcadmin at GMAIL.COM  Sat Dec 31 22:47:45 2005
From: lbcadmin at GMAIL.COM (Information Services)
Date: Thu Jan 12 21:31:36 2006
Subject: {Disarmed} page did not come through
Message-ID: <mailman.18405.1137101496.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "UTF-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I have something I have not seen before.

I am running CentOS 4.1
Mailscanner 4-47.4-2
sendmail 8.13.4-1
MailWatch 1.0.1
spamassasin 3.1.0
webmin 1.210

My boss did not receive his alpha page today from a user, but during a
test page to himself he received it just fine.

In my aliase file, he is setup fine, (he must be since this has not been
a problem before and he successfully tested an alpha page to himself)

I had looked in the MailWatch logs and found the alpha page for him,
along with other users, but when I checked /var/log/maillog here is what
I get:
I am not sure why his alpha page did not get processed...any ideas?

MailWatch log:
Message Headers:    Return-Path: <�g>
Received: from pc11642 ([numericlinkwarning 172.16.11.163])
     by mail2.munged.com (8.13.4/8.13.4) with ESMTP id jBVGCKYm012097;
     Sat, 31 Dec 2005 10:12:20 -0600
Reply-To: <wjmunged@munged.com>
From: "Wayne Munged" <wjmunged@munged.com>
To: "'Riley H. Munged'" <rcmunged@munged.com>,
"Riley \(Alpha Pager\) Munged" <rcmunged.pager@munged.com>
Cc: "'Barry Munged'" <btmunged@munged.com>,
"'Tom Munged" <tsmunged@munged.com>
Subject: SVNT
Date: Sat, 31 Dec 2005 10:12:20 -0600
Organization: Munged, Inc.
Message-ID: <003f01c60e24$fa6d81d0$a30b10ac@pc11642>
MIME-Version: 1.0
Content-Type: multipart/alternative;
     boundary="----=_NextPart_000_0040_01C60DF2.AFD311D0"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.6626
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
Importance: Normal


 /var/log/maillog info:
Dec 31 10:12:29 wks-lin9 sendmail[12114]: jBVGCKYm012097: to=tmunged@imap.munged.com ,rcmunged@imap.munged.com
,btmunged@imap.munged.com, delay=00:00:09, xdelay=00:00:00, mailer=esmtp, pri=213456, relay=imap.munged.com. [numericlinkwarning 
172.16.3.106], dsn=2.0.0, stat=Sent (jBVGCT1x004535 Message accepted for delivery)




From drolland at KDINET.COM  Sat Dec 31 23:51:44 2005
From: drolland at KDINET.COM (Diane Rolland)
Date: Thu Jan 12 21:31:36 2006
Subject: archiving to a file location - what are the qf and df files?
Message-ID: <mailman.18406.1137101496.24926.mailscanner@lists.mailscanner.info>


Thanks for the response; The application developer (not me!!!) has
figured it out and all is working well.

 


________________________________________________________________________________


From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of Information Services
Sent: Saturday, December 31, 2005 5:15 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: archiving to a file location - what are the qf and df files?

 

qf and df files are the message and message header, but I am not sure
what you are wanting to do with the file attachements

On 12/29/05, Diane Rolland <drolland@kdinet.com> wrote:

Greetings;

 

I'm wanting to set up an archive rule that send email to a specific file
location.  I have the rule working and they go into the YYYYMMDD folder. 
My question is what are the qf and df files?  Ultimately, I'll want to
extract file attachments from the document and process them in an
application.

 

Has anyone done something similar to this and have any suggestions?

 

Thanks in advance,

Diane


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki ( http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html ).

Support MailScanner development - buy the book off the website!



------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From MailScanner at ecs.soton.ac.uk  Sat Dec 31 18:47:23 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:36 2006
Subject: Speedups
Message-ID: <mailman.18407.1137101496.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Tomorrow's release will include speedup code for sendmail, Exim and 
Postfix, as these are by far the most popular platforms for MailScanner.
I will then try some work on speeding up calls to SpamAssassin. This 
will probably only give 5% to 10% increase in speed, but it's my next 
target.
The biggest time-consumer is the extraction of attachments from 
messages. The Vodafone SHARK team have helped a lot with that, and I 
don't think there's much more I can do there.
So I'm going to try to speed up SpamAssassin, by trying it without a 
timeout. You will be able to control whether this feature is switched on 
or off. By default I'll ship it in the "safe" mode with a timeout. I'll 
let you experiment for a while before even contemplating changing the 
default timeout to 0 (i.e. no timeout at all).

Happy New Year everyone!

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!