From carinus.carelse at MRC.AC.ZA Tue Feb 1 04:56:17 2005 From: carinus.carelse at MRC.AC.ZA (Carinus Carelse) Date: Thu Jan 12 21:28:22 2006 Subject: Whitelisting another query Message-ID: i have implemented the whitelisting now how do i check that it is actually doing this. Carinus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From carinus.carelse at MRC.AC.ZA Tue Feb 1 05:29:45 2005 From: carinus.carelse at MRC.AC.ZA (Carinus Carelse) Date: Thu Jan 12 21:28:23 2006 Subject: Whitelisting another query Message-ID: I wonder could you go so far as to say just a .com domain in the whitelist. Carinus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kte at NEXIS.BE Tue Feb 1 08:31:50 2005 From: kte at NEXIS.BE (Koen Teugels) Date: Thu Jan 12 21:28:23 2006 Subject: Someone in the USA with a printer? I need a quick favour Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Scott Silva wrote: > >> Julian Field wrote: >> >>> Is the US-Letter version better than printing the original, or >>> should I not bother with the US Letter version at all? >>> >>> Dirk Enrique Seiffert wrote: >>> >>>> Not really USA but Colombia - We use lettersize, too. Printed just >>>> straight forward without adjustments from acroread, looks perfect. >>>> >>>> Best wishes >>>> >>>> Enrique >>>> >>>> El Vie 28 Ene 2005 17:22, Julian Field escribió: >>>> >>>> >>>>> I need to ask a quick favour. >>>>> >>>>> I need someone with 8.5 x 11 inch paper. >>>>> Please can you download >>>>> http://www.sng.ecs.soton.ac.uk/mailscanner/MailScannerFlyer.pdf >>>>> (or extract it from the 4.38 distribution). >>>>> >>>>> I would then like you to print it with the smallest margins you >>>>> can set. >>>>> >>>>> Does it look okay? >>>>> Is there anything important missed off the top/bottom/sides? >>>>> >>>>> Where would be the best place to remove the extra bit from the top or >>>>> bottom so that it would print better on USA paper sizes? >>>>> >>>>> Many thanks! >>>> >>>> >> My acrobat is set to reduce to fit, and it just leaves a little >> whitespace around the edges. And except for the top picture, it looks >> great on a Color Laserjet. > > > Great. Many thanks for that. > >> >> But on another subject, what is that ruleset editor on the last >> screenshot on page 2? Is that also from Mailwatch? >> I might just have to give Mailwatch a go! > > > The ruleset editor is a sneak preview of a product to come... (I'm not > going to tell you any more, you will find out soon enough anyway :-) > Is it also os the product? Koen ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at BARENDSE.TO Tue Feb 1 09:05:18 2005 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:28:23 2006 Subject: SpamAss. 3.0.2 upgrade? Message-ID: I downloaded and installed the latest tarball for install-SA-clamav which includes SA 3.0.2. I ran the install script but I get this : Oh good, module Mail::SpamAssassin version 3.0.2 is already installed. [root@gw install-Clam-SA]# spamassassin --version SpamAssassin version 3.0.1 Guess this is not correct? Cheers! Remco ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Feb 1 09:21:07 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:23 2006 Subject: SpamAss. 3.0.2 upgrade? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I would say you have 2 copies of perl installed. One in /usr/bin/perl and one in another directory which is earlier on your $PATH than /usr/bin. You will get in *such* a mess if you have multiple copies of Perl, particularly if your $PATH is set wrong. Do /usr/bin/perl -V and perl -V and you will probably get different output. Remco Barendse wrote: > I downloaded and installed the latest tarball for install-SA-clamav which > includes SA 3.0.2. > > I ran the install script but I get this : > > Oh good, module Mail::SpamAssassin version 3.0.2 is already installed. > > [root@gw install-Clam-SA]# spamassassin --version > SpamAssassin version 3.0.1 > > Guess this is not correct? > > Cheers! > Remco > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Feb 1 09:19:03 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:23 2006 Subject: Whitelisting another query Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Yes. A rule that say From: *.com yes will do the job. Carinus Carelse wrote: > I wonder could you go so far as to say just a *.com* domain in the > whitelist. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Feb 1 09:18:08 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:23 2006 Subject: Why does MailScanner not like my Football club? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You are going to have to give us a lot more information than that. There should be an AttachmentWarning.txt attachment in the message. What does that say? Lance Haig wrote: > Hi, > > I have mail I recieve from a football club mailing list and it is > stopped under the "Other Bad Content Detected" > > I am not sure if Julian has something against "Spurs" :-) > > Anyway why would a message be marked as "Other Bad Content Detected" > and can I stop it being blocked? > > Thanks again > > Lance > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From carinus.carelse at MRC.AC.ZA Tue Feb 1 09:39:55 2005 From: carinus.carelse at MRC.AC.ZA (Carinus Carelse) Date: Thu Jan 12 21:28:23 2006 Subject: Whitelisting not working for all messages Message-ID: My whitelist file looks like this currently. the TO: field one works but the From: field one does not at all. From: *@domain.com yes To: *@domain2.com yes Carinus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Feb 1 09:47:57 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:23 2006 Subject: Whitelisting not working for all messages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You will probably find the real envelope sender address is different from the From: header contents. Take a look in your maillog to find the real addresses, or switch on the "X-Envelope-From" header (or whatever I called it) in MailScanner.conf and take a look at the headers of a message coming in. My best guess would be that you need *@*.domain.com as well as *@domain.com but that is a guess. Carinus Carelse wrote: >My whitelist file looks like this currently. the TO: field one works >but the From: field one does not at all. > >From: *@domain.com yes >To: *@domain2.com yes > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Tue Feb 1 11:00:43 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:28:23 2006 Subject: blacklist does not work Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] hello, think i´ve done right but the blacklist does not work for me ?!? inside MailScanner.conf: Is Definitely Spam = %rules-dir%/spam.blacklist.rules /etc/MailScanner/rules -rw-r--r-- 1 root root 518 Feb 1 11:42 spam.blacklist.rules -rw-r--r-- 1 root root 1106 Feb 1 10:22 spam.whitelist.rules spam.blacklist.rules: To: spam@host.domain12345.de From: andreas@domain135.de host.domain12345.de is the mailscanner host, the other is my personal mail. nothing will be blocked and im sure the one setting in ms conf is enough, or not ? didnt found something in the archive, dont hit me if im to silly to search ;) greetings andy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Feb 1 11:12:46 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:23 2006 Subject: blacklist does not work Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dörfler Andreas wrote: >hello, > >think i´ve done right but the blacklist does not work for me ?!? > >inside MailScanner.conf: >Is Definitely Spam = %rules-dir%/spam.blacklist.rules > >/etc/MailScanner/rules >-rw-r--r-- 1 root root 518 Feb 1 11:42 spam.blacklist.rules >-rw-r--r-- 1 root root 1106 Feb 1 10:22 spam.whitelist.rules > >spam.blacklist.rules: >To: spam@host.domain12345.de >From: andreas@domain135.de > >host.domain12345.de is the mailscanner host, the other is my personal mail. > >nothing will be blocked and im sure the one setting in ms conf is enough, or >not ? > >didnt found something in the archive, dont hit me if im to silly to search >;) > > Don't worry, we all (except me, I guess :-) had to start somewhere. You nearly have the syntax right, but you have missed the "yes" off the end of each line. To: spam@host.domain12345.de yes From: andreas@domain135.de yes As for any matching rule, that value you want to return to "Is Definitely Spam" is the answer "yes". Make those changes, then "service MailScanner reload" if you are running most Linuxes. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jim at SASHBOX.NET Tue Feb 1 11:14:39 2005 From: jim at SASHBOX.NET (Jim Barry) Date: Thu Jan 12 21:28:23 2006 Subject: blacklist does not work Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You need a "yes" or "no" at the end of your rules.. If you want to mark all email FROM andreas@domain135.de AND TO spam@host.domain12345.de ... It would be written like this in a definite spam rules file: To: spam@host.domain12345.de AND FROM: andreas@domain135.de yes On Tue, February 1, 2005 6:00 am, Dörfler Andreas said: > hello, > > think i´ve done right but the blacklist does not work for me ?!? > > inside MailScanner.conf: Is Definitely Spam = > %rules-dir%/spam.blacklist.rules > > > /etc/MailScanner/rules > -rw-r--r-- 1 root root 518 Feb 1 11:42 spam.blacklist.rules > -rw-r--r-- 1 root root 1106 Feb 1 10:22 spam.whitelist.rules > > > spam.blacklist.rules: > To: spam@host.domain12345.de > From: andreas@domain135.de > > > host.domain12345.de is the mailscanner host, the other is my personal > mail. > > nothing will be blocked and im sure the one setting in ms conf is enough, > or not ? > > didnt found something in the archive, dont hit me if im to silly to > search ;) > > > greetings andy > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Tue Feb 1 11:22:20 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:28:23 2006 Subject: AW: blacklist does not work Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] ahh, damn it .. thanks a lot, ive done the "yes" option inside whitelist and forgoten inside blacklist shame over me, sometimes using my brain and eyes will help .. ;) greetings andy p.s. wish you a nice trip julian, come back savely >-----Ursprüngliche Nachricht----- >Von: Julian Field [mailto:MailScanner@ECS.SOTON.AC.UK] >Gesendet: Dienstag, 1. Februar 2005 12:13 >An: MAILSCANNER@JISCMAIL.AC.UK >Betreff: Re: blacklist does not work > > >Dörfler Andreas wrote: > >>hello, >> >>think i´ve done right but the blacklist does not work for me ?!? >> >>inside MailScanner.conf: >>Is Definitely Spam = %rules-dir%/spam.blacklist.rules >> >>/etc/MailScanner/rules >>-rw-r--r-- 1 root root 518 Feb 1 11:42 spam.blacklist.rules >>-rw-r--r-- 1 root root 1106 Feb 1 10:22 spam.whitelist.rules >> >>spam.blacklist.rules: >>To: spam@host.domain12345.de >>From: andreas@domain135.de >> >>host.domain12345.de is the mailscanner host, the other is my personal >>mail. >> >>nothing will be blocked and im sure the one setting in ms conf is >>enough, or not ? >> >>didnt found something in the archive, dont hit me if im to silly to >>search >>;) >> >> >Don't worry, we all (except me, I guess :-) had to start >somewhere. You >nearly have the syntax right, but you have missed the "yes" >off the end >of each line. >To: spam@host.domain12345.de yes >From: andreas@domain135.de yes >As for any matching rule, that value you want to return to "Is >Definitely Spam" is the answer "yes". >Make those changes, then "service MailScanner reload" if you >are running >most Linuxes. > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list >------------------------ To unsubscribe, email >jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in >the body of the email. Before posting, read the MAQ >(http://www.mailscanner.biz/maq/) and the archives >(http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at BARENDSE.TO Tue Feb 1 11:43:35 2005 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:28:23 2006 Subject: SpamAss. 3.0.2 upgrade? Message-ID: Afraid not (or luckily not). I redirected the output and diffed it, no differences at all. Could I have a double copy of spamass? On Tue, 1 Feb 2005, Julian Field wrote: > I would say you have 2 copies of perl installed. One in /usr/bin/perl > and one in another directory which is earlier on your $PATH than > /usr/bin. You will get in *such* a mess if you have multiple copies of > Perl, particularly if your $PATH is set wrong. > > Do > > /usr/bin/perl -V > and > perl -V > > and you will probably get different output. > > Remco Barendse wrote: > >> I downloaded and installed the latest tarball for install-SA-clamav which >> includes SA 3.0.2. >> >> I ran the install script but I get this : >> >> Oh good, module Mail::SpamAssassin version 3.0.2 is already installed. >> >> [root@gw install-Clam-SA]# spamassassin --version >> SpamAssassin version 3.0.1 >> >> Guess this is not correct? >> >> Cheers! >> Remco >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at BARENDSE.TO Tue Feb 1 11:51:32 2005 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:28:23 2006 Subject: Updating the reports in all languages all in one go? Message-ID: Does anyone have a neat script to upgrade all the stuff in /etc/MailScanner/reports ? I forgot to nuke that directory before upgrading MS and I'm now stuck with dozens of .rpmnew files. Another question to that (albeit an unpopular question probably) is it possible to remove the last two lines from the reports (with the transtec message) other than doing it by hand? My boss would like to see it removed. Thanks! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Feb 1 12:05:14 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:23 2006 Subject: Updating the reports in all languages all in one go? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] The only file that *has* to be upgraded is languages.conf. Type "upgrade_languages_conf" and you will find help :-) The other files don't need upgrading if you are happy with their current contents, and have customised them to your site. Remco Barendse wrote: > Does anyone have a neat script to upgrade all the stuff in > /etc/MailScanner/reports ? > > I forgot to nuke that directory before upgrading MS and I'm now stuck > with > dozens of .rpmnew files. > > Another question to that (albeit an unpopular question probably) is it > possible to remove the last two lines from the reports (with the transtec > message) other than doing it by hand? My boss would like to see it > removed. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From carinus.carelse at MRC.AC.ZA Tue Feb 1 12:41:14 2005 From: carinus.carelse at MRC.AC.ZA (Carinus Carelse) Date: Thu Jan 12 21:28:23 2006 Subject: Whitelisting not working for any messages. Message-ID: I have checked for both my rules and with both of them i still get logs that are scanning the messages and it is still marking messages as spam. I checked the X-MailScanner-From Header and it is the same as the first rule how can I debug this or where do I start. My whitelist rules are as follows : From: *@domain.com yes From: *@*.domain.com yes To: *@domain1.com yes Carinus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From carinus.carelse at MRC.AC.ZA Tue Feb 1 12:51:57 2005 From: carinus.carelse at MRC.AC.ZA (Carinus Carelse) Date: Thu Jan 12 21:28:23 2006 Subject: Whitelisting? Should i add the same to spamassassin.prefs file? Message-ID: Should I be adding the whitelist info to the spamassassin.prefs file as well or does it filter through if I put it in the mailscanner config. Carinus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From carinus.carelse at MRC.AC.ZA Tue Feb 1 13:20:55 2005 From: carinus.carelse at MRC.AC.ZA (Carinus Carelse) Date: Thu Jan 12 21:28:23 2006 Subject: Whitelisting? & autowhitelisting Message-ID: if I have autowhitelisting enabled does this affect manual whitelisting and how. Carinus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Tue Feb 1 13:27:50 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:28:23 2006 Subject: Why does MailScanner not like my Football club? Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Julian, Sorry I meant to add the email to theis There was no AttachmentWarning.txt with this e-mail but here is the text The following e-mails were found to have: Other Bad Content Detected Sender: v-eoako_bhbcbgca_flnedh_a@bounce3.rm04.net IP Address: 129.41.69.95 Recipient: lance@haigmail.com Subject: Spurs News Online MessageID: j0VGb2uh031337 Report: MailScanner: Found dangerous Object Codebase/Data tag in HTML message Full headers are: Return-Path: <^Ág> Received: from mail09.rm04.net (mail09.rm04.net [129.41.69.95]) by mailhost.haigmail.com (8.12.10/8.12.10/SuSE Linux 0.7) with ESMTP id j0VGb2uh031337 for ; Mon, 31 Jan 2005 16:37:03 GMT Received: by mail09.rm04.net id hvpf08064o0a; Mon, 31 Jan 2005 11:34:02 -0500 (envelope-from ) Message-ID: <3571584.1107189242895.JavaMail.root@mailgen02.atlp1> Date: Mon, 31 Jan 2005 11:34:02 -0500 (EST) From: "newsletter@spurs" Reply-To: spurs@adm02.com To: lance@haigmail.com Subject: Spurs News Online Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_6784_19393517.1107189052596" -- RedArmourLTD Email Virus Scanner www.RedArmour.co.uk Julian Field wrote: > You are going to have to give us a lot more information than that. There > should be an AttachmentWarning.txt attachment in the message. What does > that say? > > Lance Haig wrote: > >> Hi, >> >> I have mail I recieve from a football club mailing list and it is >> stopped under the "Other Bad Content Detected" >> >> I am not sure if Julian has something against "Spurs" :-) >> >> Anyway why would a message be marked as "Other Bad Content Detected" >> and can I stop it being blocked? >> >> Thanks again >> >> Lance >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Feb 1 13:55:02 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:23 2006 Subject: Whitelisting not working for any messages. Message-ID: Hi I presume you've restarted MS after editing the rule files? You can debug by modifying the 'Debug' setting in MailScanner.conf, stoping MailScanner and running checkmailscanner. This will give you a dump to the screen of what it's doing. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Carinus Carelse wrote: > I have checked for both my rules and with both of them i still get logs that > are scanning the messages and it is still marking messages as spam. I > checked the X-MailScanner-From Header and it is the same as the first rule > how can I debug this or where do I start. > My whitelist rules are as follows : > > From: *@domain.com yes > From: *@*.domain.com yes > To: *@domain1.com yes > > Carinus > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Tue Feb 1 14:07:00 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:28:23 2006 Subject: Why does MailScanner not like my Football club? Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Lance Haig > Sent: Tuesday, February 01, 2005 8:28 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Why does MailScanner not like my Football club? > > Hi Julian, > > Sorry I meant to add the email to theis > > There was no AttachmentWarning.txt with this e-mail but here is the text > > The following e-mails were found to have: Other Bad Content Detected > > Sender: v-eoako_bhbcbgca_flnedh_a@bounce3.rm04.net > IP Address: 129.41.69.95 > Recipient: lance@haigmail.com > Subject: Spurs News Online > MessageID: j0VGb2uh031337 > Report: MailScanner: Found dangerous Object Codebase/Data tag in HTML > message > In MailScanner.conf, you can set: Allow Object Codebase Tags = disarm (safer) or Allow Object Codebase Tags = yes (not so safe) Or to a ruleset that allows email from the football club :) Steve Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com -- This message has been scanned for viruses and dangerous content by The MailScanner at Fortress Systems Ltd., www.fsl.com, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From carinus.carelse at MRC.AC.ZA Tue Feb 1 14:12:59 2005 From: carinus.carelse at MRC.AC.ZA (Carinus Carelse) Date: Thu Jan 12 21:28:23 2006 Subject: Whitelisting not working for any messages. Message-ID: Ok sorry my stupidity got the best of me it is working and working well sorry about that. carinus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Feb 1 14:26:51 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:28:23 2006 Subject: Volunteers to convert FAQ to a Wiki? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > If I were to install a Wiki on the MailScanner site, would someone (or > several of you) be prepared to take on the job of converting the current > FAQ-o-matic to a Wiki? > > It's basically a cut and paste job. It's the content that matters, not > precisely who created the FAQ addition. > > Any volunteers please? I could probably offer some of my time. > > I can get a Wiki set up pretty quickly if you are prepared to do it. I'm using DocuWiki, which is aimed at documentation, at the office. I'm migrating all my file-based documentation to this Wiki. Pretty neat. > > Thanks folks! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Tue Feb 1 15:17:59 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:28:23 2006 Subject: Archiving Question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, I'm archiving mail for all users on our mail server. Is the mail that is archived filtered mail or mail as it is received by the MTA? I'm wondering if the archived mail would be a good source of ham for training SpamAssassin. Thanks, Rod -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Feb 1 15:23:40 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:23 2006 Subject: Archiving Question Message-ID: Rodney archived email is as it was before MS scans it... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Rodney Green wrote: > Hello, > > I'm archiving mail for all users on our mail server. Is the mail that is > archived filtered mail or mail as it is received by the MTA? I'm > wondering if the archived mail would be a good source of ham for > training SpamAssassin. > > Thanks, > Rod > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Howard at HARPER-ADAMS.AC.UK Tue Feb 1 15:25:28 2005 From: Howard at HARPER-ADAMS.AC.UK (Howard Robinson) Date: Thu Jan 12 21:28:23 2006 Subject: Non Nested rules quiry Message-ID: Hello, I have 60 staff and students in China that keep having their emails coming into college marked as spam. They are using about 10 different domains. I want to allow emails from them to four specific staff members here without them being checked for spam. I though I had it sussed but Mailscanner protests when restarting with a syntax error in the rules file. What I have tried so far is:- In MailScanner.conf I have (with other blurb snipped and tabs for spacing) Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules In %rules-dir%/spam.whitelist.rules # note line wrapped To: usera@harper-adams.ac.uk /etc/MailScanner/rules/chinaemail.rules.list FromOrTo: default no In /etc/MailScanner/rules/chinaemail.rules.list I have From: userz@domain1 yes From: usery@domain2 yes From: userx@domain1 yes FromOrTo: default no My idea was that only if it were for usera would mailscanner need to look at the from address however in the book (p309) it says that rules can't be nested other than files full address patterns. However p304 option 14 looks to me to contradict this. Have I got this wrong? Regards Howard Robinson (Senior Technical Development Officer) Harper Adams University College Edgmond Newport Shropshire TF10 8NB UK E-mail: hrobinson@harper-adams.ac.uk Tel. : +44(0)1952 820280 Via switchboard : +44(0)1952 815253 Direct line Fax. : +44(0)1952 814783 College Web site http://www.harper-adams.ac.uk From MailScanner at ecs.soton.ac.uk Tue Feb 1 15:26:06 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:23 2006 Subject: Archiving Question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] unless it's the spam or mcp archive, at which point the "Keep Spam And MCP Archive Clean" setting comes into effect. Martin Hepworth wrote: > Rodney > > archived email is as it was before MS scans it... > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Rodney Green wrote: > >> Hello, >> >> I'm archiving mail for all users on our mail server. Is the mail that is >> archived filtered mail or mail as it is received by the MTA? I'm >> wondering if the archived mail would be a good source of ham for >> training SpamAssassin. >> >> Thanks, >> Rod >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vinet138 at YAHOO.COM Tue Feb 1 15:22:52 2005 From: vinet138 at YAHOO.COM (Bill Smith) Date: Thu Jan 12 21:28:23 2006 Subject: MScanner Disaster Recovery Message-ID: Hi Folks, Does anyone know the best way for disaster recovery MScanner? Any advice would be appreciated. Bill ________________________________________________________________________________ Do you Yahoo!? All your favorites on one personal page ^Ö Try My Yahoo! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From carinus.carelse at MRC.AC.ZA Tue Feb 1 15:32:58 2005 From: carinus.carelse at MRC.AC.ZA (Carinus Carelse) Date: Thu Jan 12 21:28:23 2006 Subject: MailWatch Query Message-ID: I am again faced with the same problem i had before. I am running two copies of MailScanner with two seperate configs which works wonderfully well. i have set up two different databases for the loggin using mailwatch. I now have both copies running the new version but it only logs everything to one database. It does not even create the one debug file but seems to proxy all of the info through one connection which is the one that started up first. Can anyone maybe help me with this problem. It worked well in version 4.27 until the new version 4.3 came out I happily ran both logging to seperate databases and have seperate web stats. Any help is appreciated. Carinus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From billy at PLANETGEEK.BIZ Tue Feb 1 15:42:49 2005 From: billy at PLANETGEEK.BIZ (Billy Pumphrey) Date: Thu Jan 12 21:28:23 2006 Subject: OT Taking care of mail errors and dnsreport.com Message-ID: I don't know where to get better help, so I am hoping that someone can shoot an answer to these problems. I got digging and it looks like I do not have the best setup. Here is my basic setup: Mailscanner is the gateway between the internet and my MS Exchange server. MailScanner running RulesDeJour, SpamAssassin, and Sophos. Linux release 9, Kernel 2.4.20-8. Spamassassin version 2.61 MailScanner version 4.25-14 http://www.dnsreport.com/tools/dnsreport.ch?domain=woodmaclaw.com I believe that these errors are coming from my mailscanner machine name mailscanner.woodmaclaw.local. I do not know how to configure sendmail to accept the postmaster address for example. All of those warnings and errors in that report I would guess would be a good idea to get fixed? What started me on this and what I really need to get fixed is there is a domain that is having problems with emails getting to my mailserver. From ds at CARIBENET.COM Tue Feb 1 15:44:28 2005 From: ds at CARIBENET.COM (Dirk Enrique Seiffert) Date: Thu Jan 12 21:28:23 2006 Subject: High CPU load, RCPT TO: Message-ID: Hello, I can't tell if this is a sendmail or a MailScanner problem: Certain mails are causing a loop, making sendmail consume 99% of the CPU load. I have to manually restart MailScanner. What they have in common: 1) Recipients don't exist 2) RCPT TO: root 25608 74.3 0.5 8572 2556 ? R 09:55 29:11 sendmail: j11EtSBe025608 218.45.73.183.eo.eaccess.ne.jp [218.45.73.183]: RCPT TO: logs show soemthing like: Feb 1 09:55:32 ctg sendmail-in[25608]: j11EtSBe025608: ... User unknown Feb 1 09:55:32 ctg sendmail-in[25608]: j11EtSBe025608: ... User unknown Feb 1 09:55:33 ctg sendmail-in[25608]: j11EtSBe025608: ... User unknown Feb 1 09:55:34 ctg sendmail-in[25608]: j11EtSBe025608: ... User unknown Feb 1 09:55:35 ctg sendmail-in[25608]: j11EtSBe025608: ... User unknown Feb 1 09:55:36 ctg sendmail-in[25608]: j11EtSBe025608: ... User unknown Feb 1 09:55:36 ctg sendmail-in[25608]: j11EtSBe025608: ... User unknown Feb 1 09:55:37 ctg sendmail-in[25608]: j11EtSBe025608: ... User unknown SuSE 9.2, mailscanner-4.36.4-1, perl-spamassassin-3.0.0-3 spamassassin-3.0.0-3 sendmail-8.13.1-5 Does anybody know this problem or a solution? Thanks Enrique -- Dirk Enrique Seiffert CaribeNet S.A. - Cartagena - Colombia www.caribenet.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Feb 1 15:45:08 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:23 2006 Subject: MailWatch Query Message-ID: Carinus Not sure what exactly is happening here... Do you mean all the email is being handled by one machine rather being shared across the two? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Carinus Carelse wrote: > I am again faced with the same problem i had before. I am running two > copies of MailScanner with two seperate configs which works wonderfully > well. i have set up two different databases for the loggin using > mailwatch. I now have both copies running the new version but it only > logs everything to one database. It does not even create the one debug > file but seems to proxy all of the info through one connection which is > the one that started up first. Can anyone maybe help me with this > problem. It worked well in version 4.27 until the new version 4.3 came > out I happily ran both logging to seperate databases and have seperate > web stats. Any help is appreciated. > > Carinus > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Tue Feb 1 15:47:03 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:28:23 2006 Subject: Archiving Question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] What is the mcp archive? Not familiar with what mcp is. Thanks for your help guys, Rod Julian Field wrote: > unless it's the spam or mcp archive, at which point the "Keep Spam And > MCP Archive Clean" setting comes into effect. > > Martin Hepworth wrote: > >> Rodney >> >> archived email is as it was before MS scans it... >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >> Rodney Green wrote: >> >>> Hello, >>> >>> I'm archiving mail for all users on our mail server. Is the mail that is >>> archived filtered mail or mail as it is received by the MTA? I'm >>> wondering if the archived mail would be a good source of ham for >>> training SpamAssassin. >>> >>> Thanks, >>> Rod >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> >> >> ********************************************************************** >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please notify >> the system manager. >> >> This footnote confirms that this email message has been swept >> for the presence of computer viruses and is believed to be clean. >> >> ********************************************************************** >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Rodney Green Network/Security Administrator Trayer Products, Inc. E-Mail: rgreen@trayerproducts.com Phone: 607-734-8124 Ext. 343 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Feb 1 15:52:28 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:23 2006 Subject: Archiving Question Message-ID: Message Content Protection It allows you to define bad words/phrases etc so you can (for example) block profanity. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Rodney Green wrote: > What is the mcp archive? Not familiar with what mcp is. > > Thanks for your help guys, > Rod > > Julian Field wrote: > >> unless it's the spam or mcp archive, at which point the "Keep Spam And >> MCP Archive Clean" setting comes into effect. >> >> Martin Hepworth wrote: >> >>> Rodney >>> >>> archived email is as it was before MS scans it... >>> >>> -- >>> Martin Hepworth >>> Snr Systems Administrator >>> Solid State Logic >>> Tel: +44 (0)1865 842300 >>> >>> >>> Rodney Green wrote: >>> >>>> Hello, >>>> >>>> I'm archiving mail for all users on our mail server. Is the mail >>>> that is >>>> archived filtered mail or mail as it is received by the MTA? I'm >>>> wondering if the archived mail would be a good source of ham for >>>> training SpamAssassin. >>>> >>>> Thanks, >>>> Rod >>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> >>> >>> >>> ********************************************************************** >>> >>> This email and any files transmitted with it are confidential and >>> intended solely for the use of the individual or entity to whom they >>> are addressed. If you have received this email in error please notify >>> the system manager. >>> >>> This footnote confirms that this email message has been swept >>> for the presence of computer viruses and is believed to be clean. >>> >>> ********************************************************************** >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Rodney Green > Network/Security Administrator > Trayer Products, Inc. > E-Mail: rgreen@trayerproducts.com > Phone: 607-734-8124 Ext. 343 > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Feb 1 15:53:20 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:23 2006 Subject: MScanner Disaster Recovery Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Bill backup settings, document settings, document rebuild from scratch. (Test and test retest) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Bill Smith wrote: > Hi Folks, > > Does anyone know the best way for disaster recovery MScanner? > > Any advice would be appreciated. > > Bill > > ------------------------------------------------------------------------ > Do you Yahoo!? > All your favorites on one personal page ^Ö Try My Yahoo! > ------------------------ MailScanner list > ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jwilliams at COURTESYMORTGAGE.COM Tue Feb 1 16:54:42 2005 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:28:23 2006 Subject: Question on upgrading ClamAV Message-ID: Hello everyone. Had a quick question on upgrading clamav on my mailscanner setup. My setup: FreeBSD 4.9 Sendmail 8.12.11 MailScanner 4.29 (Yes, I know it needs updating) :) I came in this morning and updated my clamav from 0.80 to 0.81. Everything appeared to have gone well. However, I know get a funny error when I try and run 'freshclam' to update my definitions. I get the following: Can't change dir to /usr/local/share/clamav Doing a little bit of work, I see that it is possibly looking in the wrong directory. It should be looking in: /usr/local/share/doc/clamav Now, I know this is clamav, but i was hoping some of the other FreeBSD users on this list might be able to shed some light on what the possible problem may be. I am going to jump over to www.clamav.net here, but there list is boogered up right now. Anyway, I was hoping somebody here may have an idea and could help me out. I appreciate the help. Cheers, Jason ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jwilliams at COURTESYMORTGAGE.COM Tue Feb 1 16:59:01 2005 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:28:23 2006 Subject: Question on upgrading ClamAV Message-ID: Nevermind. I think I figured it out. My freshclam.conf was pointing to the wrong DB location. Just to verify, the DB location should contain: daily.cvd main.cvd Just verifying. Cheers, Jaso >Can't change dir to /usr/local/share/clamav > >Doing a little bit of work, I see that it is possibly looking in the wrong >directory. It should be looking in: > >/usr/local/share/doc/clamav > >Now, I know this is clamav, but i was hoping some of the other FreeBSD ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Tue Feb 1 17:01:38 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:28:23 2006 Subject: Question on upgrading ClamAV Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Did the install change your conf files. Check your freshclam.conf, did it change? The default directory for the database is /var/lib/clamav. Jason Williams wrote: > Hello everyone. > > Had a quick question on upgrading clamav on my mailscanner setup. > My setup: > > FreeBSD 4.9 > Sendmail 8.12.11 > MailScanner 4.29 (Yes, I know it needs updating) :) > > I came in this morning and updated my clamav from 0.80 to 0.81. > Everything appeared to have gone well. However, I know get a funny error > when I try and run 'freshclam' to update my definitions. I get the > following: > > Can't change dir to /usr/local/share/clamav > > Doing a little bit of work, I see that it is possibly looking in the > wrong > directory. It should be looking in: > > /usr/local/share/doc/clamav > > Now, I know this is clamav, but i was hoping some of the other FreeBSD > users on this list might be able to shed some light on what the possible > problem may be. > > I am going to jump over to www.clamav.net here, but there list is > boogered > up right now. > > Anyway, I was hoping somebody here may have an idea and could help me > out. > > I appreciate the help. > > Cheers, > > Jason > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Ed Bruce Health Plan of Michigan Senior Programmer Phone: 248.226.1512 FAX: 248.204.6569 -- This message has been scanned for viruses and dangerous content by Secure Resource, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jwilliams at COURTESYMORTGAGE.COM Tue Feb 1 17:08:05 2005 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:28:23 2006 Subject: Question on upgrading ClamAV Message-ID: At 09:01 AM 2/1/2005, you wrote: >Did the install change your conf files. Check your freshclam.conf, did >it change? The default directory for the database is /var/lib/clamav. Yep. That was it. It changed the location of the DB files in freshclam.conf. Once I fixed that, it was fixed. Much appreciated. Cheers, Jason ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lars+lister.mailscanner at ADVENTURAS.NO Tue Feb 1 17:05:47 2005 From: lars+lister.mailscanner at ADVENTURAS.NO (Lars Kristiansen) Date: Thu Jan 12 21:28:23 2006 Subject: Question on upgrading ClamAV Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Hello everyone. > > Had a quick question on upgrading clamav on my mailscanner setup. > My setup: > > FreeBSD 4.9 > Sendmail 8.12.11 > MailScanner 4.29 (Yes, I know it needs updating) :) > > I came in this morning and updated my clamav from 0.80 to 0.81. > Everything appeared to have gone well. However, I know get a funny error > when I try and run 'freshclam' to update my definitions. I get the > following: > > Can't change dir to /usr/local/share/clamav a bit of advice from from /usr/ports/UPDATING: 20041222: AFFECTS: users of security/clamav, security/clamav-devel AUTHOR: jylefort@brutele.be The ClamAV database path has changed from /usr/local/share/clamav to /var/db/clamav. You should update the DatabaseDirectory keyword in /usr/local/etc/clamd.conf and /usr/local/etc/freshclam.conf. > > Doing a little bit of work, I see that it is possibly looking in the wrong > directory. It should be looking in: > > /usr/local/share/doc/clamav > > Now, I know this is clamav, but i was hoping some of the other FreeBSD > users on this list might be able to shed some light on what the possible > problem may be. > > I am going to jump over to www.clamav.net here, but there list is boogered > up right now. > > Anyway, I was hoping somebody here may have an idea and could help me out. > > I appreciate the help. > > Cheers, > > Jason > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jwilliams at COURTESYMORTGAGE.COM Tue Feb 1 17:11:29 2005 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:28:23 2006 Subject: Question on upgrading ClamAV Message-ID: At 09:05 AM 2/1/2005, you wrote: >a bit of advice from from /usr/ports/UPDATING: > >20041222: > AFFECTS: users of security/clamav, security/clamav-devel > AUTHOR: jylefort@brutele.be > > The ClamAV database path has changed from /usr/local/share/clamav to > /var/db/clamav. You should update the DatabaseDirectory keyword in > /usr/local/etc/clamd.conf and /usr/local/etc/freshclam.conf. Ya. I just saw that when I was flipping through the file. Don't I feel grand this morning. Thanks. Jason ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Tue Feb 1 17:21:42 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:28:23 2006 Subject: MScanner Disaster Recovery Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Bill Smith Sent: Tuesday, February 01, 2005 10:23 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: MScanner Disaster Recovery Hi Folks,   Does anyone know the best way for disaster recovery MScanner?   Any advice would be appreciated.   Bill ________________________________________ Easiest way is to setup 2 or more gateways with equal MX records where the total number of gateways - 1 will easily handle all of the load. Secondary Gateway(s) are synchronized manually using a combination of ssh / rsync /keychains after configuration changes are made to a primary gateway. With this configuration it's lose a gateway at 1:00 AM - fix it the next morning because email will still be delivered. Steve Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com ________________________________________ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Feb 1 17:25:13 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:23 2006 Subject: High CPU load, RCPT TO: Message-ID: At 10:44 AM 2/1/2005, Dirk Enrique Seiffert wrote: >I can't tell if this is a sendmail or a MailScanner problem: Certain mails are >causing a loop, making sendmail consume 99% of the CPU load. I have to >manually restart MailScanner. What they have in common: >1) Recipients don't exist >2) RCPT TO: > >root 25608 74.3 0.5 8572 2556 ? R 09:55 29:11 sendmail: >j11EtSBe025608 218.45.73.183.eo.eaccess.ne.jp [218.45.73.183]: RCPT TO: > > >logs show soemthing like: What makes you thing sendmail is looping? All the usernames are different.... Looks like a standard rumplestiltskin attack to me, where a spammer is just trying every name in a dictionary on your domain to see if they can discover new email addresses by brute-force. Most of us are sustaining these on a frequent basis now days, although generally in a distributed fashion instead of single source. If this is bogging down your CPU, perhaps you need to check into doing something to make username lookup lighter weight than it is (are you using milter-ahead or something of the sort?) You might also want to look at things like rumplekill http://bignosebird.com/notebook/rumplekill.shtml ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Tue Feb 1 18:06:31 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:23 2006 Subject: MScanner Disaster Recovery Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Stephen Swaney >Sent: 01 February 2005 17:22 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: MScanner Disaster Recovery > >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of Bill Smith >Sent: Tuesday, February 01, 2005 10:23 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: MScanner Disaster Recovery > >Hi Folks, >  >Does anyone know the best way for disaster recovery MScanner? >  >Any advice would be appreciated. >  >Bill >________________________________________ > >Easiest way is to setup 2 or more gateways with equal MX >records where the >total number of gateways - 1 will easily handle all of the load. > >Secondary Gateway(s) are synchronized manually using a >combination of ssh / >rsync /keychains after configuration changes are made to a >primary gateway. > >With this configuration it's lose a gateway at 1:00 AM - fix >it the next >morning because email will still be delivered. > >Steve >Steve Swaney >President >Fortress Systems Ltd. >www.fsl.com >steve.swaney@fsl.com In addition to the added resiliance that having two or more MailScanner gateways gives you, it also makes upgrades of OS and applications (MS, SA, etc) more straightforward. You can afford to have a mail gateway out of service for upgardes without impacting the overall service. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Feb 1 18:13:55 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:23 2006 Subject: High CPU load, RCPT TO: Message-ID: At 12:25 PM 2/1/2005, Matt Kettler wrote: >At 10:44 AM 2/1/2005, Dirk Enrique Seiffert wrote: > >I can't tell if this is a sendmail or a MailScanner problem: Certain > mails are > >causing a loop, making sendmail consume 99% of the CPU load. >What makes you thing sendmail is looping? All the usernames are >different.... Looks like a standard rumplestiltskin attack to me, where a >spammer is just trying every name in a dictionary on your domain to see if >they can discover new email addresses by brute-force. Oh yes, and one more thing.. you might want to add this to your sendmail.mc: #after 15 invalid recpipients, start slowing them down with #1 second sleeps define(`confBAD_RCPT_THROTTLE',15) Then rebuild your sendmail.cf and do a service MailScanner restart. That option will save you a lot of CPU overhead in the event of a rumple attack, and also slow down the attacker. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joey at JOESMITH.NET Tue Feb 1 18:21:14 2005 From: joey at JOESMITH.NET (Joe Smith) Date: Thu Jan 12 21:28:23 2006 Subject: MScanner Disaster Recovery Message-ID: On Tue, 1 Feb 2005, Stephen Swaney wrote: > With this configuration it's lose a gateway at 1:00 AM - fix it the next > morning because email will still be delivered. What about when the gateway that goes down also handles the POP3 accounts? I know about the only way to provide a secondary lookup for a POP3 server is via DNS somehow, and this could have way too much lag time. I was thinking about this then I thought about having users setup 2 identical accounts in LookOut Express, except they go to different servers on different networks. So if mail ends up on MX1 it stays there for pickup, and if it ends up on MX2 it stays there for pickup. If MX1 or MX2 goes down then users will still get their mail, they will just get a warning messages about which host is down. A little user training would have to be done. Any thoughts or chinks in my armor or does someone have a better plan? Thanks. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Tue Feb 1 18:31:32 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:28:23 2006 Subject: OT Taking care of mail errors and dnsreport.com Message-ID: Billy Pumphrey wrote: > I don't know where to get better help, so I am hoping that someone > can shoot an answer to these problems. I got digging and it looks > like I do not have the best setup. > > Here is my basic setup: > Mailscanner is the gateway between the internet and my MS Exchange > server. MailScanner running RulesDeJour, SpamAssassin, and Sophos. > Linux release 9, Kernel 2.4.20-8. > Spamassassin version 2.61 > MailScanner version 4.25-14 > > http://www.dnsreport.com/tools/dnsreport.ch?domain=woodmaclaw.com > > I believe that these errors are coming from my mailscanner machine > name mailscanner.woodmaclaw.local. I do not know how to configure > sendmail to accept the postmaster address for example. All of those > warnings and errors in that report I would guess would be a good idea > to get fixed? > > What started me on this and what I really need to get fixed is there > is a domain that is having problems with emails getting to my > mailserver. > From houseinvestments.com. Error like this are coming = 550 5.7.1 we > do not relay. > > I havce searched and searched on this error and tried to see what the > problem is on the exchange server. I cannot find what the problem is. > Any help on getting these errors taken care of is greatly appreciated. I'm not a sendmail guru by any stretch. Probably even more clueless than most , but I'll chime in anyway. Keeps me humble. What do you have in your alias file in /etc/sendmail? I have a line that says: postmaster: root (use a tab ot separate the above entries) My MailScanner box is just a gateway so I also added a .forward file in /root which contains the address to forward to on our internal mail server. It may be as simple as changing the name of the server to .com instead of .local though. If that's not in the cards, then I'd look at using mailertable to define what hosts you forward mail to. Without knowing your network layout, I'd offer this: The internet facing machine should be named mail.woodmaclaw.com, and if it just accepts and forwards mail to an internal host it should have entries in the relay-domain file for what domains it will accept for and in the mailertable for where to send them. At least that's how I'm set up and it works for me. Hope this helps... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Tue Feb 1 18:48:36 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:23 2006 Subject: Question on upgrading ClamAV Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jason Williams wrote: > At 09:05 AM 2/1/2005, you wrote: > >> a bit of advice from from /usr/ports/UPDATING: >> >> 20041222: >> AFFECTS: users of security/clamav, security/clamav-devel >> AUTHOR: jylefort@brutele.be >> >> The ClamAV database path has changed from /usr/local/share/clamav to >> /var/db/clamav. You should update the DatabaseDirectory keyword in >> /usr/local/etc/clamd.conf and /usr/local/etc/freshclam.conf. > > > Ya. I just saw that when I was flipping through the file. > Don't I feel grand this morning. Don't be too hard on yourself, I missed it too :-( Don't forget to change MailScanner.conf if you are using the ClamAV perl module to reflect the new db location Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Feb 1 18:55:06 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:23 2006 Subject: Volunteers to convert FAQ to a Wiki? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo, Would it be possible for you to look after this while I'm away please? There have been a few volunteers to port the content, but it needs someone in over-all control to set the structure of it. Hopefully it's actually a very quick job, just lots of cutting and pasting. Is this okay? Many thanks! Jules. Ugo Bellavance wrote: > Julian Field wrote: > >> If I were to install a Wiki on the MailScanner site, would someone (or >> several of you) be prepared to take on the job of converting the current >> FAQ-o-matic to a Wiki? >> >> It's basically a cut and paste job. It's the content that matters, not >> precisely who created the FAQ addition. >> >> Any volunteers please? > > > I could probably offer some of my time. > >> >> I can get a Wiki set up pretty quickly if you are prepared to do it. > > > I'm using DocuWiki, which is aimed at documentation, at the office. I'm > migrating all my file-based documentation to this Wiki. Pretty neat. > >> >> Thanks folks! >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ds at CARIBENET.COM Tue Feb 1 19:27:55 2005 From: ds at CARIBENET.COM (Dirk Enrique Seiffert) Date: Thu Jan 12 21:28:23 2006 Subject: High CPU load, RCPT TO: Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > What makes you thing sendmail is looping? All the usernames are > different.... Looks like a standard rumplestiltskin attack to me, where a > spammer is just trying every name in a dictionary on your domain to see if > they can discover new email addresses by brute-force. Most of us are > sustaining these on a frequent basis now days, although generally in a > distributed fashion instead of single source. I get lots of them, no idea why it has to be me: Its a simple mailserver for a small domain. We are relaying to maybe 1500 mails per day, not more. Since a few weeks these attacks started, I get them every few minutes. > > If this is bogging down your CPU, perhaps you need to check into doing > something to make username lookup lighter weight than it is (are you using > milter-ahead or something of the sort?) Nothing like that: Users are local unix users. > > You might also want to look at things like rumplekill > > http://bignosebird.com/notebook/rumplekill.shtml This looks good and straightforward: I installed already, will let you know if it helps. Thanks a lot Enrique > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Dirk Enrique Seiffert CaribeNet S.A. - Cartagena - Colombia www.caribenet.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Feb 1 20:03:28 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:23 2006 Subject: High CPU load, RCPT TO: Message-ID: At 02:27 PM 2/1/2005, Dirk Enrique Seiffert wrote: >I get lots of them, no idea why it has to be me: Its a simple mailserver for a >small domain. We are relaying to maybe 1500 mails per day, not more. Since a >few weeks these attacks started, I get them every few minutes. It's no just you, it's *everybody*. Spammers and worms are doing a LOT of address guessing these days. Everyone on this list sees this kind of garbage hitting their servers every day. I do not know of any servers that are not being attacked with rumplestiltskin attacks. My server, with very similar mail profile, has been under a continuous barrage rumplestiltskin attacks since some time late in the day on July 8, 2004. I've never felt any pain from it, because I had BAD_RCPT_THROTTLE in place long before the attacks started. Even with BAD_RCPT_THROTTLE , MAX_RCPTS_PER_MSG, and CONNECTION_RATE_THROTTLE, I'm still getting thousands of User unknown's per day. The big difference here is that I'm seeing is that most of my rumples are coming from a wide variety of IPs and connections, instead of all from the same connection.. This limits the rate somewhat, but should they have tried the method they are hitting you with on my server, the throttle will kick in. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From garry at GLENDOWN.DE Tue Feb 1 20:34:03 2005 From: garry at GLENDOWN.DE (Garry Glendown) Date: Thu Jan 12 21:28:23 2006 Subject: MScanner Disaster Recovery Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Joe Smith wrote: > On Tue, 1 Feb 2005, Stephen Swaney wrote: > > >>With this configuration it's lose a gateway at 1:00 AM - fix it the next >>morning because email will still be delivered. > > > What about when the gateway that goes down also handles the POP3 accounts? > I know about the only way to provide a secondary lookup for a POP3 server > is via DNS somehow, and this could have way too much lag time. > > I was thinking about this then I thought about having users setup 2 > identical accounts in LookOut Express, except they go to different servers > on different networks. > > So if mail ends up on MX1 it stays there for pickup, and if it ends up on > MX2 it stays there for pickup. If MX1 or MX2 goes down then users will > still get their mail, they will just get a warning messages about which > host is down. A little user training would have to be done. > > Any thoughts or chinks in my armor or does someone have a better plan? The only way to fix this would be do set up some kind of cluster that uses a central storage e.g. with Cyrus Imap and then a failover between the two machines (or a load balancer in front of it). We tried several approaches for our company and ended up getting a SAN set up for all high availability applications like POP or Webservers ... (please note: MS will NOT need this, as a simple round-robin will do nicely ...) -garry ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From isi at DAGGERSDEN.NET Tue Feb 1 20:45:36 2005 From: isi at DAGGERSDEN.NET (Isi Lawson) Date: Thu Jan 12 21:28:24 2006 Subject: Messages received and processed, but not being delivered Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello All, I have found a problem that I could find no details about on the maillist. Perhaps it is new. I have had a working installation of MailScanner for about 6 months now. Last night I added a ruleset that broke my installation. Backing out the ruleset allow it to work normally again. I am looking for some insight on 2 things: 1) my does this not work. 2) how can i get my mail back. Here is what happened. I modified this setting (/etc/MailScanner.conf) From: Non Spam Actions = deliver To: Non Spam Actions = /etc/MailScanner/rules/nonspam.action.rules I then added this file containing the rules (/etc/MailScanner/rules/nonspam.action.rules) # domain1.net FromOrTo: *@domain1.net deliver # domain2.com FromOrTo: *@domain2.com deliver # domain3.net FromOrTo: *@domain3.net deliver # Default Configuration FromOrTo: Default deliver I restart mailscanner (service MailScanner restart) and everything looks like it comes up in correctly in the logs /var/log/maillog. Jan 31 22:43:16 abaddon postfix/postfix-script: starting the Postfix mail system Jan 31 22:43:16 abaddon postfix/master[9080]: daemon started -- version 2.1.5 Jan 31 22:43:16 abaddon postfix/postfix-script: fatal: the Postfix mail system is already running Jan 31 22:43:17 abaddon MailScanner[9104]: MailScanner E-Mail Virus Scanner version 4.37.7 starting... Jan 31 22:43:17 abaddon MailScanner[9104]: Config: calling custom init function MailWatchLogging Jan 31 22:43:17 abaddon MailScanner[9104]: Started SQL Logging child Jan 31 22:43:18 abaddon MailScanner[9104]: Enabling SpamAssassin auto-whitelist functionality... Jan 31 22:43:20 abaddon MailScanner[9104]: Using locktype = flock When i send a message through i also see normal logs: /var/log/maillog Jan 31 23:52:49 abaddon postfix/smtpd[2112]: connect from web13806.mail.yahoo.com[216.136.175.16] Jan 31 23:52:49 abaddon postfix/smtpd[2112]: 874353800082: client=web13806.mail.yahoo.com[216.136.175.16] Jan 31 23:52:49 abaddon postfix/cleanup[2114]: 874353800082: hold: header Received: from web13806.mail.yahoo.com (web13806.mail.yahoo. com [216.136.175.16])??by smtp01.purecomputing.net (Postfix) with SMTP id 874353800082??for ; Mon, 31 Jan 2005 23: 52:49 from web13806.mail.yahoo.com[216.136.175.16]; from= to= proto=SMTP helo= Jan 31 23:52:49 abaddon postfix/cleanup[2114]: 874353800082: hold: header Received: (qmail 17030 invoked by uid 60001); 1 Feb 2005 04: 52:48 -0000 from web13806.mail.yahoo.com[216.136.175.16]; from= to= proto=SMTP helo= Jan 31 23:52:49 abaddon postfix/cleanup[2114]: 874353800082: message-id=<20050201045248.17028.qmail@web13806.mail.yahoo.com> Jan 31 23:52:49 abaddon postfix/cleanup[2114]: 874353800082: hold: header Received: from [68.158.37.209] by web13806.mail.yahoo.com vi a HTTP; Mon, 31 Jan 2005 20:52:48 PST from web13806.mail.yahoo.com[216.136.175.16]; from= to= proto=SMTP helo= Jan 31 23:52:49 abaddon postfix/smtpd[2112]: disconnect from web13806.mail.yahoo.com[216.136.175.16] Jan 31 23:52:51 abaddon MailScanner[2019]: New Batch: Scanning 1 messages, 1480 bytes Jan 31 23:52:52 abaddon MailScanner[2019]: Virus and Content Scanning: Starting Jan 31 23:52:54 abaddon MailScanner[2019]: Logging message 874353800082.53026 to SQL And the transaction ends right there. There is no more activity until i send another test message. What i see is the message come in normally, get processed by mailscanner but never get put back on the outgoing queue so that postfix can send it. After much troubleshooting (i didn't correlate the rule addition with this problem) I decided to remove the Non Spam rule in MailScanner.conf and restarted. Everything started working just fine. I have it working not but would like to know how to get the ruleset work properly for Non Spam Actions and secondly how to recover my messages that I can see came in (via the logs and mailwatch) but are not anywhere that i have found on the system. (thoughts) Hardware: P4 2.4, 512Meg, 1x60gig, 1x100Mbit Software: Redhat 9, Postfix, Spamassassin, DCC, Pyzor, Razor, MailWatch RBLs: None in MTA, ORDB-RBL and SBL+XBL in MailScanner, None in SpamAssassin Virus Scanners: ClamAV, BitDefender Volume: ~500 messages/day ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Tue Feb 1 23:31:27 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:28:24 2006 Subject: Blantent plagerism... Message-ID: I'm building a new iteration of MailScanner on a faster box. A nice feature Julian's added is the %web-site% variable in the reports where we can send folks that have run afoul of our spam policies. Being a pragmatic and frugal sort (pronounced 'lazy sod') I was wondering if anybody had a page up that they wouldn't mind me plagerizing (with appropriate edits of course) and loading on our web server. TIA... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Wed Feb 2 00:51:15 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:28:24 2006 Subject: High CPU load, RCPT TO: Message-ID: Matt Kettler wrote: > At 02:27 PM 2/1/2005, Dirk Enrique Seiffert wrote: >> I get lots of them, no idea why it has to be me: Its a simple >> mailserver for a small domain. We are relaying to maybe 1500 mails >> per >> day, not more. Since a few weeks these attacks started, I get them >> every few minutes. > > It's no just you, it's *everybody*. > > Spammers and worms are doing a LOT of address guessing these days. > Everyone on this list sees this kind of garbage hitting their servers > every day. I do not know of any servers that are not being attacked > with rumplestiltskin attacks. > > My server, with very similar mail profile, has been under a > continuous barrage rumplestiltskin attacks since some time late in > the day on July 8, 2004. I've never felt any pain from it, because I > had BAD_RCPT_THROTTLE in place long before the attacks started. > > Even with BAD_RCPT_THROTTLE , MAX_RCPTS_PER_MSG, and > CONNECTION_RATE_THROTTLE, I'm still getting thousands of User > unknown's per day. > > The big difference here is that I'm seeing is that most of my rumples > are coming from a wide variety of IPs and connections, instead of all > from the same connection.. This limits the rate somewhat, but should > they have tried the method they are hitting you with on my server, > the throttle will kick in. > Another trend I notice in my logs is that forged spammer addresses are oddly similar even though the attempts come from various IP's around the world. For example: Feb 1 16:23:37 avwall2 sendmail[24323]: j11MNL3Q024323: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=c-66-176-253-242.se.client2.attbi.com [66.176.253.242] Feb 1 16:24:39 avwall2 sendmail[24500]: j11MOTiT024500: Milter: from=, reject=550 5.7.1 connection "CPE0008a122b198-CM000a739bc416.cpe.net.cable.rogers.com" blocked Feb 1 16:24:39 avwall2 sendmail[24500]: j11MOTiT024500: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=CPE0008a122b198-CM000a739bc416.cpe.net.cable.rogers.com [69.194.46.137] Feb 1 16:25:13 avwall2 sendmail[24566]: j11MP0FN024566: Milter: from=, reject=550 5.7.1 connection "ACD6AC8E.ipt.aol.com" blocked Feb 1 16:25:14 avwall2 sendmail[24566]: j11MP0FN024566: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=ACD6AC8E.ipt.aol.com [172.214.172.142] Feb 1 16:26:00 avwall2 sendmail[24732]: j11MPlfN024732: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=pcp559187pcs.rthfrd01.tn.comcast.net [68.52.102.111] Feb 1 16:26:42 avwall2 sendmail[24852]: j11MQTwf024852: Milter: from=, reject=550 5.7.1 connection "12-215-96-255.client.mchsi.com" blocked Feb 1 16:26:43 avwall2 sendmail[24852]: j11MQTwf024852: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=12-215-96-255.client.mchsi.com [12.215.96.255] Feb 1 16:28:17 avwall2 sendmail[25185]: j11MS5Sn025185: Milter: from=, reject=550 5.7.1 sender blocked Feb 1 16:28:17 avwall2 sendmail[25185]: j11MS5Sn025185: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=CPE-203-51-239-203.qld.bigpond.net.au [203.51.239.203] Feb 1 17:14:08 avwall2 milter-sender[1604]: 06355 j11NDv31001112: sender (0) cached, skipping Feb 1 17:14:08 avwall2 sendmail[1112]: j11NDv31001112: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=muedsl-82-207-223-151.citykom.de [82.207.223.151] Feb 1 17:16:52 avwall2 milter-sender[1604]: 06393 j11NGgMN001567: sender (0) cached, skipping Feb 1 17:16:52 avwall2 sendmail[1567]: j11NGgMN001567: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=adsl-68-72-85-49.dsl.chcgil.ameritech.net [68.72.85.49] Feb 1 17:17:16 avwall2 sendmail[1596]: j11NH0dw001596: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=morristown-68-118-99-14.chartertn.net [68.118.99.14] Feb 1 17:19:30 avwall2 sendmail[1894]: j11NJJtw001894: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=cs242231-3.houston.rr.com [24.242.231.3] Feb 1 17:19:52 avwall2 sendmail[1975]: j11NJcwP001975: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=cpe-66-67-134-209.rochester.res.rr.com [66.67.134.209] Feb 1 17:23:56 avwall2 sendmail[2650]: j11NNj7B002650: Milter: from=, reject=550 5.7.1 connection "c-24-19-188-76.client.comcast.net" blocked Feb 1 17:23:56 avwall2 sendmail[2650]: j11NNj7B002650: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=c-24-19-188-76.client.comcast.net [24.19.188.76] Feb 1 17:24:57 avwall2 sendmail[2818]: j11NOlmr002818: Milter: from=, reject=550 5.7.1 sender blocked Feb 1 17:24:57 avwall2 sendmail[2818]: j11NOlmr002818: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=cs7011422-167.satx.rr.com [70.114.22.167] Feb 1 17:25:13 avwall2 sendmail[2880]: j11NP2Lf002880: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=rdu26-233-130.nc.rr.com [66.26.233.130] Feb 1 17:25:51 avwall2 sendmail[3014]: j11NPZbi003014: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=adsl-67-37-236-140.dsl.chcgil.ameritech.net [67.37.236.140] Notice all the ernest*@ addresses? I also utilize the greet_pause feature of sendmail-8.13.x Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From carinus.carelse at MRC.AC.ZA Wed Feb 2 04:49:52 2005 From: carinus.carelse at MRC.AC.ZA (Carinus Carelse) Date: Thu Jan 12 21:28:24 2006 Subject: MailWatch Query Message-ID: No what seems to be happening is that I have two copies as of MailScanner running on the same box one scanning the internal queue and one scanning the external queue. I have set them both up to log to different mysql databases this was working very well but as soon as i take the MailScanner to the new version it seems to log everything to just the one database even though it has two different names and two different id's used for accessingit. I suspect that what is happening is that the MailScanners are doing is that they are coming up and the first one connects to the database and then the second MailScanner comes up and it's info is forced through the first connection as opposed to connecting to it's own database and logging there. Carinus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jim at SASHBOX.NET Wed Feb 2 04:50:24 2005 From: jim at SASHBOX.NET (Jim Barry) Date: Thu Jan 12 21:28:24 2006 Subject: Munged 'reports' Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Been seeing this type of thing often lately.... $longspamreport seems to give choppy/inaccurate reports... Most often when reporting things like spam scores and razor scores... Any ideas? SA 3.0.2 and MS 4.38.9-1 pts rule name description ---- ---------------------- -------------------------------------------------- 5.8 BAYES_99 BODY: Bayesian spam probability is 99 to 100 to 90 to 10% of HTML elements are non-standard 0.0 HTML_MESSAGE BODY: HTML included in message 2.4 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME parts ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From carinus.carelse at MRC.AC.ZA Wed Feb 2 04:59:17 2005 From: carinus.carelse at MRC.AC.ZA (Carinus Carelse) Date: Thu Jan 12 21:28:24 2006 Subject: Report Summary Message-ID: I wonder if anyone has seen a script that will scan the logs for the preovious day and extract a summary report of spam per user then email each user a list of what email addressess were trying to send spam to them. Carinus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Wed Feb 2 07:56:40 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:24 2006 Subject: MScanner Disaster Recovery Message-ID: >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Joe Smith >Sent: 01 February 2005 18:21 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: MScanner Disaster Recovery > >On Tue, 1 Feb 2005, Stephen Swaney wrote: > >> With this configuration it's lose a gateway at 1:00 AM - fix >it the next >> morning because email will still be delivered. > >What about when the gateway that goes down also handles the >POP3 accounts? >I know about the only way to provide a secondary lookup for a >POP3 server >is via DNS somehow, and this could have way too much lag time. > It is good system and security practice to maintain separation of function. Mail gateways/relays should not also be mailbox servers. These are separate functions often run by different parts of an organisation. For example at this university the central computing service (ISS) is responsible for the mail gateways of which we have 8, all with identical software and tables and running as equal value MX hosts for our domains. This is an easily scalable architecture and provides resiliance through redundancy. No user access is required to these relays. They act as the SMTP "firewall" for the site. They are simple to maintain and upgrade. Behind these the university runs many mailbox servers. Only some of these are run by the ISS. The rest are run by departments and projects. But _all_ mail servers must route their outgoing mail through the mail gateways (the SMTP firewalls). As implied above _all_ incoming mail to the site is also routed through the mail gateways (and hence through MS + SA + friends). I do acknowledge though that while it is easy to provide a resilient and scaleable mail gateway architecture it is rather more difficult to provide a scaleable and resilient mail server architecture. We have a number of stand-alone Unix-based POP & IMAP servers (and a few remaining Novel POP servers) but the most resilient and scaleable mail server architecture we run is that based around a cluster of Exchange servers running with automatic failover. This is not a cheap solution however! By keeping the mail relay machines separate from mail gateway machines we are free to evaluate many different mail server arhitectures and services, often running on operating systems different to that which runs on our mail gateways. A useful read is the UKERNA techical guide "Designing Reliable Mail Systems" - see http://www.ja.net/documents/tg_reliablemail.pdf. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vinet138 at YAHOO.COM Wed Feb 2 08:40:26 2005 From: vinet138 at YAHOO.COM (Bill Smith) Date: Thu Jan 12 21:28:24 2006 Subject: MScanner Disaster Recovery Message-ID: Thanks for all the input. Bill Quentin Campbell wrote: >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Stephen Swaney >Sent: 01 February 2005 17:22 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: MScanner Disaster Recovery > >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of Bill Smith >Sent: Tuesday, February 01, 2005 10:23 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: MScanner Disaster Recovery > >Hi Folks, > >Does anyone know the best way for disaster recovery MScanner? > >Any advice would be appreciated. > >Bill >________________________________________ > >Easiest way is to setup 2 or more gateways with equal MX >records where the >total number of gateways - 1 will ! easily handle all of the load. > >Secondary Gateway(s) are synchronized manually using a >combination of ssh / >rsync /keychains after configuration changes are made to a >primary gateway. > >With this configuration it's lose a gateway at 1:00 AM - fix >it the next >morning because email will still be delivered. > >Steve >Steve Swaney >President >Fortress Systems Ltd. >www.fsl.com >steve.swaney@fsl.com In addition to the added resiliance that having two or more MailScanner gateways gives you, it also makes upgrades of OS and applications (MS, SA, etc) more straightforward. You can afford to have a mail gateway out of service for upgardes without impacting the overall service. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ________________________________________________________________________________ Do you Yahoo!? Yahoo! Search presents - Jib Jab's 'Second Term' ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Feb 2 09:12:08 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:24 2006 Subject: Non Nested rules quiry Message-ID: Might it be the ".list" ending on %rules-dir%/chinaemail.rules.list that is giving you grief? IIRC rules files need end in .rule or .rules. -- Glenn -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Howard Robinson Sent: den 1 februari 2005 16:25 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Non Nested rules quiry Hello, I have 60 staff and students in China that keep having their emails coming into college marked as spam. They are using about 10 different domains. I want to allow emails from them to four specific staff members here without them being checked for spam. I though I had it sussed but Mailscanner protests when restarting with a syntax error in the rules file. What I have tried so far is:- In MailScanner.conf I have (with other blurb snipped and tabs for spacing) Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules In %rules-dir%/spam.whitelist.rules # note line wrapped To: usera@harper-adams.ac.uk /etc/MailScanner/rules/chinaemail.rules.list FromOrTo: default no In /etc/MailScanner/rules/chinaemail.rules.list I have From: userz@domain1 yes From: usery@domain2 yes From: userx@domain1 yes FromOrTo: default no My idea was that only if it were for usera would mailscanner need to look at the from address however in the book (p309) it says that rules can't be nested other than files full address patterns. However p304 option 14 looks to me to contradict this. Have I got this wrong? Regards Howard Robinson (Senior Technical Development Officer) Harper Adams University College Edgmond Newport Shropshire TF10 8NB UK E-mail: hrobinson@harper-adams.ac.uk Tel. : +44(0)1952 820280 Via switchboard : +44(0)1952 815253 Direct line Fax. : +44(0)1952 814783 College Web site http://www.harper-adams.ac.uk ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Feb 2 09:16:59 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:24 2006 Subject: MailWatch Query Message-ID: Carinus From memory (and it's worse every day :-) there's a few fun and games in getting two MS instances running on the same box. I'd make sure when you upgraded you made sure the MailWatch.pm require line in Custom.pm points to the full patch, or put it in the CustomFunctions dir and make sure the MailScanner.conf has the correct path for the CustomFunctions dir. Also please include at least some of thread you are replying to as we forget what the conversion is about.... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Carinus Carelse wrote: > No what seems to be happening is that I have two copies as of MailScanner > running on the same box one scanning the internal queue and one scanning the > external queue. I have set them both up to log to different mysql databases > this was working very well but as soon as i take the MailScanner to the new > version it seems to log everything to just the one database even though it > has two different names and two different id's used for accessingit. I > suspect that what is happening is that the MailScanners are doing is that > they are coming up and the first one connects to the database and then the > second MailScanner comes up and it's info is forced through the first > connection as opposed to connecting to it's own database and logging there. > > > Carinus > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Feb 2 09:22:35 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:24 2006 Subject: Messages received and processed, but not being delivered Message-ID: Isi try taking the blank lines out of the rule files. You can debug what is happening by stopping MS, changing the Debug statements to YES in MailScanner.conf and running checkmailscanner which will dump a load of instrumentation to the screen as MS runs.. If you haven't kept archive copies (or a store action in a ruleset) you haven't got the emails to reprocess. You might to turn on the archive action while you are testing all this..so you can reprocess the messages if you need to. I'd also move the RBL's in SA as if you have in MS they act a blacklist, not just adding to the spam score. Oh and turn off autowhitelist and the ALL_TRUSTED rule in spam.assassin.prefs.conf as well. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Isi Lawson wrote: > Hello All, > > I have found a problem that I could find no details about on the maillist. > Perhaps it is new. > > I have had a working installation of MailScanner for about 6 months now. > Last night I added a ruleset that broke my installation. Backing out the > ruleset allow it to work normally again. I am looking for some insight on > 2 things: > > 1) my does this not work. > 2) how can i get my mail back. > > Here is what happened. > > I modified this setting (/etc/MailScanner.conf) > From: > Non Spam Actions = deliver > > To: > Non Spam Actions = /etc/MailScanner/rules/nonspam.action.rules > > > I then added this file containing the rules > (/etc/MailScanner/rules/nonspam.action.rules) > > # domain1.net > FromOrTo: *@domain1.net deliver > > # domain2.com > FromOrTo: *@domain2.com deliver > > # domain3.net > FromOrTo: *@domain3.net deliver > > # Default Configuration > FromOrTo: Default deliver > > > I restart mailscanner (service MailScanner restart) and everything looks > like it comes up in correctly in the logs /var/log/maillog. > > Jan 31 22:43:16 abaddon postfix/postfix-script: starting the Postfix mail > system > Jan 31 22:43:16 abaddon postfix/master[9080]: daemon started -- version 2.1.5 > Jan 31 22:43:16 abaddon postfix/postfix-script: fatal: the Postfix mail > system is already running > Jan 31 22:43:17 abaddon MailScanner[9104]: MailScanner E-Mail Virus > Scanner version 4.37.7 starting... > Jan 31 22:43:17 abaddon MailScanner[9104]: Config: calling custom init > function MailWatchLogging > Jan 31 22:43:17 abaddon MailScanner[9104]: Started SQL Logging child > Jan 31 22:43:18 abaddon MailScanner[9104]: Enabling SpamAssassin > auto-whitelist functionality... > Jan 31 22:43:20 abaddon MailScanner[9104]: Using locktype = flock > > > When i send a message through i also see normal logs: /var/log/maillog > > Jan 31 23:52:49 abaddon postfix/smtpd[2112]: connect from > web13806.mail.yahoo.com[216.136.175.16] > Jan 31 23:52:49 abaddon postfix/smtpd[2112]: 874353800082: > client=web13806.mail.yahoo.com[216.136.175.16] > Jan 31 23:52:49 abaddon postfix/cleanup[2114]: 874353800082: hold: header > Received: from web13806.mail.yahoo.com (web13806.mail.yahoo. > com [216.136.175.16])??by smtp01.purecomputing.net (Postfix) with SMTP id > 874353800082??for ; Mon, 31 Jan 2005 23: > 52:49 from web13806.mail.yahoo.com[216.136.175.16]; > from= to= proto=SMTP > helo= yahoo.com> > Jan 31 23:52:49 abaddon postfix/cleanup[2114]: 874353800082: hold: header > Received: (qmail 17030 invoked by uid 60001); 1 Feb 2005 04: > 52:48 -0000 from web13806.mail.yahoo.com[216.136.175.16]; > from= to= proto=SMTP helo= mail.yahoo.com> > Jan 31 23:52:49 abaddon postfix/cleanup[2114]: 874353800082: > message-id=<20050201045248.17028.qmail@web13806.mail.yahoo.com> > Jan 31 23:52:49 abaddon postfix/cleanup[2114]: 874353800082: hold: header > Received: from [68.158.37.209] by web13806.mail.yahoo.com vi > a HTTP; Mon, 31 Jan 2005 20:52:48 PST from > web13806.mail.yahoo.com[216.136.175.16]; from= > to= > proto=SMTP helo= > Jan 31 23:52:49 abaddon postfix/smtpd[2112]: disconnect from > web13806.mail.yahoo.com[216.136.175.16] > Jan 31 23:52:51 abaddon MailScanner[2019]: New Batch: Scanning 1 messages, > 1480 bytes > Jan 31 23:52:52 abaddon MailScanner[2019]: Virus and Content Scanning: > Starting > Jan 31 23:52:54 abaddon MailScanner[2019]: Logging message > 874353800082.53026 to SQL > > And the transaction ends right there. There is no more activity until i > send another test message. What i see is the message come in normally, > get processed by mailscanner but never get put back on the outgoing queue > so that postfix can send it. > > After much troubleshooting (i didn't correlate the rule addition with this > problem) I decided to remove the Non Spam rule in MailScanner.conf and > restarted. Everything started working just fine. > > I have it working not but would like to know how to get the ruleset work > properly for Non Spam Actions and secondly how to recover my messages that > I can see came in (via the logs and mailwatch) but are not anywhere that i > have found on the system. (thoughts) > > Hardware: P4 2.4, 512Meg, 1x60gig, 1x100Mbit > Software: Redhat 9, Postfix, Spamassassin, DCC, Pyzor, Razor, MailWatch > RBLs: None in MTA, ORDB-RBL and SBL+XBL in MailScanner, None in SpamAssassin > Virus Scanners: ClamAV, BitDefender > Volume: ~500 messages/day > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Feb 2 09:24:59 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:24 2006 Subject: Report Summary Message-ID: Carinus Have a look at the quarantine report at http://www.fsl.com/support/QuarantineReport.tar.gz sound like just what you need. Only works with Exim or Sendmail MTA's though.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Carinus Carelse wrote: > I wonder if anyone has seen a script that will scan the logs for the preovious > day and extract a summary report of spam per user then email each user a list > of what email addressess were trying to send spam to them. > > > Carinus > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From carinus.carelse at MRC.AC.ZA Wed Feb 2 10:24:11 2005 From: carinus.carelse at MRC.AC.ZA (Carinus Carelse) Date: Thu Jan 12 21:28:24 2006 Subject: Report Summary Message-ID: I wonder how can i test this with out sending an email to everyone and just seeing what it does? The quarantine report I mean. Carinus Martin Hepworth wrote: > Carinus > > Have a look at the quarantine report at > http://www.fsl.com/support/QuarantineReport.tar.gz sound like just what > you need. Only works with Exim or Sendmail MTA's though.. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > Carinus Carelse wrote: > > I wonder if anyone has seen a script that will scan the logs for the preovious > > day and extract a summary report of spam per user then email each user a list > > of what email addressess were trying to send spam to them. > > > > > > Carinus > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dannyh at aac-services.co.uk Wed Feb 2 11:32:50 2005 From: dannyh at aac-services.co.uk (Dan Harris) Date: Thu Jan 12 21:28:24 2006 Subject: Kaspersky AV update failure caused MS to hang Message-ID: Hi, I had a situation at 13:15 GMT yesterday where failed update to my Kaspersky 5.0.2 installation caused MailScanner to hang without warning or error, the only hint of anything wrong being in the kavupdater.log file. I have "Virus Scanners = clamav bitdefender mcafee kaspersky-4.5" and "Virus Scanner Timeout = 300" in my MS config file. An initial restart of MS seemed to be going ok, doing the spam checks on the first batch of 30 messages before hanging again after the "Virus and Content Scanning: Starting" message. This was repeated several times before I spotted the correlation between the times of the hang and the failed KAV update. Removing KAV from the Virus Scanners list and restarting MS worked round the problem, and a later KAV update seems to have fixed it. So, I was wondering if: A) Has anyone else witnessed this behaviour, either with KAV or any other AV product? B) How aggressive is the Virus Scanner Timeout setting, and should it add an appropriate error message in the log file? By aggressive I mean does it pass this value to the AV scanner (if it supports it) and rely on that to behave, or does it actively try to kill the process after the timeout period? Next stop Kaspersky Labs support, as I've just noticed that they're now up to version 5.0.5! Best Regards, Dan Harris AAC Services Ltd. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brad at BECKENHAUER.COM Wed Feb 2 11:40:20 2005 From: brad at BECKENHAUER.COM (Brad Beckenhauer) Date: Thu Jan 12 21:28:24 2006 Subject: {Spam? 0.09} check_MailScanner.cron issue in v4.38.9 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I upgraded from 4.35.11 to 4.38.9 using the tar.gz last night. Everything went well during the upgrade, but this morning I noticed that the etc/cron/check_MailScanner.cron job was erroring and here is the exact error message: "/opt/MailScanner/bin/cron/check_MailScanner.cron: line 19: /opt/MailScanner/bin/check_MailScanner: No such file or directory" Here is what I found on my system: /opt/MailScanner/bin/cron/check_MailScanner.cron file references /opt/MailScanner/bin/check_MailScanner /opt/MailScanner/bin/check_MailScanner does not exist ( at least by that name). Solution (pay attention to the case of the file name): edit the /opt/MailScanner/bin/cron/check_MailScanner.cron file and change the filename case in line 19 from: /opt/MailScanner/bin/check_MailScanner to: /opt/MailScanner/bin/check_mailscanner that's all. Julian, Many, Many thanks for MailScanner I've been using MS since version 3.22-12 and have loved every minute of it. I've also bought the book, One of the "early releases" with the bad index, now a reference manual on my shelf. Can't wait to see this new product you've been hinting about the past week or so... A ruleset editor I heard mentioned. -Brad Everything should be as simple as possible but not one bit simpler - Albert Einstein ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Wed Feb 2 11:47:09 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:28:24 2006 Subject: {Spam? 0.09} check_MailScanner.cron issue in v4.38.9 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Brad Beckenhauer wrote: > Can't wait to see this new product you've been hinting about the past week or so... A ruleset editor I heard mentioned. > > -Brad > A ruleset editor already exists for quite some time.. http://msre.sourceforge.net/ - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From karen at PROJECTHARMONY.AM Wed Feb 2 12:24:16 2005 From: karen at PROJECTHARMONY.AM (Karen Mkoyan) Date: Thu Jan 12 21:28:24 2006 Subject: {Spam? 0.09} check_MailScanner.cron issue in v4.38.9 Message-ID: [ The following text is in the "koi8-r" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Just intalled the msre, pretty good tool, if you prefere editing files from web. Karen -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Dhawal Doshy Sent: 2 ĈĊ×ÒÁÌÑ 2005 Ç. 15:47 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: {Spam? 0.09} check_MailScanner.cron issue in v4.38.9 Brad Beckenhauer wrote: > Can't wait to see this new product you've been hinting about the past week or so... A ruleset editor I heard mentioned. > > -Brad > A ruleset editor already exists for quite some time.. http://msre.sourceforge.net/ - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Feb 2 13:56:36 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:24 2006 Subject: Munged 'reports' Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] And what do they look like when viewed in a fixed-pitch font in a wide enough window? Jim Barry wrote: >Been seeing this type of thing often lately.... > >$longspamreport seems to give choppy/inaccurate reports... Most often when >reporting things like spam scores and razor scores... > >Any ideas? > >SA 3.0.2 and MS 4.38.9-1 > > > pts rule name description >---- ---------------------- >-------------------------------------------------- > 5.8 BAYES_99 BODY: Bayesian spam probability is 99 to 100 >to 90 to >10% of HTML elements are non-standard > 0.0 HTML_MESSAGE BODY: HTML included in message > 2.4 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME parts > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Feb 2 13:58:28 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:24 2006 Subject: Non Nested rules quiry Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Howard, For the archives, please can you post the response I sent to you? Thanks, Jules Steen, Glenn wrote: >Might it be the ".list" ending on %rules-dir%/chinaemail.rules.list >that is giving you grief? IIRC rules files need end in >.rule or .rules. > >-- Glenn > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Howard Robinson >Sent: den 1 februari 2005 16:25 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Non Nested rules quiry > > >Hello, >I have 60 staff and students in China that keep having their emails >coming into college marked as spam. They are using about 10 different >domains. >I want to allow emails from them to four specific staff members here >without them being checked for spam. >I though I had it sussed but Mailscanner protests when restarting with a >syntax error in the rules file. >What I have tried so far is:- >In MailScanner.conf I have (with other blurb snipped and tabs for >spacing) >Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules > > >In %rules-dir%/spam.whitelist.rules ># note line wrapped >To: usera@harper-adams.ac.uk >/etc/MailScanner/rules/chinaemail.rules.list > > >FromOrTo: default no > > >In /etc/MailScanner/rules/chinaemail.rules.list >I have >From: userz@domain1 yes >From: usery@domain2 yes >From: userx@domain1 yes >FromOrTo: default no > > >My idea was that only if it were for usera would mailscanner need to >look at the from address however in the book (p309) it says that rules >can't be nested other than files full address patterns. >However p304 option 14 looks to me to contradict this. > > >Have I got this wrong? > > > >Regards > >Howard Robinson >(Senior Technical Development Officer) >Harper Adams University College >Edgmond >Newport >Shropshire >TF10 8NB UK > >E-mail: hrobinson@harper-adams.ac.uk >Tel. : +44(0)1952 820280 Via switchboard > : +44(0)1952 815253 Direct line >Fax. : +44(0)1952 814783 >College Web site http://www.harper-adams.ac.uk > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Wed Feb 2 14:09:10 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:24 2006 Subject: Matching domain to sender. Message-ID: I have not seen this setting and thing that it might prevent a ton of spam. I may be wrong. Just your normal System Adin...no super human traits. Can you run some rule to check the senders ip and or domain name and match that to the mail from address? Thanks for any comments. This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Wed Feb 2 14:24:20 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:28:24 2006 Subject: AW: Matching domain to sender. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] if you need it configure your mta for it (sendmail, postfix ?) most popular mta´s are supporting the mx checks. greetings andy >-----Ursprüngliche Nachricht----- >Von: David Curtis [mailto:DCurtis@SBSCHOOLS.NET] >Gesendet: Mittwoch, 2. Februar 2005 15:09 > >I have not seen this setting and thing that it might prevent a >ton of spam. I may be wrong. Just your normal System Adin...no >super human traits. > >Can you run some rule to check the senders ip and or domain >name and match that to the mail from address? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joey at JOESMITH.NET Wed Feb 2 14:37:12 2005 From: joey at JOESMITH.NET (Joe Smith) Date: Thu Jan 12 21:28:24 2006 Subject: MScanner Disaster Recovery Message-ID: On Wed, 2 Feb 2005, Quentin Campbell wrote: > It is good system and security practice to maintain separation of > function. > > Mail gateways/relays should not also be mailbox servers. These are > separate functions often run by different parts of an organisation. I tend to agree with that senario and have mostly followed that conguration in my mid to high volume servers. I also keep the DNS seperated and network diverse. I also do things like install multiple nics to allow "backhauling" the processed mail to the POP/IMAP machine(s) via a private dedicated lan and not sending it back out the world interface it came in on. I do have a few installations where the seperation of function would be like having 2 engines in a car, one to run the front wheels and one to run the back. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Wed Feb 2 14:56:45 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:24 2006 Subject: AW: Matching domain to sender. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Any idea of where this setting is in postfix. Many thanks for the advice. >>> Andreas.Doerfler@KEMPTEN.DE 2/2/2005 9:24:20 AM >>> if you need it configure your mta for it (sendmail, postfix ?) most popular mta´s are supporting the mx checks. greetings andy >-----Ursprüngliche Nachricht----- >Von: David Curtis [mailto:DCurtis@SBSCHOOLS.NET] >Gesendet: Mittwoch, 2. Februar 2005 15:09 > >I have not seen this setting and thing that it might prevent a >ton of spam. I may be wrong. Just your normal System Adin...no >super human traits. > >Can you run some rule to check the senders ip and or domain >name and match that to the mail from address? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Wed Feb 2 15:02:52 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:28:24 2006 Subject: AW: AW: Matching domain to sender. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] http://www.postfix.org just 2 clicks away .. ;) http://www.postfix.org/documentation.html http://www.postfix.org/ADDRESS_VERIFICATION_README.html http://www.postfix.org/postconf.5.html#reject_unknown_sender_domain greetings andy >-----Ursprüngliche Nachricht----- >Von: David Curtis [mailto:DCurtis@SBSCHOOLS.NET] >Gesendet: Mittwoch, 2. Februar 2005 15:57 >An: MAILSCANNER@JISCMAIL.AC.UK >Betreff: Re: AW: Matching domain to sender. > > >Any idea of where this setting is in postfix. Many thanks for >the advice. > >>>> Andreas.Doerfler@KEMPTEN.DE 2/2/2005 9:24:20 AM >>> >if you need it configure your mta for it (sendmail, postfix ?) >most popular mta´s are supporting the mx checks. > >greetings >andy > >>-----Ursprüngliche Nachricht----- >>Von: David Curtis [mailto:DCurtis@SBSCHOOLS.NET] >>Gesendet: Mittwoch, 2. Februar 2005 15:09 >> >>I have not seen this setting and thing that it might prevent a >>ton of spam. I may be wrong. Just your normal System Adin...no >>super human traits. >> >>Can you run some rule to check the senders ip and or domain >>name and match that to the mail from address? > >------------------------ MailScanner list >------------------------ To unsubscribe, email >jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in >the body of the email. Before posting, read the MAQ >(http://www.mailscanner.biz/maq/) and the archives >(http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > > > > > > >This email may contain information protected under the Family >Educational Rights and Privacy Act (FERPA) or the Health >Insurance Portability and Accountability Act (HIPAA). If this >email contains confidential and/or privileged health or >student information and you are not entitled to access such >information under FERPA or HIPAA, federal regulations require >that you destroy this email without reviewing it and you may >not forward it to anyone. > >------------------------ MailScanner list >------------------------ To unsubscribe, email >jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in >the body of the email. Before posting, read the MAQ >(http://www.mailscanner.biz/maq/) and the archives >(http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From t.d.lee at DURHAM.AC.UK Wed Feb 2 15:12:21 2005 From: t.d.lee at DURHAM.AC.UK (David Lee) Date: Thu Jan 12 21:28:24 2006 Subject: Matching domain to sender. Message-ID: On Wed, 2 Feb 2005, David Curtis wrote: > I have not seen this setting and thing that it might prevent a ton of > spam. I may be wrong. Just your normal System Adin...no super human > traits. > > Can you run some rule to check the senders ip and or domain name and > match that to the mail from address? > > Thanks for any comments. It may not be as straightforward as it seems on the surface. Who is the "sender", what is the domain name? Example: let's imagine a legitimate mail list to which you and I might both belong. I, "me@mydom.com", send a message to it, "list@listdom.com", hosted on machines at an ISP/university/etc. "ISP.com". You receive this mail. But who has been the "sender" from your perspective? o The visible "From:" contains my "mydom.com": but that is several steps away from the transaction at your site; o The SMTP machine (probably the list expander) pushing it to you is "something.ISP.com", which bears no direct relation to me (email originator) as "sender"; o The envelope "From" contains "owner-list@listdom.com", which doesn't directly trace back to the "ISP.com" DNS names and addresses; o The visible "To:" contains "listdom.com" (which, as a text string, bears no direct relation to your site). So your "check the senders ip and or domain name and match that to the mail from address" becomes non-trivial. Note that an emerging technology, SPF, is designed to help to address the email forgery aspects of the problem if, and as, it gains wider acceptance and use. Indeed, SpamAssassin 3.x is beginning to take account of it. By its very nature, it needs time to ramp up. (It has a few "no pain, no gain" implications, but that's part of life in these spam-riddled days, and no-one has yet come up with a better, and even more widely acceptable, compromise.) Hope taht helps. -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham : : Phone: +44 191 334 2752 U.K. : ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joey at JOESMITH.NET Wed Feb 2 15:21:45 2005 From: joey at JOESMITH.NET (Joe Smith) Date: Thu Jan 12 21:28:24 2006 Subject: Matching domain to sender. Message-ID: On Wed, 2 Feb 2005, David Curtis wrote: > I have not seen this setting and thing that it might prevent a ton of > spam. I may be wrong. Just your normal System Adin...no super human > traits. It is becoming less prevalent for spammers to do this, due to better laws and enforcement. They are moving more towards registered or borrowed domains which makes them look legit. However there is a system along the lines you query gaining some popularity, SPF. Have a look: http://spf.pobox.com I have started configuring some of my domains to respond to spf queries. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Danny_Beland at PCH.GC.CA Wed Feb 2 15:23:54 2005 From: Danny_Beland at PCH.GC.CA (Danny Beland) Date: Thu Jan 12 21:28:24 2006 Subject: Scan for viruses before scanning for spam Message-ID: Is there a way to scan for viruses before scanning for spam or to scan forwarded messages for viruses? The problem we have is we set MailScanner to forward all spam to a mailbox, when it forwards it, it doesn't scan the message for viruses. We use SA 2.64 and McAfee virus scan. Thanks, Danny ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Wed Feb 2 15:35:30 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:24 2006 Subject: Matching domain to sender. Message-ID: Once I started diving into the Postfix settings I realized that what I wanted was not simple and as you stated I now understand why it is not so simple. Thanks for the help. >>> t.d.lee@DURHAM.AC.UK 2/2/2005 10:12:21 AM >>> On Wed, 2 Feb 2005, David Curtis wrote: > I have not seen this setting and thing that it might prevent a ton of > spam. I may be wrong. Just your normal System Adin...no super human > traits. > > Can you run some rule to check the senders ip and or domain name and > match that to the mail from address? > > Thanks for any comments. It may not be as straightforward as it seems on the surface. Who is the "sender", what is the domain name? Example: let's imagine a legitimate mail list to which you and I might both belong. I, "me@mydom.com", send a message to it, "list@listdom.com", hosted on machines at an ISP/university/etc. "ISP.com". You receive this mail. But who has been the "sender" from your perspective? o The visible "From:" contains my "mydom.com": but that is several steps away from the transaction at your site; o The SMTP machine (probably the list expander) pushing it to you is "something.ISP.com", which bears no direct relation to me (email originator) as "sender"; o The envelope "From" contains "owner-list@listdom.com", which doesn't directly trace back to the "ISP.com" DNS names and addresses; o The visible "To:" contains "listdom.com" (which, as a text string, bears no direct relation to your site). So your "check the senders ip and or domain name and match that to the mail from address" becomes non-trivial. Note that an emerging technology, SPF, is designed to help to address the email forgery aspects of the problem if, and as, it gains wider acceptance and use. Indeed, SpamAssassin 3.x is beginning to take account of it. By its very nature, it needs time to ramp up. (It has a few "no pain, no gain" implications, but that's part of life in these spam-riddled days, and no-one has yet come up with a better, and even more widely acceptable, compromise.) Hope taht helps. -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham : : Phone: +44 191 334 2752 U.K. : ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From billy at PLANETGEEK.BIZ Wed Feb 2 16:51:41 2005 From: billy at PLANETGEEK.BIZ (Billy Pumphrey) Date: Thu Jan 12 21:28:24 2006 Subject: OT Taking care of mail errors and dnsreport.com Message-ID: My alias file seems to be /etc/aliases and it has: # # Aliases in this file will NOT be expanded in the header from # Mail, but WILL be visible over networks or from /bin/mail. # # >>>>>>>>>> The program "newaliases" must be run after # >> NOTE >> this file is updated for any changes to # >>>>>>>>>> show through to sendmail. # # Basic system aliases -- these MUST be present. mailer-daemon: postmaster postmaster: root Then some other entries.............. Then ... # mailman aliases mailman: postmaster mailman-owner: mailman newsadm: news newsadmin: news usenet: news ftpadm: ftp ftpadmin: ftp ftp-adm: ftp ftp-admin: ftp # trap decode to catch security attacks decode: root # Person who should get root's mail root: administrator@woodmaclaw.com ---------- In my mailertable I have this.... woodmaclaw.com esmtp:[10.1.1.2] www.woodmaclaw.com esmtp:[10.1.1.2] ---------- In my relay-domains I have this.... Woodmaclaw.com www.woodmaclaw.com I am confused about naming the mailscanner.woodmaclaw.local to mailscanner.woodmaclaw.com. Do I need to do this even though the computer is in my local domain? Seems like you have a similar setup as me? I have... --- path of mail ---- Internet My csu/dsu 68.xxx.xxx.xxx My router (linux smoothwall distro) My mailscanner machine (mailscanner.woodmaclaw.local) My MS Exchange machine (woodendc.woodmaclaw.local) Billy Pumphrey IT Manager Wooden & McLaughlin > -----Original Message----- > From: Kevin Miller [mailto:Kevin_Miller@CI.JUNEAU.AK.US] > Sent: Tuesday, February 01, 2005 1:32 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: OT Taking care of mail errors and dnsreport.com > > Billy Pumphrey wrote: > > I don't know where to get better help, so I am hoping that > someone can > > shoot an answer to these problems. I got digging and it > looks like I > > do not have the best setup. > > > > Here is my basic setup: > > Mailscanner is the gateway between the internet and my MS Exchange > > server. MailScanner running RulesDeJour, SpamAssassin, and Sophos. > > Linux release 9, Kernel 2.4.20-8. > > Spamassassin version 2.61 > > MailScanner version 4.25-14 > > > > http://www.dnsreport.com/tools/dnsreport.ch?domain=woodmaclaw.com > > > > I believe that these errors are coming from my mailscanner machine > > name mailscanner.woodmaclaw.local. I do not know how to configure > > sendmail to accept the postmaster address for example. All > of those > > warnings and errors in that report I would guess would be a > good idea > > to get fixed? > > > > What started me on this and what I really need to get fixed > is there > > is a domain that is having problems with emails getting to my > > mailserver. > > From houseinvestments.com. Error like this are coming = > 550 5.7.1 we > > do not relay. > > > > I havce searched and searched on this error and tried to > see what the > > problem is on the exchange server. I cannot find what the > problem is. > > Any help on getting these errors taken care of is greatly > appreciated. > > I'm not a sendmail guru by any stretch. Probably even more clueless > than most , but I'll chime in anyway. Keeps me humble. > > What do you have in your alias file in /etc/sendmail? I have a line > that > says: > > postmaster: root > > (use a tab ot separate the above entries) > > My MailScanner box is just a gateway so I also added a .forward file > in /root which contains the address to forward to on our internal mail > server. > > It may be as simple as changing the name of the server to .com instead > of .local though. If that's not in the cards, then I'd look at using > mailertable to define what hosts you forward mail to. Without knowing > your network layout, I'd offer this: The internet facing machine > should be named mail.woodmaclaw.com, and if it just accepts and > forwards mail to an internal host it should have entries in the > relay-domain file for what domains it will accept for and in the > mailertable for where to send them. At least that's how I'm set up > and it works for me. Hope this helps... > > > ...Kevin > -- > Kevin Miller Registered Linux User No: 307357 > CBJ MIS Dept. Network Systems Admin., Mail Admin. > 155 South Seward Street ph: (907) 586-0242 > Juneau, Alaska 99801 fax: (907 586-4500 > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed Feb 2 16:49:02 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:28:24 2006 Subject: Scan for viruses before scanning for spam Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Danny Beland wrote: > Is there a way to scan for viruses before scanning for spam or to scan > forwarded messages for viruses? The problem we have is we set MailScanner > to forward all spam to a mailbox, when it forwards it, it doesn't scan the > message for viruses. We use SA 2.64 and McAfee virus scan. Are you sure it doesn't scan it? I forward low-scoring spam and they all have this header: X-camo-route-MailScanner: Found to be clean > > Thanks, > > Danny > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Wed Feb 2 17:20:37 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:24 2006 Subject: Matching domain to sender. Message-ID: At 09:09 AM 2/2/2005, David Curtis wrote: >I have not seen this setting and thing that it might prevent a ton of >spam. I may be wrong. Just your normal System Adin...no super human >traits. > >Can you run some rule to check the senders ip and or domain name and >match that to the mail from address? One word of caution with this. Don't expect this to be have a low false-positive rate. It's very common to use MX's which mismatch the domain name of the server. For example, xanadu.evi-inc.com acts as the outbound MX for both mkettler@evi-inc.com and mkettler@evitechnology.com. Really, this is what SPF is for. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ard at PERGAMENTUM.COM Wed Feb 2 17:39:06 2005 From: ard at PERGAMENTUM.COM (Alisdair Davey) Date: Thu Jan 12 21:28:24 2006 Subject: Sending just non virus notices Message-ID: Is there a way to configure "Send Notices" in such a way that I don't get Virus notifications, but do get notifications about bad filenames / scripts etc? I could swear I'd seen something about this on the list in the past but, can't find anything in the archive. Cheers Alisdair -- Dr Alisdair Davey ard@pergamentum.com Pergamentum Solutions Tel: 1-303-981-9838 2066 Dailey Lane Superior, CO 80027 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Wed Feb 2 18:10:34 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:28:24 2006 Subject: OT Taking care of mail errors and dnsreport.com Message-ID: Billy Pumphrey wrote: > My alias file seems to be /etc/aliases and it has: > # > # Aliases in this file will NOT be expanded in the header from # > Mail, but WILL be visible over networks or from /bin/mail. > # > # >>>>>>>>>> The program "newaliases" must be run after > # >> NOTE >> this file is updated for any changes to > # >>>>>>>>>> show through to sendmail. > # > > # Basic system aliases -- these MUST be present. > mailer-daemon: postmaster > postmaster: root Pretty much like mine, except I have: postmaster: root mailer-daemon: postmaster Don't know if the order makes any difference. > # Person who should get root's mail > root: administrator@woodmaclaw.com I don't have this. What I did was in root's home dir (/root) I created a file called .forward and put in the following: postmaster@ci.juneau.ak.us You might want to add postmaster@woodmaclaw.com as a 2nd email address for Administrator in Exchange, so that the Exchange server accepts that, or conversely, put administrator@woodmaclaw.com in your .forward file. Or both just to be safe. Might all be much of a muchness, but I know using a forward file works. > ---------- In my mailertable I have this.... > woodmaclaw.com esmtp:[10.1.1.2] > www.woodmaclaw.com esmtp:[10.1.1.2] That looks fine (assuming that someone actually sends to someone@www.woodmaclaw.com - I'd expect www to refer to a machine in the woodmaclaw.com domain rather than a mail domain but there's nothing that says it can't be both). I also assume that 10.1.1.2 *isn't* the IP address of mail.woodmaclaw.com, but is instead the internal address of the machine to forward to. Did you create the mailertable.db? You have to run the following command whenever you change a file like access, or mailertable: makemap hash /etc/mail/mailertable < /etc/mail/mailertable makemap hash /etc/mail/access < /etc/mail/access If you don't do that, sendmail will never use the changes. In my circumstances, the mailertable, access table, etc. are pretty humble, but an ISP that is hosting hundreds or more domains might have a huge table so sendmail wants to create a db out of it for better performance. The makemap command builds the database. Also, make sure you use tabs, not spaces between the domain name and emspt... > ---------- In my relay-domains I have this.... > Woodmaclaw.com > www.woodmaclaw.com That looks fine. Or at least it looks similar to mine. This file doesn't need to be hashed like the mailertable or the access table. And, in your sendmail.cf you should have the following (I'm assuming you have an access table - can't recall if you mentioned it or not): FEATURE(`mailertable')dnl FEATURE(`access_db')dnl dnl These mailers are available. per default only smtp is used. You have dnl to add entries to /etc/mail/mailertable to enable one of the other dnl mailers. MAILER(`local')dnl MAILER(`smtp')dnl If you change your sendmail.cf you'll have to regenerate your /etc/sendmail.conf > I am confused about naming the mailscanner.woodmaclaw.local to > mailscanner.woodmaclaw.com. Do I need to do this even though the > computer is in my local domain? I think this is actually OK - it needs to be .com on the outside, but can be .local on the inside. I was a bit befuddled yesterday by your description. I think I sorted it out in my mind. > Seems like you have a similar setup as me? I have... > --- path of mail ---- > Internet > My csu/dsu 68.xxx.xxx.xxx > My router (linux smoothwall distro) > My mailscanner machine (mailscanner.woodmaclaw.local) > My MS Exchange machine (woodendc.woodmaclaw.local) Does the Exchange server accept mail for someone@woodmaclaw.com? It will need to do that of course. Beyond that, I can't think of what else might be goofy. Hope this helps... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Feb 2 18:46:03 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:24 2006 Subject: Sending just non virus notices Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Just filter your notifications feed with procmail or similar. Alisdair Davey wrote: >Is there a way to configure "Send Notices" in such a way that I don't get >Virus notifications, but do get notifications about bad filenames / scripts >etc? I could swear I'd seen something about this on the list in the past >but, can't find anything in the archive. >Cheers >Alisdair > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Feb 2 18:38:01 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:24 2006 Subject: OT Taking care of mail errors and dnsreport.com Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Billy Pumphrey wrote: > My alias file seems to be /etc/aliases and it has: > # > # Aliases in this file will NOT be expanded in the header from # Mail, but > WILL be visible over networks or from /bin/mail. > # > # >>>>>>>>>> The program "newaliases" must be run after > # >> NOTE >> this file is updated for any changes to > # >>>>>>>>>> show through to sendmail. > # > > # Basic system aliases -- these MUST be present. > mailer-daemon: postmaster > postmaster: root > > Then some other entries.............. > Then ... > > # mailman aliases > mailman: postmaster > mailman-owner: mailman > > newsadm: news > newsadmin: news > usenet: news > ftpadm: ftp > ftpadmin: ftp > ftp-adm: ftp > ftp-admin: ftp > > # trap decode to catch security attacks > decode: root > > # Person who should get root's mail > root: administrator@woodmaclaw.com > > ---------- In my mailertable I have this.... > woodmaclaw.com esmtp:[10.1.1.2] > www.woodmaclaw.com esmtp:[10.1.1.2] > > ---------- In my relay-domains I have this.... > Woodmaclaw.com > www.woodmaclaw.com > > I am confused about naming the mailscanner.woodmaclaw.local to > mailscanner.woodmaclaw.com. Do I need to do this even though the computer > is in my local domain? > > Seems like you have a similar setup as me? I have... > --- path of mail ---- > Internet > My csu/dsu 68.xxx.xxx.xxx > My router (linux smoothwall distro) > My mailscanner machine (mailscanner.woodmaclaw.local) My MS Exchange machine > (woodendc.woodmaclaw.local) If the computer needs to get - receive from the internet, it needs a real upper level domain, not local. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Wed Feb 2 19:16:20 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:28:24 2006 Subject: OT Taking care of mail errors and dnsreport.com Message-ID: Scott Silva wrote: snip >> Internet >> My csu/dsu 68.xxx.xxx.xxx >> My router (linux smoothwall distro) >> My mailscanner machine (mailscanner.woodmaclaw.local) My MS Exchange >> machine (woodendc.woodmaclaw.local) > If the computer needs to get - receive from the internet, it needs a > real upper level domain, not local. I believe his mailscanner.woodmaclaw.local and his mail.woodmaclaw.com machine are the same host. One being the internal name, the other external. Billy can correct me if I'm wrong... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From webalizer at NWCWEB.COM Wed Feb 2 19:36:16 2005 From: webalizer at NWCWEB.COM (Dave Duffner - NWCWEB.com) Date: Thu Jan 12 21:28:24 2006 Subject: OT Taking care of mail errors and dnsreport.com Message-ID: Greetings, Just as a side note on this thread I've been watching... The last 2 weeks I've had very strange reports from both dnsreports and dnsstuff that don't match. dnsreports keeps giving false errors that dnsstuff shows as being OK. So this may not even be a true error being chased down, may want to run tests through other points and see if you get the same results! David J. Duffner VP Operations NWCWEB www.nwcweb.com > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Kevin Miller > Sent: Wednesday, February 02, 2005 2:16 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: OT Taking care of mail errors and dnsreport.com > > > Scott Silva wrote: > snip > >> Internet > >> My csu/dsu 68.xxx.xxx.xxx > >> My router (linux smoothwall distro) > >> My mailscanner machine (mailscanner.woodmaclaw.local) My > MS Exchange > >> machine (woodendc.woodmaclaw.local) > > > If the computer needs to get - receive from the internet, > it needs a > > real upper level domain, not local. > > I believe his mailscanner.woodmaclaw.local and his > mail.woodmaclaw.com machine are the same host. One being the > internal name, the other external. Billy can correct me if > I'm wrong... > > ...Kevin > -- > Kevin Miller Registered Linux User No: 307357 > CBJ MIS Dept. Network Systems Admin., Mail Admin. > 155 South Seward Street ph: (907) 586-0242 > Juneau, Alaska 99801 fax: (907 586-4500 > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' > in the body of the email. Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Message scanned by MailScanner, and is believed to be clean. CONFIDENTIALITY NOTICE: This transmission intended for the specified destination and person. If this is not you, this e-mail must be deleted immediately. www.nwcweb.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Feb 2 19:41:14 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:24 2006 Subject: 4.38.10 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have had a teensy little bug in the handling of the phishing.safe.sites.conf file reported. As I'm off tomorrow morning, I have just fixed it and released a new version. If a few of you could try it quickly for me and confirm if there are any problems in the next 2 hours or so, I will leave happy that it is fixed. You have the bug if your MailScanner won't start at all and "Debug = yes" makes it report an error in Config.pm around line 808. This bug will not appear in any version before 4.38 as the code containing it didn't exist then. Thanks folks! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Wed Feb 2 19:43:19 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:28:24 2006 Subject: OT Taking care of mail errors and dnsreport.com Message-ID: Dave Duffner - NWCWEB.com wrote: > Greetings, > > Just as a side note on this thread I've been > watching... The last 2 weeks I've had very strange > reports from both dnsreports and dnsstuff that don't > match. dnsreports keeps giving false errors that > dnsstuff shows as being OK. > > So this may not even be a true error being > chased down, may want to run tests through other > points and see if you get the same results! I just sent a note off to postmaster@woodmaclaw.com, but then doublechecked dnsreports. It looks like it's backup.mywebmailserver.com that's misconfigured, not mail.woodmaclaw.com. All my original comments apply still, I think, but the addresses in the mailer-table might be different depending on his IP layout. Dnsreport message: ------------------- ERROR: One or more of your mailservers does not accept mail to postmaster@woodmaclaw.com. Mailservers are required (RFC822 6.3, RFC1123 5.2.7, and RFC2821 4.5.1) to accept mail to postmaster. backup.mywebmailserver.com's postmaster response: ^^^^^^ >>> RCPT TO: <<< 550 5.7.1 ... we do not relay <> ------------------- S'later... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Wed Feb 2 19:44:23 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:24 2006 Subject: Blantent plagerism... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kevin Miller wrote: >I'm building a new iteration of MailScanner on a faster box. A nice feature >Julian's added is the %web-site% variable in the reports where we can send >folks that have run afoul of our spam policies. Being a pragmatic and >frugal sort (pronounced 'lazy sod') I was wondering if anybody had a page up >that they wouldn't mind me plagerizing (with appropriate edits of course) >and loading on our web server. > > Well mine is the disclaimer signature... (It too has been err assisted from others :-) ) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Wed Feb 2 21:40:02 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:24 2006 Subject: 4.38.10 Message-ID: Hi! > I have had a teensy little bug in the handling of the > phishing.safe.sites.conf file reported. > As I'm off tomorrow morning, I have just fixed it and released a new > version. > > If a few of you could try it quickly for me and confirm if there are any > problems in the next 2 hours or so, I will leave happy that it is fixed. > > You have the bug if your MailScanner won't start at all and "Debug = > yes" makes it report an error in Config.pm around line 808. > > This bug will not appear in any version before 4.38 as the code > containing it didn't exist then. Besides the version number that still shows 4.38.9 its running just fine. Perhaps you can make the: Log Dangerous HTML Tags = yes Default to no, since its pretty annoying in the logs when not 'debugging' :) Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kenneth at CANCUN.NET Wed Feb 2 23:20:21 2005 From: kenneth at CANCUN.NET (Kenneth Andresen) Date: Thu Jan 12 21:28:24 2006 Subject: Scanning outgoing mails for spam and viruses Message-ID: Hello all, I am trying to find a way to check outgoing mail for spam and viruses prior to sending them, and wonder if this is possible with MailScanner? I am using Squirrelmail as a web based interface for mail, so the messages are generated on the server. Squirrelmail sends the outgoing messages by SMTP, however only messages sent to another account on the server gets scanned. Is it any way to have procmail or similar filter the outgoing messages, and quarantine infected or suspect messages? --- Kenneth ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From PHachey at CITY.CORNWALL.ON.CA Thu Feb 3 00:10:10 2005 From: PHachey at CITY.CORNWALL.ON.CA (Philip Hachey) Date: Thu Jan 12 21:28:24 2006 Subject: SURBL / URIBL not triggered in SA Message-ID: Hi. I've done quite a bit of searching on this, including in the archives for this mail list and while I've seen numerous mentions, I have yet to find a solution. All of the DNS RBL checks in both MailScanner and SpamAssassin get triggered when appropriate, but the only "URI" that gets triggered is the "URI_REDIRECT". There is no SURBL even when I send an email through containing in the body of the message: http://surbl-org-permanent-test-point.com-MUNGED/ (without the -MUNGED) I am using MailScanner 4.38.9 and SpamAssassin 3.0.2 I have installed the latest Net::DNS perl module from CPAN and also installed the tar files from the latest "install-Clam-SA.tar" In /etc/mail/spamassassin, there is an init.pre that calls the URI plugin and a symlink local.cf which points to /etc/MailScanner/spam.assassin.prefs.conf which, for the most part, is the same as the default shipped with MailScanner. Any ideas? Thanks, ---------------------------------- Philip J. Hachey ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Feb 3 00:32:31 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:24 2006 Subject: SURBL / URIBL not triggered in SA Message-ID: At 07:10 PM 2/2/2005, Philip Hachey wrote: >Hi. I've done quite a bit of searching on this, including in the archives >for this mail list and while I've seen numerous mentions, I have yet to >find a solution. > >All of the DNS RBL checks in both MailScanner and SpamAssassin get >triggered when appropriate, but the only "URI" that gets triggered is the >"URI_REDIRECT". There is no SURBL even when I send an email through >containing in the body of the message: > >http://surbl-org-permanent-test-point.com-MUNGED/ >(without the -MUNGED) > >I am using MailScanner 4.38.9 and SpamAssassin 3.0.2 Have you tried debugging it by going straight to the SA command line interface and see if that gets it? First, give sa's lint a whirl and see if there are any complaints (it should run quiet with no output) spamassassin --lint Grab SA's test message, or any other message with complete headers, and edit it to have the URL in it, and run it through spamassassin's test mode: spamassassin -t Volume 200+ messages a day Hardware Athlon 3000+, 1G RAM, 80G Drive Software Fedora Core 2, Exim, Spamassassin, Pyzor, DCC, Mailscanner RBLs None in MTA, All in MailScanner, None in Spamassassin Virus Scanners: ClamAV No attachment limits have been specified in Exim. Searched the web and archives and didn't see the answer to what I need. I'd like to be able to control attachment sizes by domain. I have not been able to find an example of a ruleset with the correct keywords/syntax to limit attachments by domain. I figure one part will be To: *@somedomain.com, but what's the keyword to set the attachment limit or unlimited? TIA, Stephen ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Christo at IT4AFRICA.CO.ZA Thu Feb 3 06:53:55 2005 From: Christo at IT4AFRICA.CO.ZA (Christo Bezuidenhout) Date: Thu Jan 12 21:28:24 2006 Subject: attachment limits ruleset by domain {Virus Scanned} Message-ID: FromOrTo: *@domain 10000000 FromOrTo: default 1000000 First could be From: To: FromOrTo: etc > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of TunedWeb Admin > Sent: 03 February 2005 08:33 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: attachment limits ruleset by domain {Virus Scanned} > > Volume 200+ messages a day > Hardware Athlon 3000+, 1G RAM, 80G Drive Software Fedora Core > 2, Exim, Spamassassin, Pyzor, DCC, Mailscanner RBLs None in > MTA, All in MailScanner, None in Spamassassin Virus Scanners: ClamAV > > No attachment limits have been specified in Exim. > > Searched the web and archives and didn't see the answer to > what I need. > > I'd like to be able to control attachment sizes by domain. I > have not been able to find an example of a ruleset with the > correct keywords/syntax to limit attachments by domain. > > I figure one part will be To: *@somedomain.com, but what's > the keyword to set the attachment limit or unlimited? > > TIA, Stephen > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. > MailScanner thanks transtec Computers for their support. > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dbird at SGHMS.AC.UK Thu Feb 3 12:12:27 2005 From: dbird at SGHMS.AC.UK (Daniel Bird) Date: Thu Jan 12 21:28:24 2006 Subject: [Fwd: too suspicious by half?] Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Found this quite humorous, but am not quite sure why this happened. A good use for the phishing whitelist me thinks , until I can figure out why.... Dan -------- Original Message -------- Subject: too suspicious by half? Date: Thu, 03 Feb 2005 12:00:55 +0000 From: Dominick McIntyre <*****@******> To: Daniel Bird Nice to see your email filter doesn't even trust itself... > > ------ End of Forwarded Message > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner *MailScanner has detected a possible fraud attempt from "www.mailscanner.info" claiming to be* , and is > > believed to be clean. > > MailScanner thanks transtec Computers *MailScanner has detected a possible fraud attempt from "www.transtec.co.uk" claiming to be* for > > their support. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lele at PROFIM.FLORIDA.IT Thu Feb 3 13:13:19 2005 From: lele at PROFIM.FLORIDA.IT (Emanuele Salvador) Date: Thu Jan 12 21:28:24 2006 Subject: Mailscanner, Exim and Message-ID: X-Florida Group-MailScanner-Information: Please contact the ISP for more information X-Florida Group-MailScanner: Found to be clean X-MailScanner-From: lele@profim.florida.it I'm actually running Mailscanner 4.38.9 on a Redhat 9 linux box, along with Exim 4.44, latest spamassassin and McAfee and F-Secure antivirus. Everything seems to work fine but I get a lot of Mailscanner processess when I run ps ax. I tried to debug as per instructions, tried to activate and deactivate virus scanners but have no results. Any suggestions are welcome !! Thanks, Emanuele Salvador A carrot is as close as a rabbit gets to a diamond. - Don Van Vliet - ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From combs at MAGNET.FSU.EDU Thu Feb 3 14:10:20 2005 From: combs at MAGNET.FSU.EDU (Tom Combs) Date: Thu Jan 12 21:28:24 2006 Subject: false positives from spamcop.net? Message-ID: Have there been any reports of problems with the spamcop.net RBL returning false positives on Feb 2? I had some email sent from mail.magnet.fsu.edu to an internal magnet.fsu.edu address that got tagged as spam by spamcop. I checked their website and we are not listed in their database. -- Tom Combs E-mail: combs@magnet.fsu.edu National High Magnetic Field Laboratory Phone: (850) 644-1657 1800 E. Paul Dirac Drive Tallahassee, FL 32310 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Thu Feb 3 14:34:29 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:28:24 2006 Subject: OT: combining mbox files Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, I would like to combine quarantined mail files, which are in mbox format, to a single file. When I run 'cat * >> newfile' the files are combined, but there is no whitespace between each message. I need there to be whitespace between each message; whatever is normally required for an mbox file containg multiples message. Can anyone offer advise please? Thanks, Rod -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nmeverde at NP.K12.MN.US Thu Feb 3 15:07:22 2005 From: nmeverde at NP.K12.MN.US (Nick Meverden) Date: Thu Jan 12 21:28:24 2006 Subject: OT: combining mbox files Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] There are perl modules that you can use to create a mbox and move those messages into it. Read the perldoc for Mail::Box - Nick > Hello, > > I would like to combine quarantined mail files, which are in mbox > format, to a single file. When I run 'cat * >> newfile' the files are > combined, but there is no whitespace between each message. I need there > to be whitespace between each message; whatever is normally required for > an mbox file containg multiples message. Can anyone offer advise please? > > Thanks, > Rod > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Thu Feb 3 14:55:47 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:28:24 2006 Subject: OT: combining mbox files Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rodney Green wrote: > Hello, > > I would like to combine quarantined mail files, which are in mbox > format, to a single file. When I run 'cat * >> newfile' the files are > combined, but there is no whitespace between each message. I need there > to be whitespace between each message; whatever is normally required for > an mbox file containg multiples message. Can anyone offer advise please? > > Thanks, > Rod > Create a list of all you required files, typically 'ls > list_of_files' if they are all in one place OR use the find command to do it. Next do this on the bash (or whatever shell you use) prompt.. for i in `cat list_of_files` # note these are backticks and not quotes do cat $i >> consolidated_file echo "" >> consolidated_file done hope it works. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From davidb at UNIQUEPHOTO.COM Thu Feb 3 15:09:57 2005 From: davidb at UNIQUEPHOTO.COM (David Ballengee) Date: Thu Jan 12 21:28:24 2006 Subject: /etc/cron.hourly/update_virus_scanners getting stuck Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I am running Mail Scanner 4/36/4 with Kaspesky 5.05 email virus scanner using sendmail version 8.12.11. Just recently it seems that the cron job /etc/cron/hourly/update_virus_scanners gets stuck. (It seems to run over and over again when i run a ps -aux When this happens Mail Scanner dies, thus so does sendmail. All the messages get stuck in the queue. There is nothing really special about the machine its running on. HP Xenon 1 gb of ram. Fedora Core 2 any ideas?? -- David Ballengee IT Supervisor Unique Photo (973)377-5555x259 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Feb 3 15:21:36 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:24 2006 Subject: /etc/cron.hourly/update_virus_scanners getting stuck Message-ID: David a couple of people have reported issues with the update scripts. But they were running 5.0.5 (5.0.3 and 5.0.4) so I think they fixed it by upgrading to 5.0.5. hmm on the kapersky support pages... Problems with download servers. We apologize to customers and partners for the problems caused by our download servers over the past few days. A recent virus outbreak and an exceptionally large antivirus database update created an unprecedented load on our servers. This meant the servers were inaccessible for long periods. We have now completely restructured our update procedure. This means that the cumulative update released on 28.01.05, which contributed to the server problems,was the last update of such a large size. We are also reviewing our download server system to ensure that our servers will function effectively at times of peak demand. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 David Ballengee wrote: > I am running Mail Scanner 4/36/4 with Kaspesky 5.05 email virus scanner > using sendmail version 8.12.11. > > Just recently it seems that the cron job > > /etc/cron/hourly/update_virus_scanners gets stuck. (It seems to run over > and over again when i run a ps -aux > > When this happens Mail Scanner dies, thus so does sendmail. All the > messages get stuck in the queue. > > There is nothing really special about the machine its running on. > > HP Xenon 1 gb of ram. Fedora Core 2 > > any ideas?? > > -- > David Ballengee > IT Supervisor > Unique Photo > (973)377-5555x259 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From slewis at COMPLAW.COM Thu Feb 3 15:14:00 2005 From: slewis at COMPLAW.COM (Samuel Lewis) Date: Thu Jan 12 21:28:24 2006 Subject: MailScanner/Clamscan problem Message-ID: [My apologies if this is the second posting of this message; it wasn't clear whether the message posted or not.] I just upgraded to MailScanner-4.38.9-1 and I'm running clamav-0.81. This morning, I attempted to e-mail a .tgz file. When MailScanner attempts to scan the e-mail with the .tgz file attached, I get a whole bunch of entries like: Feb 3 08:09:06 murphy MailScanner[31485]: irdb/author.created_on.idx.lock Feb 3 08:09:07 murphy MailScanner[31485]: ProcessClamAVOutput: unrecognised line "irdb/author.created_on.idx.lock". Please contact the authors! in the /var/log/maillog. It seems to create such an entry for every file in the .tgz file. I've attempted to run clamscan against the .tgz file manually to determine if it is a clamav problem, and clamscan has no problem processing the file. I've also verified that the MailScanner.conf file includes the "Incoming Work Group = clamav" and "Incoming Work Permissions = 0640" as detailed in the clamav-wrapper file. I noticed some discussion about this problem in the list archives, but never saw a resolution other than upgrading to the current version. Any suggestions you can provide are appreciated. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Carl.Andrews at CRACKERBARREL.COM Thu Feb 3 15:27:09 2005 From: Carl.Andrews at CRACKERBARREL.COM (Andrews Carl 448) Date: Thu Jan 12 21:28:24 2006 Subject: New method of Virus Propagation Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Does MS/clamav look inside RAR files? http://www.eweek.com/article2/0,1759,1756636,00.asp Thanks! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Feb 3 15:39:23 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:24 2006 Subject: false positives from spamcop.net? Message-ID: At 09:10 AM 2/3/2005, Tom Combs wrote: >Have there been any reports of problems with the spamcop.net RBL >returning false positives on Feb 2? I had some email sent from >mail.magnet.fsu.edu to an internal magnet.fsu.edu address that got >tagged as spam by spamcop. I checked their website and we are not >listed in their database. Any chance you got reported to spamcop and wound up listed by them for a short period of time? Given the latest trend in spam, zombies that use the proper relay, it's going to be common for spamcop to wind up with short-lived listings for the legitimate mailservers of ISPs. At least, until the spamcop guys clean things up in their reporting engine, which they may have already done. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Thu Feb 3 15:44:03 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:28:24 2006 Subject: New method of Virus Propagation Message-ID: To my knowledge, .rar files are denied by default in the filename.rules.conf Mike ________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Andrews Carl 448 Sent: Thursday, February 03, 2005 9:27 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: New method of Virus Propagation Does MS/clamav look inside RAR files? http://www.eweek.com/article2/0,1759,1756636,00.asp Thanks! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Carl.Andrews at CRACKERBARREL.COM Thu Feb 3 15:39:56 2005 From: Carl.Andrews at CRACKERBARREL.COM (Andrews Carl 448) Date: Thu Jan 12 21:28:24 2006 Subject: New method of Virus Propagation Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Oops! Guess it does: http://www.clamav.net/abstract.html#pagestart -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Andrews Carl 448 Sent: Thursday, February 03, 2005 9:27 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: New method of Virus Propagation Does MS/clamav look inside RAR files? http://www.eweek.com/article2/0,1759,1756636,00.asp Thanks! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Carl.Andrews at CRACKERBARREL.COM Thu Feb 3 15:52:31 2005 From: Carl.Andrews at CRACKERBARREL.COM (Andrews Carl 448) Date: Thu Jan 12 21:28:24 2006 Subject: New method of Virus Propagation Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Oh. Did not look at that file, I was looking at filetype.rules.conf -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Mike Kercher Sent: Thursday, February 03, 2005 9:44 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: New method of Virus Propagation To my knowledge, .rar files are denied by default in the filename.rules.conf Mike ________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Andrews Carl 448 Sent: Thursday, February 03, 2005 9:27 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: New method of Virus Propagation Does MS/clamav look inside RAR files? http://www.eweek.com/article2/0,1759,1756636,00.asp Thanks! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From davidb at UNIQUEPHOTO.COM Thu Feb 3 15:58:09 2005 From: davidb at UNIQUEPHOTO.COM (David Ballengee) Date: Thu Jan 12 21:28:24 2006 Subject: /etc/cron.hourly/update_virus_scanners getting stuck Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] could i just remove /etc/cron.hourly/update_virus_scanners from cron and then just use the kaspserky updater cron job?? Martin Hepworth wrote: > David > > a couple of people have reported issues with the update scripts. But > they were running 5.0.5 (5.0.3 and 5.0.4) so I think they fixed it by > upgrading to 5.0.5. > > hmm on the kapersky support pages... > > Problems with download servers. > > We apologize to customers and partners for the problems caused by our > download servers over the past few days. > > A recent virus outbreak and an exceptionally large antivirus database > update created an unprecedented load on our servers. This meant the > servers were inaccessible for long periods. > > We have now completely restructured our update procedure. This means > that the cumulative update released on 28.01.05, which contributed to > the server problems,was the last update of such a large size. > > We are also reviewing our download server system to ensure that our > servers will function effectively at times of peak demand. > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > David Ballengee wrote: > >> I am running Mail Scanner 4/36/4 with Kaspesky 5.05 email virus scanner >> using sendmail version 8.12.11. >> >> Just recently it seems that the cron job >> >> /etc/cron/hourly/update_virus_scanners gets stuck. (It seems to run over >> and over again when i run a ps -aux >> >> When this happens Mail Scanner dies, thus so does sendmail. All the >> messages get stuck in the queue. >> >> There is nothing really special about the machine its running on. >> >> HP Xenon 1 gb of ram. Fedora Core 2 >> >> any ideas?? >> >> -- >> David Ballengee >> IT Supervisor >> Unique Photo >> (973)377-5555x259 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- David Ballengee IT Supervisor Unique Photo (973)377-5555x259 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Thu Feb 3 16:04:43 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:28:24 2006 Subject: false positives from spamcop.net? Message-ID: I've had a rash of spamcop blocks from sites deemed too critical for sendmail DNSBL blockage (eg Maine State Government, Yahoo lists, a local ISP) so I had to demote spamcop from a sendmail DNSBL down to the "Spam List =" line in MailScanner. I replaced spamcop in my DNSBL with sbl-xbl.spamhaus.org, no complaints so far. Jeff Earickson Colby College On Thu, 3 Feb 2005, Matt Kettler wrote: > Date: Thu, 3 Feb 2005 10:39:23 -0500 > From: Matt Kettler > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: false positives from spamcop.net? > > At 09:10 AM 2/3/2005, Tom Combs wrote: >> Have there been any reports of problems with the spamcop.net RBL >> returning false positives on Feb 2? I had some email sent from >> mail.magnet.fsu.edu to an internal magnet.fsu.edu address that got >> tagged as spam by spamcop. I checked their website and we are not >> listed in their database. > > Any chance you got reported to spamcop and wound up listed by them for a > short period of time? > > Given the latest trend in spam, zombies that use the proper relay, it's > going to be common for spamcop to wind up with short-lived listings for the > legitimate mailservers of ISPs. At least, until the spamcop guys clean > things up in their reporting engine, which they may have already done. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Feb 3 16:07:56 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:24 2006 Subject: /etc/cron.hourly/update_virus_scanners getting stuck Message-ID: David Assuming that's the only AV in your setup. The MS kapersky updater script will still lock MS until it's finished which seems to be the issue here. You may it beneficial to install ClamAV in the mean time until Kapersky get their act together, and remove kapersky from the MailScanner.conf file... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 David Ballengee wrote: > could i just remove > > /etc/cron.hourly/update_virus_scanners > > from cron > > and then just use the kaspserky updater cron job?? > > Martin Hepworth wrote: > >> David >> >> a couple of people have reported issues with the update scripts. But >> they were running 5.0.5 (5.0.3 and 5.0.4) so I think they fixed it by >> upgrading to 5.0.5. >> >> hmm on the kapersky support pages... >> >> Problems with download servers. >> >> We apologize to customers and partners for the problems caused by our >> download servers over the past few days. >> >> A recent virus outbreak and an exceptionally large antivirus database >> update created an unprecedented load on our servers. This meant the >> servers were inaccessible for long periods. >> >> We have now completely restructured our update procedure. This means >> that the cumulative update released on 28.01.05, which contributed to >> the server problems,was the last update of such a large size. >> >> We are also reviewing our download server system to ensure that our >> servers will function effectively at times of peak demand. >> >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >> David Ballengee wrote: >> >>> I am running Mail Scanner 4/36/4 with Kaspesky 5.05 email virus scanner >>> using sendmail version 8.12.11. >>> >>> Just recently it seems that the cron job >>> >>> /etc/cron/hourly/update_virus_scanners gets stuck. (It seems to run over >>> and over again when i run a ps -aux >>> >>> When this happens Mail Scanner dies, thus so does sendmail. All the >>> messages get stuck in the queue. >>> >>> There is nothing really special about the machine its running on. >>> >>> HP Xenon 1 gb of ram. Fedora Core 2 >>> >>> any ideas?? >>> >>> -- >>> David Ballengee >>> IT Supervisor >>> Unique Photo >>> (973)377-5555x259 >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> >> >> ********************************************************************** >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please notify >> the system manager. >> >> This footnote confirms that this email message has been swept >> for the presence of computer viruses and is believed to be clean. >> >> ********************************************************************** >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> > > -- > David Ballengee > IT Supervisor > Unique Photo > (973)377-5555x259 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Feb 3 16:09:28 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:24 2006 Subject: false positives from spamcop.net? Message-ID: I find it better to do the RBL's in SA, so if they break/stop etc you don't end up with a massive blacklist, merely added weight to the SA score. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Jeff A. Earickson wrote: > I've had a rash of spamcop blocks from sites deemed too critical > for sendmail DNSBL blockage (eg Maine State Government, Yahoo lists, > a local ISP) so I had to demote spamcop from a sendmail DNSBL down > to the "Spam List =" line in MailScanner. I replaced spamcop in my > DNSBL with sbl-xbl.spamhaus.org, no complaints so far. > > Jeff Earickson > Colby College > > On Thu, 3 Feb 2005, Matt Kettler wrote: > >> Date: Thu, 3 Feb 2005 10:39:23 -0500 >> From: Matt Kettler >> Reply-To: MailScanner mailing list >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: false positives from spamcop.net? >> >> At 09:10 AM 2/3/2005, Tom Combs wrote: >> >>> Have there been any reports of problems with the spamcop.net RBL >>> returning false positives on Feb 2? I had some email sent from >>> mail.magnet.fsu.edu to an internal magnet.fsu.edu address that got >>> tagged as spam by spamcop. I checked their website and we are not >>> listed in their database. >> >> >> Any chance you got reported to spamcop and wound up listed by them for a >> short period of time? >> >> Given the latest trend in spam, zombies that use the proper relay, it's >> going to be common for spamcop to wind up with short-lived listings >> for the >> legitimate mailservers of ISPs. At least, until the spamcop guys clean >> things up in their reporting engine, which they may have already done. >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Thu Feb 3 16:15:25 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:24 2006 Subject: /etc/cron.hourly/update_virus_scanners getting stuck Message-ID: Hi! > > /etc/cron.hourly/update_virus_scanners > > from cron > > and then just use the kaspserky updater cron job?? > Most likely that will also cause trouble, since it doesnt interact with MailScanner and doesnt do the proper file locking during the updates. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dnsadmin at 1BIGTHINK.COM Thu Feb 3 16:20:12 2005 From: dnsadmin at 1BIGTHINK.COM (DNSAdmin) Date: Thu Jan 12 21:28:24 2006 Subject: false positives from spamcop.net? Message-ID: At 11:09 AM 2/3/2005, you wrote: >I find it better to do the RBL's in SA, so if they break/stop etc you >don't end up with a massive blacklist, merely added weight to the SA score. SNIP >Jeff A. Earickson wrote: >>I've had a rash of spamcop blocks from sites deemed too critical >>for sendmail DNSBL blockage (eg Maine State Government, Yahoo lists, >>a local ISP) so I had to demote spamcop from a sendmail DNSBL down >>to the "Spam List =" line in MailScanner. I replaced spamcop in my >>DNSBL with sbl-xbl.spamhaus.org, no complaints so far. >> SNIP >>At 09:10 AM 2/3/2005, Tom Combs wrote: >>> >>>>Have there been any reports of problems with the spamcop.net RBL >>>>returning false positives on Feb 2? I had some email sent from >>>>mail.magnet.fsu.edu to an internal magnet.fsu.edu address that got >>>>tagged as spam by spamcop. I checked their website and we are not >>>>listed in their database. >>> >>> >>>Any chance you got reported to spamcop and wound up listed by them for a >>>short period of time? >>> >>>Given the latest trend in spam, zombies that use the proper relay, it's >>>going to be common for spamcop to wind up with short-lived listings >>>for the >>>legitimate mailservers of ISPs. At least, until the spamcop guys clean >>>things up in their reporting engine, which they may have already done. SNIP Yep and Yup! I quit on SpamCop due to too many false positives of important mail, but it was still being delivered due to SpamAssassin scoring rather than RBL in MailScanner. It will cost you in processor cycles by a bit, though. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. http://www.sng.ecs.soton.ac.uk/mailscanner/ Configuration by Glenn Parsons dnsadmin-at-1bigthink.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From PHachey at CITY.CORNWALL.ON.CA Thu Feb 3 16:41:10 2005 From: PHachey at CITY.CORNWALL.ON.CA (Philip Hachey) Date: Thu Jan 12 21:28:24 2006 Subject: SURBL / URIBL not triggered in SA Message-ID: Attached is the debug from a message containing the URL that should be blocked. Please note that the line "debug: URIDNSBL: domains to query:" contains no domains so it's as though the plugin's parsing isn't working. I realize that this is a SpamAssassin problem, not MailScanner, but perhaps someone here has run into this before and has a solution? Thank you. Matt Kettler Sent by: MailScanner mailing list 2005-02-02 19:32 Please respond to MailScanner mailing list To: MAILSCANNER@JISCMAIL.AC.UK cc: Subject: Re: SURBL / URIBL not triggered in SA At 07:10 PM 2/2/2005, Philip Hachey wrote: >Hi. I've done quite a bit of searching on this, including in the archives >for this mail list and while I've seen numerous mentions, I have yet to >find a solution. > >All of the DNS RBL checks in both MailScanner and SpamAssassin get >triggered when appropriate, but the only "URI" that gets triggered is the >"URI_REDIRECT". There is no SURBL even when I send an email through >containing in the body of the message: > >http://surbl-org-permanent-test-point.com-MUNGED/ >(without the -MUNGED) > >I am using MailScanner 4.38.9 and SpamAssassin 3.0.2 Have you tried debugging it by going straight to the SA command line interface and see if that gets it? First, give sa's lint a whirl and see if there are any complaints (it should run quiet with no output) spamassassin --lint Grab SA's test message, or any other message with complete headers, and edit it to have the URL in it, and run it through spamassassin's test mode: spamassassin -t Thanks to Julian and several others who replied to this subject earlier in the week. (It may be teaching Grandmothers to suck eggs - that is still legal in the UK- but for newbies and more timid users, like me, it may be useful). The problem was allowing 4 staff to accept email from 60 off campus addresses without being spam checked. I could have added a line for each combination but that would have been hard to maintain - 4*60 = 240 lines at the moment! The solution below means only two lists need amending should more staff or students need adding or the in-decipherable email address on the hand written list given to me need correcting . A stop and restart of mailscanner was necessary. In MaiLScanner.conf Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules In %rules-dir%/spam.whitelist.rules # This is where you can build a Spam WhiteList # Addresses matching in here, with the value # "yes" will never be marked as spam. # Next line is wrapped over two lines in the email but one # in the real file To: /etc/MailScanner/lists/harperstaff and From: /etc/MailScanner/lists/offcampuslist yes FromOrTo: default no In /etc/MailScanner/lists/harperstaff I have 1 address per line harperusera@mydomain harperuserb@mydomain harperuserc@mydomain harperuserd@mydomain in /etc/MailScanner/lists/offcampuslist I have 1 addess per line OffcampususerA@domain1 OffcampususerB@domain1 OffcampususerC@domain2 OffcampususerD@domain123 ...etc I have tried this using a Yahoo account and my harper account as a test and it works fine. Mailwatch shows whitelisted emails in a lovely shade of green.(-; Thanks to Julian et al for a great package By the way got the book and I am finding it useful. Regards Howard Robinson (Senior Technical Development Officer) Harper Adams University College Edgmond Newport Shropshire TF10 8NB UK E-mail: hrobinson@harper-adams.ac.uk Tel. : +44(0)1952 820280 Via switchboard : +44(0)1952 815253 Direct line Fax. : +44(0)1952 814783 College Web site http://www.harper-adams.ac.uk ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ivessm at softecusa.com Thu Feb 3 16:53:58 2005 From: ivessm at softecusa.com (Stewart M. Ives) Date: Thu Jan 12 21:28:25 2006 Subject: Matching domain to sender. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] David certainly points out a lot of details that many times get overlooked in our ever desire to stop spam at the front door and not let it even cross the door frame and get inside. You might want to start reading up on milter applications. milter-ahead and it's big brother milter-send are excellent programs that function "out in front" of everything else and stop the mail from crossing the door frame and getting inside. They also do a good job of wittling down the amount of spam you recieve over time. I have not implemented any of this but am considering it based on the ever increasing amount of spam we are receiving on a daily basis. Let us know what you find. Do a google on "milter" - short for mail filter. Good luck. I also am not a super human guru but please don't tell my wife that. stew ---------- Original Message ----------- From: David Lee To: MAILSCANNER@JISCMAIL.AC.UK Sent: Wed, 2 Feb 2005 15:12:21 +0000 Subject: Re: Matching domain to sender. > On Wed, 2 Feb 2005, David Curtis wrote: > > > I have not seen this setting and thing that it might prevent a ton of > > spam. I may be wrong. Just your normal System Adin...no super human > > traits. > > > > Can you run some rule to check the senders ip and or domain name and > > match that to the mail from address? > > > > Thanks for any comments. > > It may not be as straightforward as it seems on the surface. > > Who is the "sender", what is the domain name? > > Example: let's imagine a legitimate mail list to which you and I > might both belong. I, "me@mydom.com", send a message to it, > "list@listdom.com", hosted on machines at an ISP/university/etc. > "ISP.com". You receive this mail. But who has been the "sender" > from your perspective? > > o The visible "From:" contains my "mydom.com": but that is several > steps away from the transaction at your site; > o The SMTP machine (probably the list expander) pushing it to you is > "something.ISP.com", which bears no direct relation to me (email > originator) as "sender"; > o The envelope "From" contains "owner-list@listdom.com", which doesn't > directly trace back to the "ISP.com" DNS names and addresses; > o The visible "To:" contains "listdom.com" (which, as a text string, > bears no direct relation to your site). > > So your "check the senders ip and or domain name and match that to > the mail from address" becomes non-trivial. > > Note that an emerging technology, SPF, is designed to help to > address the email forgery aspects of the problem if, and as, it > gains wider acceptance and use. Indeed, SpamAssassin 3.x is > beginning to take account of it. By its very nature, it needs time > to ramp up. (It has a few "no pain, no gain" implications, but > that's part of life in these spam-riddled days, and no-one has yet > come up with a better, and even more widely acceptable, compromise.) > > Hope taht helps. > > -- > > : David Lee I.T. Service : > : Senior Systems Programmer Computer Centre : > : University of Durham : > : http://www.dur.ac.uk/t.d.lee/ South Road : > : Durham : > : Phone: +44 191 334 2752 U.K. : > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------- End of Original Message ------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Feb 3 17:10:00 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:25 2006 Subject: SURBL / URIBL not triggered in SA Message-ID: At 11:41 AM 2/3/2005, Philip Hachey wrote: > debug from a message containing the URL that should be >blocked. Please note that the line "debug: URIDNSBL: domains to query:" >contains no domains so it's as though the plugin's parsing isn't working. It is probably not working because your test message technically has no body. The headers end with a blank line and you don't have one. Try adding the required blank line after the last header and before the body text. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Thu Feb 3 17:24:18 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:28:25 2006 Subject: SURBL / URIBL not triggered in SA Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kettler wrote: > At 11:41 AM 2/3/2005, Philip Hachey wrote: > >> debug from a message containing the URL that should be >> blocked. Please note that the line "debug: URIDNSBL: domains to query:" >> contains no domains so it's as though the plugin's parsing isn't working. > > > It is probably not working because your test message technically has no > body. The headers end with a blank line and you don't have one. > > Try adding the required blank line after the last header and before the > body text. > I was facing the same problem a couple of months back. You could try doing this.. cd /usr/share/spamassassin/ ln -s /etc/mail/spamassassin/init.pre . service MailScanner restart If required replace /usr/share/spamassassin/ in the first command with the value of 'SpamAssassin Local Rules Dir' OR 'SpamAssassin Default Rules Dir' from MailScanner.conf - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From PHachey at CITY.CORNWALL.ON.CA Thu Feb 3 17:46:51 2005 From: PHachey at CITY.CORNWALL.ON.CA (Philip Hachey) Date: Thu Jan 12 21:28:25 2006 Subject: SURBL / URIBL not triggered in SA Message-ID: Great!.. that worked, thanks. A manual execution of spamassassin now trips URIBL_SC_SURBL for that test message. Unfortunately, however, when I send another test message containing the same URL from my yahoo account through MailScanner, it's still not being triggered. I just get this: "not spam, SpamAssassin (score=-1.647, required 3, autolearn=not spam, AWL 0.95, BAYES_00 -2.60)" The URIBL rules never appear in my spam log either for any incoming message. (though both the SpamAssassin and the MailScanner standard RBL checks appear everywhere). Anyway, that's narrowed it down somewhat. It would seem that it has something to do with the way MailScanner calls SpamAssassin -- different option or using config files that I don't expect. Matt Kettler Sent by: MailScanner mailing list 2005-02-03 12:10 Please respond to MailScanner mailing list To: MAILSCANNER@JISCMAIL.AC.UK cc: Subject: Re: SURBL / URIBL not triggered in SA At 11:41 AM 2/3/2005, Philip Hachey wrote: > debug from a message containing the URL that should be >blocked. Please note that the line "debug: URIDNSBL: domains to query:" >contains no domains so it's as though the plugin's parsing isn't working. It is probably not working because your test message technically has no body. The headers end with a blank line and you don't have one. Try adding the required blank line after the last header and before the body text. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jim at SASHBOX.NET Thu Feb 3 17:44:29 2005 From: jim at SASHBOX.NET (Jim Barry) Date: Thu Jan 12 21:28:25 2006 Subject: Munged spam report (revisited) Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Here is a perfect example of what I was trying to explain in the previous post: These are cut/pasted from the raw text of the email, so it is all intact: Notice the header includes the Bayes rule hit, spam report in the body of the message does not mention bayes, but lists the 'bayes' score after the Razor rule hit. I believe the razor 'cf' factor is supposed to be listed there, not a bayes 'score' value. (mail 1 MS HEADER) X-Sashbox-MailScanner-SpamCheck: spam, SpamAssassin (score=5.252, required 5, BAYES_40 -1.10, DCC_CHECK 1.55, DIGEST_MULTIPLE 0.10, RAZOR2_CF_RANGE_51_100 1.75, RAZOR2_CHECK 1.75, SPF_HELO_SOFTFAIL 1.20) (mail 1 text REPORT) pts rule name description ---- ---------------------- -------------------------------------------------- 1.2 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record (softfail) [SPF failed: Please see http://spf.pobox.com/why.html?sender=host4u.net&ip=209.150.128.153&receiver=kudzu.sashbox.net] 1.8 RAZOR2_CF_RANGE_51_100 BODY: Razor2 gives confidence level above 50 [score: 0.3415] 1.6 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/) 1.8 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) 0.1 DIGEST_MULTIPLE Message hits more than one network digest check *** And in the following email, the problem was reversed: The razor 'cf' factor was listed in the report under the Bayes rule hit, and the Razor score rule RAZOR2_CF_RANGE_51_100 was completely left off the report. (mail 2 MS HEADER) X-Sashbox-MailScanner-SpamCheck: spam, SpamAssassin (score=8.706, required 5, BAYES_60 1.20, FB_PRESSHERE 0.25, HTML_10_20 0.25, HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.18, RAZOR2_CF_RANGE_51_100 1.75, RAZOR2_CHECK 1.75, SARE_HTML_HTML_QUOT 1.67, SARE_RECV_IP_218080 1.67) (mail 2 text REPORT) pts rule name description ---- ---------------------- -----------------------------------------------= --- 1.7 SARE_RECV_IP_218080 Spam passed through possible spammer relay 0.2 FB_PRESSHERE BODY: FB_PRESSHERE 0.2 HTML_10_20 BODY: Message is 10 HTML 0.0 HTML_MESSAGE BODY: HTML included in message 1.2 BAYES_60 BODY: Bayesian spam probability is 60 to 80 [cf: 90] 0.2 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 1.7 SARE_HTML_HTML_QUOT FULL: Message body has very strange HTML sequen= ce 1.8 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From PHachey at CITY.CORNWALL.ON.CA Thu Feb 3 17:52:54 2005 From: PHachey at CITY.CORNWALL.ON.CA (Philip Hachey) Date: Thu Jan 12 21:28:25 2006 Subject: SURBL / URIBL not triggered in SA Message-ID: AWESOME! Creating a link to init.pre in /usr/share/spamassassin has done the trick. Do you suppose this means that MailScanner does not tell SA to look in /etc/mail/spamassassin by default? Thank you! Dhawal Doshy Sent by: MailScanner mailing list 2005-02-03 12:24 Please respond to MailScanner mailing list To: MAILSCANNER@JISCMAIL.AC.UK cc: Subject: Re: SURBL / URIBL not triggered in SA Matt Kettler wrote: > At 11:41 AM 2/3/2005, Philip Hachey wrote: > >> debug from a message containing the URL that should be >> blocked. Please note that the line "debug: URIDNSBL: domains to query:" >> contains no domains so it's as though the plugin's parsing isn't working. > > > It is probably not working because your test message technically has no > body. The headers end with a blank line and you don't have one. > > Try adding the required blank line after the last header and before the > body text. > I was facing the same problem a couple of months back. You could try doing this.. cd /usr/share/spamassassin/ ln -s /etc/mail/spamassassin/init.pre . service MailScanner restart If required replace /usr/share/spamassassin/ in the first command with the value of 'SpamAssassin Local Rules Dir' OR 'SpamAssassin Default Rules Dir' from MailScanner.conf - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Feb 3 17:54:17 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:25 2006 Subject: SURBL / URIBL not triggered in SA Message-ID: Philip to emulate MS's call of SA spamassassin -p /spam.assassin.prefs.conf where path-to is usually /opt/MailScanner/etc or /etc/MailScanner If you want to find out a particular mesg is run then edit MailScanner.conf, change both Debug options to yes, stop MS, and then run checkmailscanner. It will run a single batch through with all the debug info, so make sure an good test mesg is included in the inbound queue. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Philip Hachey wrote: > Great!.. that worked, thanks. A manual execution of spamassassin now > trips URIBL_SC_SURBL for that test message. Unfortunately, however, when > I send another test message containing the same URL from my yahoo account > through MailScanner, it's still not being triggered. I just get this: > > "not spam, SpamAssassin (score=-1.647, required 3, autolearn=not spam, AWL > 0.95, BAYES_00 -2.60)" > > The URIBL rules never appear in my spam log either for any incoming > message. (though both the SpamAssassin and the MailScanner standard RBL > checks appear everywhere). > > Anyway, that's narrowed it down somewhat. It would seem that it has > something to do with the way MailScanner calls SpamAssassin -- different > option or using config files that I don't expect. > > > > > > Matt Kettler > Sent by: MailScanner mailing list > 2005-02-03 12:10 > Please respond to MailScanner mailing list > > > To: MAILSCANNER@JISCMAIL.AC.UK > cc: > Subject: Re: SURBL / URIBL not triggered in SA > > > At 11:41 AM 2/3/2005, Philip Hachey wrote: > >> debug from a message containing the URL that should be >>blocked. Please note that the line "debug: URIDNSBL: domains to query:" >>contains no domains so it's as though the plugin's parsing isn't working. > > > It is probably not working because your test message technically has no > body. The headers end with a blank line and you don't have one. > > Try adding the required blank line after the last header and before the > body text. ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jim at SASHBOX.NET Thu Feb 3 18:06:57 2005 From: jim at SASHBOX.NET (Jim Barry) Date: Thu Jan 12 21:28:25 2006 Subject: Munged spam report (revisited) Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Just got another one... It looks like the corrupted reports occur only when both a Razor confidence factor and a Bayes score hit on the same email. Is this just me? X-Sashbox-MailScanner-SpamCheck: spam, SpamAssassin (score=8, required 5, BAYES_50 0.40, DBL_12_LETTER_FLDR 0.20, RAZOR2_CF_RANGE_51_100 1.75, RAZOR2_CHECK 1.75, RCVD_IN_BL_SPAMCOP_NET 3.90) pts rule name description ---- ---------------------- -----------------------------------------------= --- 0.4 BAYES_50 BODY: Bayesian spam probability is 40 to 60 [cf: 100] 1.8 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) 3.9 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [Blocked - see ] 0.2 DBL_12_LETTER_FLDR DBL_12_LETTER_FLDR ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Thu Feb 3 18:26:52 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:28:25 2006 Subject: High CPU load, RCPT TO: Message-ID: Hi there, the method to block or stop mails to unknown recipients seems to be fine. But the last day i just made tail -f on my maillog, and noticed, that someone is sending a lot mails to postmaster within seconds. So, the accout postmaster is existing, but it seems to me that this person tried to get my maschine into its knees.. is there a way to block someone sending a lot of mails within a few seconds automaticaly? As these mails where no spam, just mails with some weird content, vispan did not work, as these mails where not tagged as spam. So i am wondering if there is a way to have a script looking into the logfile, and if one ip is sending max-mails within x seconds, add this ip to he access-file as blocked.. Any ideas would be great Thanks Marcel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Thu Feb 3 18:35:42 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:28:25 2006 Subject: High CPU load, RCPT TO: Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Marcel Blenkers wrote: >Hi there, > >the method to block or stop mails to unknown recipients seems to be fine. >But the last day i just made tail -f on my maillog, and noticed, that >someone is sending a lot mails to postmaster within seconds. > >So, the accout postmaster is existing, but it seems to me that this person >tried to get my maschine into its knees.. > >is there a way to block someone sending a lot of mails within a few >seconds automaticaly? > >As these mails where no spam, just mails with some weird content, vispan >did not work, as these mails where not tagged as spam. > >So i am wondering if there is a way to have a script looking into the >logfile, and if one ip is sending max-mails within x seconds, add this ip >to he access-file as blocked.. > > > Marcel, MailScanner offers IPBlock in CustomConfig.pm. It does pretty much what you want (as long as you use sendmail). I have been using it here for almost a year with success. Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From mike at CAMAROSS.NET Thu Feb 3 18:35:22 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:28:25 2006 Subject: High CPU load, RCPT TO: Message-ID: Marcel Blenkers wrote: > Hi there, > > the method to block or stop mails to unknown recipients seems to be > fine. > But the last day i just made tail -f on my maillog, and noticed, that > someone is sending a lot mails to postmaster within seconds. > > So, the accout postmaster is existing, but it seems to me that this > person tried to get my maschine into its knees.. > > is there a way to block someone sending a lot of mails within a few > seconds automaticaly? > > As these mails where no spam, just mails with some weird content, > vispan did not work, as these mails where not tagged as spam. > > So i am wondering if there is a way to have a script looking into the > logfile, and if one ip is sending max-mails within x seconds, add > this ip to he access-file as blocked.. > > Any ideas would be great > > Thanks > > Marcel > I use this in my sendmail.mc define(`confBAD_RCPT_THROTTLE',`1')dnl Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Thu Feb 3 18:42:25 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:28:25 2006 Subject: High CPU load, RCPT TO: Message-ID: Marcel Blenkers wrote: > Hi there, > > the method to block or stop mails to unknown recipients seems to be > fine. > But the last day i just made tail -f on my maillog, and noticed, that > someone is sending a lot mails to postmaster within seconds. > > So, the accout postmaster is existing, but it seems to me that this > person tried to get my maschine into its knees.. > > is there a way to block someone sending a lot of mails within a few > seconds automaticaly? > > As these mails where no spam, just mails with some weird content, > vispan did not work, as these mails where not tagged as spam. > > So i am wondering if there is a way to have a script looking into the > logfile, and if one ip is sending max-mails within x seconds, add > this ip to he access-file as blocked.. > > Any ideas would be great > > Thanks > > Marcel You might also tinker with the ConnectionRateThrottle parameter Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Thu Feb 3 18:48:59 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:28:25 2006 Subject: SURBL / URIBL not triggered in SA Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Philip Hachey wrote: >AWESOME! > >Creating a link to init.pre in /usr/share/spamassassin has done the trick. > >Do you suppose this means that MailScanner does not tell SA to look in >/etc/mail/spamassassin by default? > >Thank you! > > > Don't you have the following setup: # The site rules are searched for here. # Normal location on most systems is /etc/mail/spamassassin. SpamAssassin Site Rules Dir = /etc/mail/spamassassin Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From PHachey at CITY.CORNWALL.ON.CA Thu Feb 3 18:58:54 2005 From: PHachey at CITY.CORNWALL.ON.CA (Philip Hachey) Date: Thu Jan 12 21:28:25 2006 Subject: SURBL / URIBL not triggered in SA Message-ID: Yes. At one point, I even tried setting the Default Rules Dir to that as well, but no luck. Creating the link to init.pre does work, however. It *is* a bit weird. Denis Beauchemin Sent by: MailScanner mailing list 2005-02-03 13:48 Please respond to MailScanner mailing list To: MAILSCANNER@JISCMAIL.AC.UK cc: Subject: Re: SURBL / URIBL not triggered in SA Philip Hachey wrote: >AWESOME! > >Creating a link to init.pre in /usr/share/spamassassin has done the trick. > >Do you suppose this means that MailScanner does not tell SA to look in >/etc/mail/spamassassin by default? > >Thank you! > > > Don't you have the following setup: # The site rules are searched for here. # Normal location on most systems is /etc/mail/spamassassin. SpamAssassin Site Rules Dir = /etc/mail/spamassassin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joshua.hirsh at PARTNERSOLUTIONS.CA Thu Feb 3 18:59:51 2005 From: joshua.hirsh at PARTNERSOLUTIONS.CA (Hirsh, Joshua) Date: Thu Jan 12 21:28:25 2006 Subject: autolearn , spam Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > I just wonder what is wrong with my SA config? Does not score > the below email as Spam. What is the autolearn=disabled mean? Bayes? > > not spam, SpamAssassin (score=1.318, required 4.9, autolearn=disabled, > RAZOR2_CHECK 0.15, URIBL_SBL 0.63, URIBL_WS_SURBL 0.54)" > > Thanks, > > Magda Funny... it marked it as spam for me: score=5.36, required 5, BAYES_00 -2.60, BIZ_TLD 2.29, URIBL_OB_SURBL 3.21, URIBL_SBL 1.00, URIBL_WS_SURBL 1.46 Which version of SpamAssassin are you running? If you don't use bayes or you have "bayes_auto_learn 1" set, autolearn will show as disabled. Regards, -Joshua ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MHewryk at SYMCOR.COM Thu Feb 3 19:28:16 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:25 2006 Subject: autolearn , spam URIBL_OB_SURBL Message-ID: I don't use bayes, maybe this is why. SA - 3.0.2 How do I check bayes DB? How do I refresh bayes? How do I make sure bayes is autolearning? How can I maintain byes? Not maintain bayes gets crazy results... I had bayes turned on for some time and it was a disaster, all spams had BAYES with the minus score. I can see that yours has a minus value too: BAYES_00 -2.60!!!!!!! This is wrong, right? I like yours: URIBL_OB_SURBL 3.21. What is this? How can I set it up? If I has it turn on it might help with all the Spam coming through our mail gateway systems. Thanks, Magda Hewryk -------------------------------- Mid-Range Systems 905-273-1637 (Office) 416-554-0743 (Cell) "Hirsh, Joshua" To Sent by: MAILSCANNER@JISCMAIL.AC.UK MailScanner cc mailing list Re: autolearn , spam 02/03/2005 01:59 PM Please respond to MailScanner mailing list > I just wonder what is wrong with my SA config? Does not score > the below email as Spam. What is the autolearn=disabled mean? Bayes? > > not spam, SpamAssassin (score=1.318, required 4.9, autolearn=disabled, > RAZOR2_CHECK 0.15, URIBL_SBL 0.63, URIBL_WS_SURBL 0.54)" > > Thanks, > > Magda Funny... it marked it as spam for me: score=5.36, required 5, BAYES_00 -2.60, BIZ_TLD 2.29, URIBL_OB_SURBL 3.21, URIBL_SBL 1.00, URIBL_WS_SURBL 1.46 Which version of SpamAssassin are you running? If you don't use bayes or you have "bayes_auto_learn 1" set, autolearn will show as disabled. Regards, -Joshua ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From billy at PLANETGEEK.BIZ Thu Feb 3 19:34:13 2005 From: billy at PLANETGEEK.BIZ (Billy Pumphrey) Date: Thu Jan 12 21:28:25 2006 Subject: OT Taking care of mail errors and dnsreport.com Message-ID: > > # Person who should get root's mail > > root: administrator@woodmaclaw.com > > I don't have this. What I did was in root's home dir (/root) > I created a file called .forward and put in the following: > > postmaster@ci.juneau.ak.us > > You might want to add postmaster@woodmaclaw.com as a 2nd > email address for Administrator in Exchange, so that the > Exchange server accepts that, or conversely, put > administrator@woodmaclaw.com in your .forward file. Or both > just to be safe. > > Might all be much of a muchness, but I know using a forward > file works. I do not have a user called postmaster. Since I could not find the simple command to show the list of users, I looked in /home and /etc/passwd to see if there exist a postmaster account. Does this account have to exists? Common sense would tell me so. I did create a postmaster@woodmaclaw.com address on the exchange server (and told it to forward to my account which is besides the point) and that is the one that delivered your message to me. I am going to take a .forward file and use it for my bpumphrey on the mailscanner machine its self and forward to bpumphrey@woodmaclaw.com. If I telnet into mailscanner, check my mail for bpumphrey on mailscanner the mail is sent to bpumphrey@mailscanner.woodmaclaw.local. I suppose that this is correct and good practice? > > > ---------- In my mailertable I have this.... > > woodmaclaw.com esmtp:[10.1.1.2] > > www.woodmaclaw.com esmtp:[10.1.1.2] > > That looks fine (assuming that someone actually sends to > someone@www.woodmaclaw.com - I'd expect www to refer to a > machine in the woodmaclaw.com domain rather than a mail > domain but there's nothing that says it can't be both). I > also assume that 10.1.1.2 *isn't* the IP address of > mail.woodmaclaw.com, but is instead the internal address of > the machine to forward to. 10.1.1.2 is the exchange server that mailscanner forwards mail to. > Did you create the mailertable.db? You have to run the > following command whenever you change a file like access, or > mailertable: > > makemap hash /etc/mail/mailertable < /etc/mail/mailertable > makemap hash /etc/mail/access < /etc/mail/access > > If you don't do that, sendmail will never use the changes. > In my circumstances, the mailertable, access table, etc. are > pretty humble, but an ISP that is hosting hundreds or more > domains might have a huge table so sendmail wants to create a > db out of it for better performance. The makemap command > builds the database. Yes I ran the makemap command. No one sends to user@www.woodmaclaw.com. It was recommended by someone in the list when I was setting the machine up and was getting help to put both in there. > > Also, make sure you use tabs, not spaces between the domain > name and emspt... > > > ---------- In my relay-domains I have this.... > > Woodmaclaw.com > > www.woodmaclaw.com > > That looks fine. Or at least it looks similar to mine. This > file doesn't need to be hashed like the mailertable or the > access table. > > And, in your sendmail.cf you should have the following (I'm > assuming you have an access table - can't recall if you > mentioned it or not): I do have an access table > > FEATURE(`mailertable')dnl > FEATURE(`access_db')dnl > dnl These mailers are available. per default only smtp is > used. You have dnl to add entries to /etc/mail/mailertable > to enable one of the other dnl mailers. > MAILER(`local')dnl > MAILER(`smtp')dnl > > If you change your sendmail.cf you'll have to regenerate your > /etc/sendmail.conf > I searhced my sendmail.cf for the text of "dnl" and it did not find any. I did it by using vi and "/" as the command. I found mailertable and access.db in there several times, but it seems like we have different versions. > > > I am confused about naming the mailscanner.woodmaclaw.local to > > mailscanner.woodmaclaw.com. Do I need to do this even though the > > computer is in my local domain? > > I think this is actually OK - it needs to be .com on the > outside, but can be .local on the inside. I was a bit > befuddled yesterday by your description. > I think I sorted it out in my mind. I did go ahead and change it to mailscanner.woodmaclaw.com > > > > Seems like you have a similar setup as me? I have... > > --- path of mail ---- > > Internet > > My csu/dsu 68.xxx.xxx.xxx > > My router (linux smoothwall distro) > > My mailscanner machine (mailscanner.woodmaclaw.local) My MS > Exchange > > machine (woodendc.woodmaclaw.local) > I am sorry about the above line with MS exchange, since there was no caracter return that might have been confusing. > Does the Exchange server accept mail for > someone@woodmaclaw.com? It will need to do that of course. Yes, mail is in the format of someone@woodmaclaw.com From ds at CARIBENET.COM Thu Feb 3 19:36:21 2005 From: ds at CARIBENET.COM (Dirk Enrique Seiffert) Date: Thu Jan 12 21:28:25 2006 Subject: High CPU load, RCPT TO: (solved) Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Oh yes, and one more thing.. you might want to add this to your > sendmail.mc: #after 15 invalid recpipients, start slowing them down with > #1 second sleeps > define(`confBAD_RCPT_THROTTLE',15) > > Then rebuild your sendmail.cf and do a service MailScanner restart. This indeed solved: The rumplekill script alone did not do the job. Though it showes an average of 60 rumple-attacks a day! Thanks a lot for your help!! Best wishes -- Dirk Enrique Seiffert CaribeNet S.A. - Cartagena - Colombia www.caribenet.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craig at WESTPRESS.COM Thu Feb 3 19:40:04 2005 From: craig at WESTPRESS.COM (Craig Daters) Date: Thu Jan 12 21:28:25 2006 Subject: Buy the book! Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] First of all, I want to say thank you Julian. I just received your book today, and I am a happy camper. I had already printed out and coil bound Steve Swaney's version 1.0.1 Admin Guide (btw, thank you Steve for your work on that too.) But all of the updated info, and new info all in one book is great, and well worth having. I really liked the appendix too, definately got me to chuckling. Is that reproducible? I have to give a presentation to my company regarding our network, and how it works, and that would be great to include :) I wanted to ask you though Julian, (and if you would prefer to contact me off list, that would be fine.) My company is a commercial printshop that prides itself on being leading edge. We are not the cheapest in our industry, but we stand behind our services and we're not afraid to explore new technologies. We are very immersed in digital printing, and variable data printing (every piece of the press is different and personalized.) We even went to Germany to buy a new traditional printing press. I would like to know more about how you are having your book printed. Who you are using, how are you providing files to them, what types of files--that sort of thing, and if they have explained their printing process to you. We currently can duplicate/produce what I am looking at, but I have to think that they maybe have a more streamlined method of producing it.? Is it okay to discuss this with you, or should I just be happy with the book? :) Kind regards, Craig D. -- Craig Daters (craig@westpress.com) Systems Administrator West Press Print Communications 1663 West Grant Road Tucson, Arizona 85705 (520) 624-4939 (520) 624-2715 fax www.westpress.com -- Please note: It is the policy of West Press that all e-mail sent to and from any @westpress.com address may be recorded and monitored. Unless it is West Press related business, please do not send any material of a private, personal, or confidential nature to this or any @westpress.com e-mail address. This message has been scanned for UCE (spam), viruses, and dangerous content, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From billy at PLANETGEEK.BIZ Thu Feb 3 19:44:10 2005 From: billy at PLANETGEEK.BIZ (Billy Pumphrey) Date: Thu Jan 12 21:28:25 2006 Subject: OT Taking care of mail errors and dnsreport.com Message-ID: > -----Original Message----- > From: Kevin Miller [mailto:Kevin_Miller@CI.JUNEAU.AK.US] > Sent: Wednesday, February 02, 2005 2:43 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: OT Taking care of mail errors and dnsreport.com > > Dave Duffner - NWCWEB.com wrote: > > Greetings, > > > > Just as a side note on this thread I've been > watching... The > > last 2 weeks I've had very strange reports from both dnsreports and > > dnsstuff that don't match. dnsreports keeps giving false > errors that > > dnsstuff shows as being OK. > > > > So this may not even be a true error being chased down, may > > want to run tests through other points and see if you get the same > > results! > > I just sent a note off to postmaster@woodmaclaw.com, but then > doublechecked dnsreports. It looks like it's > backup.mywebmailserver.com that's misconfigured, not > mail.woodmaclaw.com. All my original comments apply still, I > think, but the addresses in the mailer-table might be > different depending on his IP layout. > > Dnsreport message: > ------------------- > ERROR: One or more of your mailservers does not accept mail > to postmaster@woodmaclaw.com. Mailservers are required (RFC822 6.3, > RFC1123 5.2.7, and RFC2821 4.5.1) to accept mail to postmaster. > backup.mywebmailserver.com's postmaster response: > ^^^^^^ > >>> RCPT TO: <<< 550 5.7.1 ... we do not > >>> relay <> > ------------------- > > S'later... > > ...Kevin > -- > Kevin Miller Registered Linux User No: 307357 > CBJ MIS Dept. Network Systems Admin., Mail Admin. > 155 South Seward Street ph: (907) 586-0242 > Juneau, Alaska 99801 fax: (907 586-4500 > I did receive your email that you sent to postmaster@woodmaclaw.com. I get confused because of how our web site is being hosted. It is being resaled who knows how many times and I can barely find out the company that actually host it. Mail.woodmaclaw.com is only a A record that points to our IP address. My router then forwards the smtp traffic to the mailscanner.woodmaclaw.com <-- I did change the name to .com. Mailscanner.woodmaclaw.com is a local machine with a local IP address. My exchange server name is woodendc.woodmaclaw.local and of course is a local machine. So mail.woodmaclaw.com is not a machine. The way that the web site is hosted makes me want to change it so that at the least I have charge of the DNS, but yet again I could do without that responsibility. That machine called backup.mywebmailserver.com, I have no clue what that machines function is other than to confuse me :). In other words I don't really know the path of the email from the beginning. You send me an email, goes to ns1.mydnsserver.com, ns1 says goto 68.74.55.130 (my ip address), and then the process starts from where we have talked about. So seems like maybe some of these errors from emails are getting bounced or error "we do not relay" because of backup.mywebmailserver.com? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craig at WESTPRESS.COM Thu Feb 3 19:46:11 2005 From: craig at WESTPRESS.COM (Craig Daters) Date: Thu Jan 12 21:28:25 2006 Subject: Buy the book! Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Craig Daters wrote: > I would like to know more about how you are having your book printed. > Who you are using, how are you providing files to them, what types of > files--that sort of thing, and if they have explained their printing > process to you. We currently can duplicate/produce what I am looking at, > but I have to think that they maybe have a more streamlined method of > producing it.? > > Is it okay to discuss this with you, or should I just be happy with the > book? :) > Well, I guess if I had just read the copyright page, my answer had already been provided...duh! :) -- Craig Daters (craig@westpress.com) Systems Administrator West Press Print Communications 1663 West Grant Road Tucson, Arizona 85705 (520) 624-4939 (520) 624-2715 fax www.westpress.com -- Please note: It is the policy of West Press that all e-mail sent to and from any @westpress.com address may be recorded and monitored. Unless it is West Press related business, please do not send any material of a private, personal, or confidential nature to this or any @westpress.com e-mail address. This message has been scanned for UCE (spam), viruses, and dangerous content, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Thu Feb 3 19:48:06 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:28:25 2006 Subject: High CPU load, RCPT TO: Message-ID: Hi there, > > Marcel, > > MailScanner offers IPBlock in CustomConfig.pm. It does pretty much what > you want (as long as you use sendmail). I have been using it here for > almost a year with success. > ok.. looked at it.. and wonder if i got it right: First, i should create a file called IPBlock.conf within /etc/MailScanner. And in this, i should put the amount of mails, this ip(block) could send within one hour? correct? For example: 127.0.0.1 10000 default 100 then, change the MailScanner.conf with the following: Always Looked Up Last = &IPBlock then restart MailScanner and way you go.. if this is the correct handling, and those entries within ipblock.conf are split with tab, then MailScanner would block those ips, running over those default value for the rest of the hour..correct? Whats your default for maximum mails an hour of one ip? I mean an ip, you do not know.. :) Any advice would be great. Thanks in advance.. Marcel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Thu Feb 3 19:50:14 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:28:25 2006 Subject: OT: combining mbox files Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dhawal Doshy wrote: > Rodney Green wrote: > >> Hello, >> >> I would like to combine quarantined mail files, which are in mbox >> format, to a single file. When I run 'cat * >> newfile' the files are >> combined, but there is no whitespace between each message. I need there >> to be whitespace between each message; whatever is normally required for >> an mbox file containg multiples message. Can anyone offer advise please? >> >> Thanks, >> Rod >> > > Create a list of all you required files, typically 'ls > list_of_files' > if they are all in one place OR use the find command to do it. > > Next do this on the bash (or whatever shell you use) prompt.. > > for i in `cat list_of_files` # note these are backticks and not quotes > do > cat $i >> consolidated_file > echo "" >> consolidated_file > done > > hope it works. > > - dhawal Thank you Dhawal! That worked well. Rod -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joey at JOESMITH.NET Thu Feb 3 19:53:32 2005 From: joey at JOESMITH.NET (Joe Smith) Date: Thu Jan 12 21:28:25 2006 Subject: false positives from spamcop.net? Message-ID: On Thu, 3 Feb 2005, Martin Hepworth wrote: > I find it better to do the RBL's in SA, so if they break/stop etc you > don't end up with a massive blacklist, merely added weight to the SA score. I do that too. How many RBL's does SA lookup by default? I noticed there are quite a number of them, some with rather miniscule scores. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Thu Feb 3 19:59:14 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:28:25 2006 Subject: High CPU load, RCPT TO: Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Marcel Blenkers wrote: >Hi there, > > > >>Marcel, >> >>MailScanner offers IPBlock in CustomConfig.pm. It does pretty much what >>you want (as long as you use sendmail). I have been using it here for >>almost a year with success. >> >> >> >ok.. > >looked at it.. > >and wonder if i got it right: > >First, i should create a file called IPBlock.conf within /etc/MailScanner. >And in this, i should put the amount of mails, this ip(block) could send >within one hour? correct? > >For example: > >127.0.0.1 10000 >default 100 > >then, change the MailScanner.conf with the following: > > Always Looked Up Last = &IPBlock > > >then restart MailScanner and way you go.. > >if this is the correct handling, and those entries within ipblock.conf are >split with tab, then MailScanner would block those ips, running over those >default value for the rest of the hour..correct? > >Whats your default for maximum mails an hour of one ip? >I mean an ip, you do not know.. :) > > > Marcel, I don't think you need to use tabs (spaces will do). My default value is 500 messages/hour but I am thinking about lowering this quite a bit. You need one more thing for it to work: put a job in your cron.hourly directory to clean things up. The script can be found at the end of CustomConfig.pm. If you omit this script you will not permit banned IP addresses to regain the privilege to send you mail. Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From ebruce at HPMICH.COM Thu Feb 3 20:07:39 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:28:25 2006 Subject: High CPU load, RCPT TO: Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Marcel Blenkers wrote: Marcel, > > MailScanner offers IPBlock in CustomConfig.pm. It does pretty much > what you want (as long as you use sendmail). I have been using it > here for almost a year with success. Ok, I've seen a number of answers like this, as long as you use sendmail. Well we're using postfix. Does this not work with postfix? I see that postfix has smtpd_client_connection_rate_limit, but I've got a sneaky suspicion it doesn't do anything when using MailScanner or am I wrong and this does work??? -- Ed Bruce Health Plan of Michigan Senior Programmer Phone: 248.226.1512 FAX: 248.204.6569 -- This message has been scanned for viruses and dangerous content by Secure Resource, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MHewryk at SYMCOR.COM Thu Feb 3 20:11:54 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:25 2006 Subject: SpamAssassin/MS & 25_uribl.cf Message-ID: Hi, How can I make sure that SpamAssassin read/use 25_uribl.cf file? I think if I can make this working for me it will help dramatically to identify Spam correctly. Thanks, Magda ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MHewryk at SYMCOR.COM Thu Feb 3 20:21:56 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:25 2006 Subject: SP scoring Message-ID: Hi, Anybody can answer why option A)is scored so low comparing to option B)? What I'm missing in the SA config that the scoring is so inaccurate? A) not spam, SpamAssassin (score=1.318, required 4.9, autolearn=disabled, > RAZOR2_CHECK 0.15, URIBL_SBL 0.63, URIBL_WS_SURBL 0.54)" vs. B) score=5.36, required 5, BAYES_00 -2.60, BIZ_TLD 2.29, URIBL_OB_SURBL 3.21, URIBL_SBL 1.00, URIBL_WS_SURBL 1.46 Thanks, Magda Hewryk -------------------------------- Mid-Range Systems 905-273-1637 (Office) 416-554-0743 (Cell) "Hirsh, Joshua" To Sent by: MAILSCANNER@JISCMAIL.AC.UK MailScanner cc mailing list Re: autolearn , spam 02/03/2005 01:59 PM Please respond to MailScanner mailing list > I just wonder what is wrong with my SA config? Does not score > the below email as Spam. What is the autolearn=disabled mean? Bayes? > > not spam, SpamAssassin (score=1.318, required 4.9, autolearn=disabled, > RAZOR2_CHECK 0.15, URIBL_SBL 0.63, URIBL_WS_SURBL 0.54)" > > Thanks, > > Magda Funny... it marked it as spam for me: score=5.36, required 5, BAYES_00 -2.60, BIZ_TLD 2.29, URIBL_OB_SURBL 3.21, URIBL_SBL 1.00, URIBL_WS_SURBL 1.46 Which version of SpamAssassin are you running? If you don't use bayes or you have "bayes_auto_learn 1" set, autolearn will show as disabled. Regards, -Joshua ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From TGFurnish at HERFFJONES.COM Thu Feb 3 20:28:31 2005 From: TGFurnish at HERFFJONES.COM (Furnish, Trever G) Date: Thu Jan 12 21:28:25 2006 Subject: SpamAssassin/MS & 25_uribl.cf Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Run the following and look for 25_uribl.cf in the output: spamassassin --lint -D 2>&1 | less (Replace "less" with "more" if you prefer to page through the output with "more".) > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Magda Hewryk > Sent: Thursday, February 03, 2005 3:12 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: SpamAssassin/MS & 25_uribl.cf > > > Hi, > > How can I make sure that SpamAssassin read/use 25_uribl.cf > file? I think if > I can make this working for me it will help dramatically to > identify Spam > correctly. > > > Thanks, > > Magda > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Thu Feb 3 20:24:06 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:28:25 2006 Subject: High CPU load, RCPT TO: Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ed Bruce wrote: > Marcel Blenkers wrote: Marcel, > >> >> MailScanner offers IPBlock in CustomConfig.pm. It does pretty much >> what you want (as long as you use sendmail). I have been using it >> here for almost a year with success. > > > Ok, I've seen a number of answers like this, as long as you use > sendmail. Well we're using postfix. Does this not work with postfix? I > see that postfix has smtpd_client_connection_rate_limit, but I've got a > sneaky suspicion it doesn't do anything when using MailScanner or am I > wrong and this does work??? Ed, I don't know much about postfix... but IPBlock modifies sendmail's access file to block bad IPs. If postfix has a similar mechanism it could easily be modified. Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From drew at THEMARSHALLS.CO.UK Thu Feb 3 20:23:34 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:25 2006 Subject: High CPU load, RCPT TO: Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ed Bruce wrote: > Ok, I've seen a number of answers like this, as long as you use > sendmail. Well we're using postfix. Does this not work with postfix? No > I > see that postfix has smtpd_client_connection_rate_limit, but I've got a > sneaky suspicion it doesn't do anything when using MailScanner or am I > wrong and this does work??? You are wrong and it works well :-) . What you have to remember is that MS sits between Postfix's SMTPd and the rest of the Postfix process, so you can use all of the 'smtpd_' suite of parameters to protect your machine (Including strict RFC821 envelopes etc) and then what ever gets through there MailScanner gets! One of the other things I use to protect against brute force attacks is smtpd_hard_error_limit which I use to lower Postfix's hard error limit. So if there is a single client who issues too many errors they are disconnected after a set number of errors. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MHewryk at SYMCOR.COM Thu Feb 3 20:30:28 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:25 2006 Subject: SA & 50_scores.cf Message-ID: Anybody can send me out the scores for the SPAM below, please. The SPAM wasn't tagged as spam on my system. "not spam, SpamAssassin (score=4.777, required 4.9, autolearn=disabled, DATE_IN_PAST_96_XX 1.08, FORGED_RCVD_HELO 0.05, INFO_TLD 0.48, URIBL_OB_SURBL 2.00, URIBL_SBL 0.63, URIBL_WS_SURBL 0.54)" Thanks, Magda ----- Forwarded by Magdalena Hewryk/TOR/SYM on 02/03/2005 03:25 PM ----- Paula Commodore To 12/01/2004 06:20 cc AM Subject R.olex starting under $199 Original Replica Roleex wrist-watches salee We are offering Real Reproductions Replica R0lex watches for a lowest pricee ! http://ukldhwxmqw.hagimkbkjh.info/?Am66695x1Ebc3AAacJ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Thu Feb 3 20:31:08 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:28:25 2006 Subject: High CPU load, RCPT TO: Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Drew Marshall wrote: > Ed Bruce wrote: > >> Ok, I've seen a number of answers like this, as long as you use >> sendmail. Well we're using postfix. Does this not work with postfix? > > > No Thanks for the info and for answering my negative question :-) -- This message has been scanned for viruses and dangerous content by Secure Resource, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MHewryk at SYMCOR.COM Thu Feb 3 20:34:03 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:25 2006 Subject: SpamAssassin/MS & 25_uribl.cf Message-ID: What is DBI used for? debug: diag: module not installed: DBI ('require' failed) Magda "Furnish, Trever G" MAILSCANNER@JISCMAIL.AC.UK Sent by: cc MailScanner mailing list Subject 02/03/2005 03:28 PM Please respond to MailScanner mailing list Run the following and look for 25_uribl.cf in the output: spamassassin --lint -D 2>&1 | less (Replace "less" with "more" if you prefer to page through the output with "more".) > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Magda Hewryk > Sent: Thursday, February 03, 2005 3:12 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: SpamAssassin/MS & 25_uribl.cf > > > Hi, > > How can I make sure that SpamAssassin read/use 25_uribl.cf > file? I think if > I can make this working for me it will help dramatically to > identify Spam > correctly. > > > Thanks, > > Magda > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Thu Feb 3 20:34:07 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:28:25 2006 Subject: SA & 50_scores.cf Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Magda Hewryk wrote: > > Subject: > SA & 50_scores.cf > From: > Magda Hewryk > Date: > Thu, 3 Feb 2005 15:30:28 -0500 > To: > MAILSCANNER@JISCMAIL.AC.UK > > To: > MAILSCANNER@JISCMAIL.AC.UK > > > Anybody can send me out the scores for the SPAM below, please. The SPAM >wasn't tagged as spam on my system. > >"not spam, SpamAssassin (score=4.777, required 4.9, autolearn=disabled, >DATE_IN_PAST_96_XX 1.08, FORGED_RCVD_HELO 0.05, INFO_TLD 0.48, >URIBL_OB_SURBL 2.00, URIBL_SBL 0.63, URIBL_WS_SURBL 0.54)" >Thanks, > > Détails de l'analyse du message: (18.0 points, 5.0 requis) -0.0 SPF_HELO_PASS SPF: HELO matches SPF record 0.6 J_CHICKENPOX_13 BODY: 1alpha-pock-3alpha 0.6 J_CHICKENPOX_14 BODY: 1alpha-pock-4alpha 2.3 BIZ_TLD URI: Contient une URL dans un domaine en .biz 0.0 BAYES_50 BODY: L'algorithme Bayésien a évalué la probabilité de spam entre 40 et 60% [score: 0.5000] 3.5 URIBL_SBL Contains an URL listed in the SBL blocklist [URIs: hagimkbkjh.info] 4.0 URIBL_JP_SURBL Has URI in JP at http://www.surbl.org/lists.html [URIs: hagimkbkjh.info] 3.0 URIBL_WS_SURBL Contains a URL listed in the WS SURBL blocklist [URIs: hagimkbkjh.info] 4.0 URIBL_OB_SURBL Contains a URL listed in the OB SURBL blocklist [URIs: hagimkbkjh.info] It scores much higher here... your email was detected as spam... Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From TGFurnish at HERFFJONES.COM Thu Feb 3 20:45:51 2005 From: TGFurnish at HERFFJONES.COM (Furnish, Trever G) Date: Thu Jan 12 21:28:25 2006 Subject: SpamAssassin/MS & 25_uribl.cf Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You got that when you ran spamassassin --lint -D? You probably have missing PERL modules then, but that's really just a guess. DBI is a Perl API for accessing databases. It's provided as a set of Perl modules, and it in turn needs other (DBD) modules to talk to specific databases. One of those modules is probably DB_File, which is listed in the requirements for SpamAssassin 3+, so if you don't have that installed, don't expect things to work. If you're on a Redhat system (at least on my RHEL3 system), DBI is packaged as "perl-DBI" by Redhat and DB_File is needed from CPAN. Hope that helps. And hopefully others will correct me if I'm leading you astray... -t. > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Magda Hewryk > Sent: Thursday, February 03, 2005 3:34 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: SpamAssassin/MS & 25_uribl.cf > > > What is DBI used for? > > debug: diag: module not installed: DBI ('require' failed) > > > > Magda > > > > "Furnish, Trever > G" > To > ONES.COM> MAILSCANNER@JISCMAIL.AC.UK > Sent by: > cc > MailScanner > mailing list > Subject > 25_uribl.cf > MAIL.AC.UK> > > > 02/03/2005 03:28 > PM > > > Please respond to > MailScanner > mailing list > MAIL.AC.UK> > > > > > > > Run the following and look for 25_uribl.cf in the output: > spamassassin --lint -D 2>&1 | less > > (Replace "less" with "more" if you prefer to page through the > output with > "more".) > > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > > Behalf Of Magda Hewryk > > Sent: Thursday, February 03, 2005 3:12 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: SpamAssassin/MS & 25_uribl.cf > > > > > > Hi, > > > > How can I make sure that SpamAssassin read/use 25_uribl.cf > > file? I think if > > I can make this working for me it will help dramatically to > > identify Spam > > correctly. > > > > > > Thanks, > > > > Magda > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Thu Feb 3 20:49:15 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:28:25 2006 Subject: Slightly OT: Mutex file Message-ID: Downloaded the bayes start pack from Steve Swaney's site (www.fsl.com - thanks much Steve) and when I unpacked it I noticed a mutex file in there. Is that chaff? Should it be deleted? TIA... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MHewryk at SYMCOR.COM Thu Feb 3 20:49:58 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:25 2006 Subject: SA & 50_scores.cf Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Does anybody have the following points in the 50_scores.cf? Should I make them higher? How can I tune SP to use scores from the second (last column?). It looks like on my system it uses the numbers from the first column. # URIDNSBL ifplugin Mail::SpamAssassin::Plugin::URIDNSBL score URIBL_AB_SURBL 0 2.007 0 0.417 score URIBL_OB_SURBL 0 1.996 0 3.213 score URIBL_PH_SURBL 0 0.839 0 2.000 score URIBL_SBL 0 0.629 0 0.996 score URIBL_SC_SURBL 0 3.897 0 4.263 score URIBL_WS_SURBL 0 0.539 0 1.462 endif # Mail::SpamAssassin::Plugin::URIDNSBL Thanks, Magda Denis Beauchemin To Sent by: MAILSCANNER@JISCMAIL.AC.UK MailScanner cc mailing list Re: SA & 50_scores.cf 02/03/2005 03:34 PM Please respond to MailScanner mailing list Magda Hewryk wrote: > > Subject: > SA & 50_scores.cf > From: > Magda Hewryk > Date: > Thu, 3 Feb 2005 15:30:28 -0500 > To: > MAILSCANNER@JISCMAIL.AC.UK > > To: > MAILSCANNER@JISCMAIL.AC.UK > > > Anybody can send me out the scores for the SPAM below, please. The SPAM >wasn't tagged as spam on my system. > >"not spam, SpamAssassin (score=4.777, required 4.9, autolearn=disabled, >DATE_IN_PAST_96_XX 1.08, FORGED_RCVD_HELO 0.05, INFO_TLD 0.48, >URIBL_OB_SURBL 2.00, URIBL_SBL 0.63, URIBL_WS_SURBL 0.54)" >Thanks, > > Détails de l'analyse du message: (18.0 points, 5.0 requis) -0.0 SPF_HELO_PASS SPF: HELO matches SPF record 0.6 J_CHICKENPOX_13 BODY: 1alpha-pock-3alpha 0.6 J_CHICKENPOX_14 BODY: 1alpha-pock-4alpha 2.3 BIZ_TLD URI: Contient une URL dans un domaine en .biz 0.0 BAYES_50 BODY: L'algorithme Bayésien a évalué la probabilité de spam entre 40 et 60% [score: 0.5000] 3.5 URIBL_SBL Contains an URL listed in the SBL blocklist [URIs: hagimkbkjh.info] 4.0 URIBL_JP_SURBL Has URI in JP at http://www.surbl.org/lists.html [URIs: hagimkbkjh.info] 3.0 URIBL_WS_SURBL Contains a URL listed in the WS SURBL blocklist [URIs: hagimkbkjh.info] 4.0 URIBL_OB_SURBL Contains a URL listed in the OB SURBL blocklist [URIs: hagimkbkjh.info] It scores much higher here... your email was detected as spam... Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MHewryk at SYMCOR.COM Thu Feb 3 20:52:22 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:25 2006 Subject: SpamAssassin/MS & 25_uribl.cf Message-ID: I haveb DB_File and other modues as listed below. I'm going to install DBI via cpan. Thanks! debug: diag: module not installed: DBI ('require' failed) debug: diag: module installed: DB_File, version 1.808 debug: diag: module installed: Digest::SHA1, version 2.07 debug: diag: module installed: IO::Socket::UNIX, version 1.21 debug: diag: module installed: MIME::Base64, version 2.21 debug: diag: module installed: Net::DNS, version 0.45 debug: diag: module not installed: Net::LDAP ('require' failed) debug: diag: module installed: Razor2::Client::Agent, version 2.40 debug: diag: module installed: Storable, version 2.09 debug: diag: module installed: URI, version 1.30 Thanks, Magda "Furnish, Trever G" MAILSCANNER@JISCMAIL.AC.UK Sent by: cc MailScanner mailing list Subject 02/03/2005 03:45 PM Please respond to MailScanner mailing list You got that when you ran spamassassin --lint -D? You probably have missing PERL modules then, but that's really just a guess. DBI is a Perl API for accessing databases. It's provided as a set of Perl modules, and it in turn needs other (DBD) modules to talk to specific databases. One of those modules is probably DB_File, which is listed in the requirements for SpamAssassin 3+, so if you don't have that installed, don't expect things to work. If you're on a Redhat system (at least on my RHEL3 system), DBI is packaged as "perl-DBI" by Redhat and DB_File is needed from CPAN. Hope that helps. And hopefully others will correct me if I'm leading you astray... -t. > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Magda Hewryk > Sent: Thursday, February 03, 2005 3:34 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: SpamAssassin/MS & 25_uribl.cf > > > What is DBI used for? > > debug: diag: module not installed: DBI ('require' failed) > > > > Magda > > > > "Furnish, Trever > G" > To > ONES.COM> MAILSCANNER@JISCMAIL.AC.UK > Sent by: > cc > MailScanner > mailing list > Subject > 25_uribl.cf > MAIL.AC.UK> > > > 02/03/2005 03:28 > PM > > > Please respond to > MailScanner > mailing list > MAIL.AC.UK> > > > > > > > Run the following and look for 25_uribl.cf in the output: > spamassassin --lint -D 2>&1 | less > > (Replace "less" with "more" if you prefer to page through the > output with > "more".) > > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > > Behalf Of Magda Hewryk > > Sent: Thursday, February 03, 2005 3:12 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: SpamAssassin/MS & 25_uribl.cf > > > > > > Hi, > > > > How can I make sure that SpamAssassin read/use 25_uribl.cf > > file? I think if > > I can make this working for me it will help dramatically to > > identify Spam > > correctly. > > > > > > Thanks, > > > > Magda > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Thu Feb 3 21:00:53 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:28:25 2006 Subject: SpamAssassin/MS & 25_uribl.cf Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Magda Hewryk wrote: >I haveb DB_File and other modues as listed below. >I'm going to install DBI via cpan. Thanks! > >debug: diag: module not installed: DBI ('require' failed) >debug: diag: module installed: DB_File, version 1.808 >debug: diag: module installed: Digest::SHA1, version 2.07 >debug: diag: module installed: IO::Socket::UNIX, version 1.21 >debug: diag: module installed: MIME::Base64, version 2.21 >debug: diag: module installed: Net::DNS, version 0.45 >debug: diag: module not installed: Net::LDAP ('require' failed) >debug: diag: module installed: Razor2::Client::Agent, version 2.40 >debug: diag: module installed: Storable, version 2.09 >debug: diag: module installed: URI, version 1.30 > > Magda, You seem to have a really old version of MIME::Base64. This is not good as you may be vulnerable to many malformed MIME messages. Denis PS: I also have a slightly more recent version of Net::DNS 0.48. -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From peter at UCGBOOK.COM Thu Feb 3 21:02:37 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:25 2006 Subject: SA & 50_scores.cf Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Magda Hewryk wrote: > Does anybody have the following points in the 50_scores.cf? > Should I make them higher? > > How can I tune SP to use scores from the second (last column?). It looks > like on my system it uses the numbers from the first column. > > # URIDNSBL > ifplugin Mail::SpamAssassin::Plugin::URIDNSBL > score URIBL_AB_SURBL 0 2.007 0 0.417 > score URIBL_OB_SURBL 0 1.996 0 3.213 > score URIBL_PH_SURBL 0 0.839 0 2.000 > score URIBL_SBL 0 0.629 0 0.996 > score URIBL_SC_SURBL 0 3.897 0 4.263 > score URIBL_WS_SURBL 0 0.539 0 1.462 > endif # Mail::SpamAssassin::Plugin::URIDNSBL What column it uses depends on your configuration, the last column is for network checks and Bayes, they usually score the highest. It's all explained on the SA web site. Fix your DBI installation and start using Bayes. That will help. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MHewryk at SYMCOR.COM Thu Feb 3 21:19:18 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:25 2006 Subject: SpamAssassin/MS & 25_uribl.cf Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks!! I fixed this: debug: diag: module installed: MIME::Base64, version 3.05 Thanks, Magda Denis Beauchemin To Sent by: MAILSCANNER@JISCMAIL.AC.UK MailScanner cc mailing list Re: SpamAssassin/MS & 25_uribl.cf 02/03/2005 04:00 PM Please respond to MailScanner mailing list Magda Hewryk wrote: >I haveb DB_File and other modues as listed below. >I'm going to install DBI via cpan. Thanks! > >debug: diag: module not installed: DBI ('require' failed) >debug: diag: module installed: DB_File, version 1.808 >debug: diag: module installed: Digest::SHA1, version 2.07 >debug: diag: module installed: IO::Socket::UNIX, version 1.21 >debug: diag: module installed: MIME::Base64, version 2.21 >debug: diag: module installed: Net::DNS, version 0.45 >debug: diag: module not installed: Net::LDAP ('require' failed) >debug: diag: module installed: Razor2::Client::Agent, version 2.40 >debug: diag: module installed: Storable, version 2.09 >debug: diag: module installed: URI, version 1.30 > > Magda, You seem to have a really old version of MIME::Base64. This is not good as you may be vulnerable to many malformed MIME messages. Denis PS: I also have a slightly more recent version of Net::DNS 0.48. -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Feb 3 21:22:09 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:25 2006 Subject: SP scoring Message-ID: At 03:21 PM 2/3/2005, Magda Hewryk wrote: >Anybody can answer why option A)is scored so low comparing to option B)? >What I'm missing in the SA config that the scoring is so inaccurate? > >A) >not spam, SpamAssassin (score=1.318, required 4.9, autolearn=disabled, > > RAZOR2_CHECK 0.15, URIBL_SBL 0.63, URIBL_WS_SURBL 0.54)" > >vs. > >B) >score=5.36, required 5, BAYES_00 -2.60, BIZ_TLD 2.29, URIBL_OB_SURBL 3.21, >URIBL_SBL 1.00, URIBL_WS_SURBL 1.46 Looks like B) is using hand-edited non-standard scores for the SURBL rules.. They are higher than any of the scoresets in the standard distribution, thus must be custom. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john.crossan at valleypres.org Thu Feb 3 21:42:25 2005 From: john.crossan at valleypres.org (John Crossan) Date: Thu Jan 12 21:28:25 2006 Subject: Duplicate Message ID's Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have MailScanner and Mailwatch for MailScanner running. We are running MailScanner, SpamAssassin, postfix, ClamAV, and Mailwatch. I could not use mailwatch to release a message from quarantine today (February 3) because it had the same ID as a message received in December. I had to release it manually. Is there a fix for this? Thanks John Crossan Systems Administrator Valley Presbyterian Hospital Message ID: C3F6017C3BC Message Headers: Received: from adsl-63-196-151-90.dsl.lsan03.pacbell.net (firewall.valleypres.org [192.6.1.253]) by clamav.valleypres.org (Postfix) with ESMTP id C3F6017C3BC for ; Mon, 20 Dec 2004 10:42:01 -0800 (PST) Received: from smtp.jiscmail.ac.uk ([130.246.192.55]) by adsl-63-196-151-90.dsl.lsan03.pacbell.net with esmtp (Exim 3.13 #5) id 1CgSTp-0007Nu-00 for john.crossan@VALLEYPRES.ORG; Mon, 20 Dec 2004 10:42:01 -0800 Received: from LISTSERV.JISCMAIL.AC.UK (jiscmail.ac.uk) by smtp.jiscmail.ac.uk (LSMTP for Windows NT v1.1b) with SMTP id <7.0019BDC2@smtp.jiscmail.ac.uk>; Mon, 20 Dec 2004 18:40:59 +0000 Received: from JISCMAIL.AC.UK by JISCMAIL.AC.UK (LISTSERV-TCP/IP release 1.8e) Message ID:C3F6017C3BC Message Headers: Received: from mail.valleypres.org (firewall.valleypres.org [192.6.1.253]) by clamav.valleypres.org (Postfix) with ESMTP id C3F6017C3BC for ; Thu, 3 Feb 2005 12:10:57 -0800 (PST) Received: from 64-171-32-163.ded.pacbell.net ([64.171.32.163] helo=nts-1.triageconsulting.com) by mail.valleypres.org with esmtp (Exim 3.13 #5) id 1CwnJZ-0000jV-00 for tracey.talley@valleypres.org; Thu, 03 Feb 2005 12:10:57 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----_=_NextPart_001_01C50A2C.789D9C4A" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MHewryk at SYMCOR.COM Thu Feb 3 21:46:57 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:25 2006 Subject: SA & 50_scores.cf Message-ID: I did. Will see if it helps. Thanks! debug: diag: module installed: DBI, version 1.47 debug: diag: module installed: DB_File, version 1.808 debug: diag: module installed: Digest::SHA1, version 2.10 debug: diag: module installed: IO::Socket::UNIX, version 1.21 debug: diag: module installed: MIME::Base64, version 3.05 debug: diag: module installed: Net::DNS, version 0.48 debug: diag: module installed: Net::LDAP, version 0.32 debug: diag: module installed: Razor2::Client::Agent, version 2.40 debug: diag: module installed: Storable, version 2.13 debug: diag: module installed: URI, version 1.35 Thanks, Magda Peter Bonivart To Sent by: MAILSCANNER@JISCMAIL.AC.UK MailScanner cc mailing list Re: SA & 50_scores.cf 02/03/2005 04:02 PM Please respond to MailScanner mailing list Magda Hewryk wrote: > Does anybody have the following points in the 50_scores.cf? > Should I make them higher? > > How can I tune SP to use scores from the second (last column?). It looks > like on my system it uses the numbers from the first column. > > # URIDNSBL > ifplugin Mail::SpamAssassin::Plugin::URIDNSBL > score URIBL_AB_SURBL 0 2.007 0 0.417 > score URIBL_OB_SURBL 0 1.996 0 3.213 > score URIBL_PH_SURBL 0 0.839 0 2.000 > score URIBL_SBL 0 0.629 0 0.996 > score URIBL_SC_SURBL 0 3.897 0 4.263 > score URIBL_WS_SURBL 0 0.539 0 1.462 > endif # Mail::SpamAssassin::Plugin::URIDNSBL What column it uses depends on your configuration, the last column is for network checks and Bayes, they usually score the highest. It's all explained on the SA web site. Fix your DBI installation and start using Bayes. That will help. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Thu Feb 3 21:52:02 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:25 2006 Subject: SP scoring Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kettler wrote: > At 03:21 PM 2/3/2005, Magda Hewryk wrote: > >> Anybody can answer why option A)is scored so low comparing to option B)? >> What I'm missing in the SA config that the scoring is so inaccurate? >> >> A) >> not spam, SpamAssassin (score=1.318, required 4.9, autolearn=disabled, >> > RAZOR2_CHECK 0.15, URIBL_SBL 0.63, URIBL_WS_SURBL 0.54)" >> >> vs. >> >> B) >> score=5.36, required 5, BAYES_00 -2.60, BIZ_TLD 2.29, URIBL_OB_SURBL >> 3.21, >> URIBL_SBL 1.00, URIBL_WS_SURBL 1.46 > > > Looks like B) is using hand-edited non-standard scores for the SURBL > rules.. They are higher than any of the scoresets in the standard > distribution, thus must be custom. No, it's the standard scores for bayes+network, A is just network without bayes. Both A and B look standard to me. This is from one of my installations, it's the same as on the SA web site. score URIBL_AB_SURBL 0 2.007 0 0.417 score URIBL_OB_SURBL 0 1.996 0 3.213 score URIBL_PH_SURBL 0 0.839 0 2.000 score URIBL_SBL 0 0.629 0 0.996 score URIBL_SC_SURBL 0 3.897 0 4.263 score URIBL_WS_SURBL 0 0.539 0 1.462 -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Thu Feb 3 21:54:21 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:25 2006 Subject: SA & 50_scores.cf Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Magda Hewryk wrote: > I did. Will see if it helps. > Thanks! Good, note that it will not use the fourth column of scores until it has analyzed 200 spam and 200 non spam messages. Then it will kick in. You can see how many it is at right now with "sa-learn --dump=magic". -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Feb 3 22:21:16 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:25 2006 Subject: SP scoring Message-ID: At 04:52 PM 2/3/2005, Peter Bonivart wrote: > > Looks like B) is using hand-edited non-standard scores for the SURBL > > rules.. They are higher than any of the scoresets in the standard > > distribution, thus must be custom. > >No, it's the standard scores for bayes+network, A is just network >without bayes. Both A and B look standard to me. You're right.. I mis-read the numbers.. Ick. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brad at BECKENHAUER.COM Thu Feb 3 22:22:22 2005 From: brad at BECKENHAUER.COM (Brad Beckenhauer) Date: Thu Jan 12 21:28:25 2006 Subject: Duplicate Message ID's Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] John, Start with giving us some version information. MailScanner v. SpamAssassin v. Postfix v. ClamAV v. Mailwatch v. Also, Julian added some postfix changes in v4.37.6 released in December 04 that may be relevant to your issue. From MHewryk at SYMCOR.COM Thu Feb 3 22:27:57 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:25 2006 Subject: SA & 50_scores.cf -- D CCifd Message-ID: Thanks! Last question: DCCifd - do we need it? debug: DCCifd is not available: no r/w dccifd socket found. debug: executable for dccproc was found at /usr/local/bin/dccproc debug: DCC is available: /usr/local/bin/dccproc Thanks, Magda Hewryk -------------------------------- Mid-Range Systems 905-273-1637 (Office) 416-554-0743 (Cell) Peter Bonivart To Sent by: MAILSCANNER@JISCMAIL.AC.UK MailScanner cc mailing list Re: SA & 50_scores.cf 02/03/2005 04:54 PM Please respond to MailScanner mailing list Magda Hewryk wrote: > I did. Will see if it helps. > Thanks! Good, note that it will not use the fourth column of scores until it has analyzed 200 spam and 200 non spam messages. Then it will kick in. You can see how many it is at right now with "sa-learn --dump=magic". -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MHewryk at SYMCOR.COM Thu Feb 3 22:35:15 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:25 2006 Subject: SA & 50_scores.cf - bayes db version2 is not able to be used Message-ID: Anybody saw this error before? # sa-learn --dump=magic bayes: bayes db version 2 is not able to be used, aborting! at /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/BayesStore/DBM.pm line 160. bayes: bayes db version 2 is not able to be used, aborting! at /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/BayesStore/DBM.pm line 160. ERROR: Bayes dump returned an error, please re-run with -D for more information Thanks, Magda Hewryk -------------------------------- Mid-Range Systems 905-273-1637 (Office) 416-554-0743 (Cell) Peter Bonivart To Sent by: MAILSCANNER@JISCMAIL.AC.UK MailScanner cc mailing list Re: SA & 50_scores.cf 02/03/2005 04:54 PM Please respond to MailScanner mailing list Magda Hewryk wrote: > I did. Will see if it helps. > Thanks! Good, note that it will not use the fourth column of scores until it has analyzed 200 spam and 200 non spam messages. Then it will kick in. You can see how many it is at right now with "sa-learn --dump=magic". -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Thu Feb 3 22:37:06 2005 From: steve.swaney at FSL.COM (Steve Swaney) Date: Thu Jan 12 21:28:25 2006 Subject: SA & 50_scores.cf -- D CCifd Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Magda Hewryk > Sent: Thursday, February 03, 2005 5:28 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: SA & 50_scores.cf -- D CCifd > > Thanks! > Last question: DCCifd - do we need it? > > debug: DCCifd is not available: no r/w dccifd socket found. > debug: executable for dccproc was found at /usr/local/bin/dccproc > debug: DCC is available: /usr/local/bin/dccproc > > > Thanks, > > Magda Hewryk Magda, No. Unless you're cprcessing +100,000 emails a day. I quote from the DCC FAQ: "--------------- Do I need to run a DCC server? A mail system that processes fewer than 100,000 mail messages per day uses less of its own bandwidth and the bandwidth of other DCC servers by using the public DCC servers. Each mail message needs a DCC transaction that requires about 100 bytes, and so 100,000 mail messages/day imply about 10 MBytes/day of DCC client-server traffic. Each DCC server needs to exchange "floods" or streams of checksms with 4 other servers. Each flood is currently about 100 MBytes/day for a current total of about 400 MBytes/day. When normally installed by the included Makefiles, DCC clients are configured to use the public DCC servers without any additional configuration, except to open firewalls to port 6277. Mail systems that process more than 100,000 mail messages per day need local DCC servers connected to the global network of DCC servers. The public DCC servers include denial of service defenses which ignore requests in excess of about 240,000 per day per client. ---------------" Steve Steve Swaney steve@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Thu Feb 3 22:42:20 2005 From: steve.swaney at FSL.COM (Steve Swaney) Date: Thu Jan 12 21:28:25 2006 Subject: SA & 50_scores.cf - bayes db version2 is not able to be used Message-ID: www.fsl.com steve.swaney@fsl.com > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Magda Hewryk > Sent: Thursday, February 03, 2005 5:35 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: SA & 50_scores.cf - bayes db version2 is not able to be used > > Anybody saw this error before? > > # sa-learn --dump=magic > > bayes: bayes db version 2 is not able to be used, aborting! at > /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/BayesStore/DBM.pm line > 160. > bayes: bayes db version 2 is not able to be used, aborting! at > /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/BayesStore/DBM.pm line > 160. > ERROR: Bayes dump returned an error, please re-run with -D for more > information > > > Thanks, > > Magda Hewryk I quote from the UPGRADE field shipped with SpamAssassin 3.X.X. "-------------------------- - The Bayesian storage modules have been completely re-written and now include Berkeley DB (DBM) storage as well as SQL based storage (see sql/README.bayes for more information). In addition, a new format has been introduced for the bayes database that stores tokens in fixed length hashes (Bayes v3). All DBM databases should be automatically converted to this new format the first time they are opened for write. You can manually perform the upgrade by running "sa-learn --sync" from the command line. --------------------------" Shutdown MailScanner and run: sa-learn --sync -p /etc/Mailscanner/spam.assassin.prefs.conf You may need to modify the if you're not running on a Linux system. Steve Steve Swaney President Fortress Systems Ltd. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Thu Feb 3 22:46:27 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:25 2006 Subject: SA & 50_scores.cf -- D CCifd Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steve Swaney wrote: >>Behalf Of Magda Hewryk >> >>Thanks! >>Last question: DCCifd - do we need it? >> >>debug: DCCifd is not available: no r/w dccifd socket found. >>debug: executable for dccproc was found at /usr/local/bin/dccproc >>debug: DCC is available: /usr/local/bin/dccproc > > Magda, > > No. Unless you're cprcessing +100,000 emails a day. I quote from the DCC > FAQ: > > "--------------- > Do I need to run a DCC server? But dccifd is not the server, it's the daemon version of dccproc. Magda: you don't need it and you will probably not gain much performance by using it but it doesn't hurt. It's not a problem though, SA checks for it first and automatically falls back to dccproc. No worries. Look here for help on setting up dccifd: http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/312.html -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Thu Feb 3 22:50:18 2005 From: steve.swaney at FSL.COM (Steve Swaney) Date: Thu Jan 12 21:28:25 2006 Subject: SA & 50_scores.cf -- D CCifd Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Peter Bonivart > Sent: Thursday, February 03, 2005 5:46 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: SA & 50_scores.cf -- D CCifd > > Steve Swaney wrote: > >>Behalf Of Magda Hewryk > >> > >>Thanks! > >>Last question: DCCifd - do we need it? > >> > >>debug: DCCifd is not available: no r/w dccifd socket found. > >>debug: executable for dccproc was found at /usr/local/bin/dccproc > >>debug: DCC is available: /usr/local/bin/dccproc > > > > Magda, > > > > No. Unless you're cprcessing +100,000 emails a day. I quote from the DCC > > FAQ: > > > > "--------------- > > Do I need to run a DCC server? > > But dccifd is not the server, it's the daemon version of dccproc. > > Magda: you don't need it and you will probably not gain much performance > by using it but it doesn't hurt. It's not a problem though, SA checks > for it first and automatically falls back to dccproc. No worries. > > Look here for help on setting up dccifd: > > http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/312.html > > -- > /Peter Bonivart > Peter, Thanks, You just proved that (especially in my case) you're never too old to learn something new ":) Steve Steve Swaney President Fortress Systems Ltd. www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john.crossan at valleypres.org Thu Feb 3 22:53:17 2005 From: john.crossan at valleypres.org (John Crossan) Date: Thu Jan 12 21:28:25 2006 Subject: Duplicate Message ID's Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] MailScanner v. 4.35.11 SpamAssassin v. 3.0.1 Postfix v. 2.1.4 ClamAV v. 0.80/699 Mailwatch v. 0.5.1 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Brad Beckenhauer Sent: Thursday, February 03, 2005 2:22 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Duplicate Message ID's John, Start with giving us some version information. MailScanner v. SpamAssassin v. Postfix v. ClamAV v. Mailwatch v. Also, Julian added some postfix changes in v4.37.6 released in December 04 that may be relevant to your issue. >From the Change Log: - Changed Postfix handling so that "Archive Mail" feature creates files with unique names so that re-used message-ids don't cause overwriting of older files in the same day with the same message-id. Brad >>> John Crossan 2/3/2005 3:42:25 PM >>> I have MailScanner and Mailwatch for MailScanner running. We are running MailScanner, SpamAssassin, postfix, ClamAV, and Mailwatch. I could not use mailwatch to release a message from quarantine today (February 3) because it had the same ID as a message received in December. I had to release it manually. Is there a fix for this? Thanks John Crossan Systems Administrator Valley Presbyterian Hospital Message ID: C3F6017C3BC Message Headers: Received: from adsl-63-196-151-90.dsl.lsan03.pacbell.net (firewall.valleypres.org [192.6.1.253]) by clamav.valleypres.org (Postfix) with ESMTP id C3F6017C3BC for ; Mon, 20 Dec 2004 10:42:01 -0800 (PST) Received: from smtp.jiscmail.ac.uk ([130.246.192.55]) by adsl-63-196-151-90.dsl.lsan03.pacbell.net with esmtp (Exim 3.13 #5) id 1CgSTp-0007Nu-00 for john.crossan@VALLEYPRES.ORG; Mon, 20 Dec 2004 10:42:01 -0800 Received: from LISTSERV.JISCMAIL.AC.UK (jiscmail.ac.uk) by smtp.jiscmail.ac.uk (LSMTP for Windows NT v1.1b) with SMTP id <7.0019BDC2@smtp.jiscmail.ac.uk>; Mon, 20 Dec 2004 18:40:59 +0000 Received: from JISCMAIL.AC.UK by JISCMAIL.AC.UK (LISTSERV-TCP/IP release 1.8e) Message ID:C3F6017C3BC Message Headers: Received: from mail.valleypres.org (firewall.valleypres.org [192.6.1.253]) by clamav.valleypres.org (Postfix) with ESMTP id C3F6017C3BC for ; Thu, 3 Feb 2005 12:10:57 -0800 (PST) Received: from 64-171-32-163.ded.pacbell.net ([64.171.32.163] helo=nts-1.triageconsulting.com) by mail.valleypres.org with esmtp (Exim 3.13 #5) id 1CwnJZ-0000jV-00 for tracey.talley@valleypres.org; Thu, 03 Feb 2005 12:10:57 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----_=_NextPart_001_01C50A2C.789D9C4A" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Thu Feb 3 23:04:21 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:28:25 2006 Subject: Duplicate Message ID's Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] John Crossan writes: > I have MailScanner and Mailwatch for MailScanner running. > We are running MailScanner, SpamAssassin, postfix, ClamAV, and Mailwatch. > I could not use mailwatch to release a message from quarantine today > (February 3) because it had the same ID as a message received in December. > I had to release it manually. Is there a fix for this? > This is a known issue for some postfix users.. from the postfix docs, postfix can and will reuse queue / message ids.. Julian fixed this a few minor versions back so if you upgrade (assuming you haven't already) this should be fixed. This has also to do with the fact that your /var and /var/spool may not be on the same partition. Read the mailscanner archives for november / december 2004 for a better explanation. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Thu Feb 3 23:08:14 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:28:25 2006 Subject: High CPU load, RCPT TO: Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Drew Marshall writes: > Ed Bruce wrote: > >> Ok, I've seen a number of answers like this, as long as you use >> sendmail. Well we're using postfix. Does this not work with postfix? > > No > Actually 4.38 onwards Julian and Rakesh introduced postfix support in the IPBlock code.. An upgrade of the customconfig.pm should allow this (if not a complete upgrade). You will however need to use the check_client_access parameter under smtpd_client_restrictions in your main.cf, rest being the same as that for sendmail. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john.crossan at valleypres.org Thu Feb 3 23:08:32 2005 From: john.crossan at valleypres.org (John Crossan) Date: Thu Jan 12 21:28:25 2006 Subject: Duplicate Message ID's Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] /var and /var/spool are on the same partition. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Dhawal Doshy Sent: Thursday, February 03, 2005 3:04 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Duplicate Message ID's John Crossan writes: > I have MailScanner and Mailwatch for MailScanner running. > We are running MailScanner, SpamAssassin, postfix, ClamAV, and Mailwatch. > I could not use mailwatch to release a message from quarantine today > (February 3) because it had the same ID as a message received in December. > I had to release it manually. Is there a fix for this? > This is a known issue for some postfix users.. from the postfix docs, postfix can and will reuse queue / message ids.. Julian fixed this a few minor versions back so if you upgrade (assuming you haven't already) this should be fixed. This has also to do with the fact that your /var and /var/spool may not be on the same partition. Read the mailscanner archives for november / december 2004 for a better explanation. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Thu Feb 3 23:13:36 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:25 2006 Subject: High CPU load, RCPT TO: Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dhawal Doshy wrote: > Drew Marshall writes: > >> Ed Bruce wrote: >> >>> Ok, I've seen a number of answers like this, as long as you use >>> sendmail. Well we're using postfix. Does this not work with postfix? >> >> >> No >> > > Actually 4.38 onwards Julian and Rakesh introduced postfix support in the > IPBlock code.. An upgrade of the customconfig.pm should allow this (if > not a > complete upgrade). Oops, you are right, I had forgotten :-( . Thanks for correcting me :-) > > You will however need to use the check_client_access parameter under > smtpd_client_restrictions in your main.cf, rest being the same as that > for > sendmail. Indeed. As mentioned before all the smtpd_ functions can still be used with Postfix/ MailScanner combination. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Thu Feb 3 23:28:54 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:28:25 2006 Subject: Duplicate Message ID's Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] John Crossan writes: > /var and /var/spool are on the same partition. > Hmm, in any case upgrade.. if you are interested in knowing more, then start here http://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind04&L=mailscanner&D=0&I=0&P= 2093670 and follow the topic. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brad at BECKENHAUER.COM Thu Feb 3 23:35:32 2005 From: brad at BECKENHAUER.COM (Brad Beckenhauer) Date: Thu Jan 12 21:28:25 2006 Subject: Duplicate Message ID's Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] John, Since you've already released the problem message, update MailScanner, the update includes the fix for your issue. - Brad >>> John Crossan 2/3/2005 5:08:32 PM >>> /var and /var/spool are on the same partition. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Dhawal Doshy Sent: Thursday, February 03, 2005 3:04 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Duplicate Message ID's John Crossan writes: > I have MailScanner and Mailwatch for MailScanner running. > We are running MailScanner, SpamAssassin, postfix, ClamAV, and Mailwatch. > I could not use mailwatch to release a message from quarantine today > (February 3) because it had the same ID as a message received in December. > I had to release it manually. Is there a fix for this? > This is a known issue for some postfix users.. from the postfix docs, postfix can and will reuse queue / message ids.. Julian fixed this a few minor versions back so if you upgrade (assuming you haven't already) this should be fixed. This has also to do with the fact that your /var and /var/spool may not be on the same partition. Read the mailscanner archives for november / december 2004 for a better explanation. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Feb 3 23:39:50 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:25 2006 Subject: OT Taking care of mail errors and dnsreport.com Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Billy Pumphrey wrote: >>-----Original Message----- >>From: Kevin Miller [mailto:Kevin_Miller@CI.JUNEAU.AK.US] >>Sent: Wednesday, February 02, 2005 2:43 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: OT Taking care of mail errors and dnsreport.com >> >>Dave Duffner - NWCWEB.com wrote: >> >>>Greetings, >>> >>> Just as a side note on this thread I've been >> >>watching... The >> >>>last 2 weeks I've had very strange reports from both dnsreports and >>>dnsstuff that don't match. dnsreports keeps giving false >> >>errors that >> >>>dnsstuff shows as being OK. >>> >>> So this may not even be a true error being chased down, may >>>want to run tests through other points and see if you get the same >>>results! >> >>I just sent a note off to postmaster@woodmaclaw.com, but then >>doublechecked dnsreports. It looks like it's >>backup.mywebmailserver.com that's misconfigured, not >>mail.woodmaclaw.com. All my original comments apply still, I >>think, but the addresses in the mailer-table might be >>different depending on his IP layout. >> >>Dnsreport message: >>------------------- >>ERROR: One or more of your mailservers does not accept mail >>to postmaster@woodmaclaw.com. Mailservers are required (RFC822 6.3, >>RFC1123 5.2.7, and RFC2821 4.5.1) to accept mail to postmaster. >>backup.mywebmailserver.com's postmaster response: >>^^^^^^ >> >>>>>RCPT TO: <<< 550 5.7.1 ... we do not >>>>>relay <> >> >>------------------- >> >>S'later... >> >>...Kevin >>-- >>Kevin Miller Registered Linux User No: 307357 >>CBJ MIS Dept. Network Systems Admin., Mail Admin. >>155 South Seward Street ph: (907) 586-0242 >>Juneau, Alaska 99801 fax: (907 586-4500 >> > > > I did receive your email that you sent to postmaster@woodmaclaw.com. I get > confused because of how our web site is being hosted. It is being resaled > who knows how many times and I can barely find out the company that actually > host it. > > Mail.woodmaclaw.com is only a A record that points to our IP address. My > router then forwards the smtp traffic to the mailscanner.woodmaclaw.com <-- > I did change the name to .com. Mailscanner.woodmaclaw.com is a local > machine with a local IP address. My exchange server name is > woodendc.woodmaclaw.local and of course is a local machine. So > mail.woodmaclaw.com is not a machine. > > The way that the web site is hosted makes me want to change it so that at > the least I have charge of the DNS, but yet again I could do without that > responsibility. That machine called backup.mywebmailserver.com, I have no > clue what that machines function is other than to confuse me :). > > In other words I don't really know the path of the email from the beginning. > You send me an email, goes to ns1.mydnsserver.com, ns1 says goto > 68.74.55.130 (my ip address), and then the process starts from where we have > talked about. So seems like maybe some of these errors from emails are > getting bounced or error "we do not relay" because of > backup.mywebmailserver.com? > It takes some time to get things going right. I just spent a week trying to get MCI to give me control of my reverse dns, and 3 days to get it to work. Most of your problems seem to point to your backup MX which needs the alias from postmaster to whatever user you want to get such mail. It also gives a different name then the DNS records think. backup.mywebmailserver.com claims to be host email07.mywebmailserver.com. Also, your nameservers seem to respond sporadically -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Fri Feb 4 00:21:50 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:26 2006 Subject: [Fwd: too suspicious by half?] Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Daniel Bird wrote: > Found this quite humorous, but am not quite sure why this happened. A > good use for the phishing whitelist me thinks , until I can figure out > why.... > > Dan > > -------- Original Message -------- > Subject: too suspicious by half? > Date: Thu, 03 Feb 2005 12:00:55 +0000 > From: Dominick McIntyre <*****@******> > To: Daniel Bird > > > > Nice to see your email filter doesn't even trust itself... > >> > ------ End of Forwarded Message >> > >> > -- >> > This message has been scanned for viruses and >> > dangerous content by MailScanner *MailScanner has detected a possible > > fraud attempt from "www.mailscanner.info" claiming to be* > , and is > >> > believed to be clean. >> > MailScanner thanks transtec Computers *MailScanner has detected a > > possible fraud attempt from "www.transtec.co.uk" claiming to be* > for Are you sure you have a current version? This seems to be one of the initial "teething" problems of choking on the last backslash. -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Fri Feb 4 00:39:18 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:26 2006 Subject: SA & 50_scores.cf Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Bonivart wrote: > Magda Hewryk wrote: > >> I did. Will see if it helps. >> Thanks! > > > Good, note that it will not use the fourth column of scores until it has > analyzed 200 spam and 200 non spam messages. Then it will kick in. Or you can use the starter database at Fortress Systems http://www.fsl.com/support/index.html -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MHewryk at SYMCOR.COM Fri Feb 4 03:26:04 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:26 2006 Subject: SA & 50_scores.cf - bayes db version2 is not able to be used (fixed) Message-ID: Thanks! Works! #root# sa-learn --sync -p /etc/Mailscanner/spam.assassin.prefs.conf synced Bayes databases from journal in 1 seconds: 950 unique entries (1253 total entries) #root# sa-learn --dump=magic 0.000 0 3 0 non-token data: bayes db version 0.000 0 2051 0 non-token data: nspam 0.000 0 53957 0 non-token data: nham 0.000 0 160368 0 non-token data: ntokens 0.000 0 1105352034 0 non-token data: oldest atime 0.000 0 1107487222 0 non-token data: newest atime 0.000 0 1107487416 0 non-token data: last journal sync atime 0.000 0 1107470240 0 non-token data: last expiry atime 0.000 0 345600 0 non-token data: last expire atime delta 0.000 0 6980 0 non-token data: last expire reduction count Thanks, Magda Steve Swaney To Sent by: MAILSCANNER@JISCMAIL.AC.UK MailScanner cc mailing list Re: SA & 50_scores.cf - bayes db version2 is not able to be used 02/03/2005 05:42 PM Please respond to MailScanner mailing list www.fsl.com steve.swaney@fsl.com > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Magda Hewryk > Sent: Thursday, February 03, 2005 5:35 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: SA & 50_scores.cf - bayes db version2 is not able to be used > > Anybody saw this error before? > > # sa-learn --dump=magic > > bayes: bayes db version 2 is not able to be used, aborting! at > /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/BayesStore/DBM.pm line > 160. > bayes: bayes db version 2 is not able to be used, aborting! at > /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/BayesStore/DBM.pm line > 160. > ERROR: Bayes dump returned an error, please re-run with -D for more > information > > > Thanks, > > Magda Hewryk I quote from the UPGRADE field shipped with SpamAssassin 3.X.X. "-------------------------- - The Bayesian storage modules have been completely re-written and now include Berkeley DB (DBM) storage as well as SQL based storage (see sql/README.bayes for more information). In addition, a new format has been introduced for the bayes database that stores tokens in fixed length hashes (Bayes v3). All DBM databases should be automatically converted to this new format the first time they are opened for write. You can manually perform the upgrade by running "sa-learn --sync" from the command line. --------------------------" Shutdown MailScanner and run: sa-learn --sync -p /etc/Mailscanner/spam.assassin.prefs.conf You may need to modify the if you're not running on a Linux system. Steve Steve Swaney President Fortress Systems Ltd. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Fri Feb 4 09:01:56 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:26 2006 Subject: Phishing Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I still thing there sould have a way of blocking phishing mails like there is with spam. Now that we have the phishing white list, would be great to forward all the other phishing mails to one account, like I already do with spam. A boy in my city (a small city with 65.000 habitants, in south Brazil), with 19 years old, was arrested this week with US$ 2.500.000 that he obtained with phishing mails... In my opinion, blocking this kind of messages would be the more efetive way of avoiding the frauds.. Regards Roger Jochem ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From housey at SME-ECOM.CO.UK Fri Feb 4 09:39:00 2005 From: housey at SME-ECOM.CO.UK (Paul Houselander) Date: Thu Jan 12 21:28:26 2006 Subject: Failed to link message body between queues Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi I seem to get a few of these each day MailScanner[5322]: Failed to link message body between queues (/var/spool/mqueue/dfj1101h4t008448 --> /var/spool/mqueue.in/dfj1101h4t008448) I was thinking it maybe to do with locking, Mailscanner.conf reads Lock Type = Which I think means it defaults to flock. Im running sendmail-8.12.11-4.6 (Fedora Core 2 box) so I dont think I need to change this to posix. Im running Mailscanner version 4.35.11 Anyone have any ideals or what else to check? Paul ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michael at NOMENNESCIO.NET Fri Feb 4 10:11:45 2005 From: michael at NOMENNESCIO.NET (Mike) Date: Thu Jan 12 21:28:26 2006 Subject: Failed to link message body between queues Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Paul Houselander > >I was thinking it maybe to do with locking, Mailscanner.conf reads > >Lock Type = > >Which I think means it defaults to flock. Im running sendmail-8.12.11-4.6 >(Fedora Core 2 box) so I dont think I need to change this to posix. You do have to change it. Sendmail 8.12.11 (from 8.12.10 I think) needs the posix locking. >Paul Mike. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dh at UPTIME.AT Fri Feb 4 10:25:12 2005 From: dh at UPTIME.AT ([ISO-8859-1] David Höhn) Date: Thu Jan 12 21:28:26 2006 Subject: Failed to link message body between queues Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Mike wrote: |>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On |>Behalf Of Paul Houselander |> |>I was thinking it maybe to do with locking, Mailscanner.conf reads |> |>Lock Type = |> |>Which I think means it defaults to flock. Im running sendmail-8.12.11-4.6 |>(Fedora Core 2 box) so I dont think I need to change this to posix. | | | You do have to change it. Sendmail 8.12.11 (from 8.12.10 I think) needs the posix locking. | Actually all redhat based versions (and that is where fedora core comes from) use FLOCK and not posix locking. You can easiyl check wheter your sendmail was compiled with posix though by outputting the compile flags - -d - -- nee anata wo mitsukete soshite nidoto wasurezu ~ donna ni munega itakutemo soba ni iru no ~ zutto...zutto...zutto Key fingerprint = FD77 F0B7 5C65 F546 EB08 A4EC 3CCA 1A32 7E24 291E -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (Darwin) iD8DBQFCA02IPMoaMn4kKR4RAxnyAJ0Z8Xlk5j3DwHQTovl/Fkp/3CuknwCeK964 TNcMB64zQkf2xQuVpED3V48= =Jw9b -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Feb 4 10:32:30 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:26 2006 Subject: Duplicate Message ID's Message-ID: As is (hopefully) abundantly clear in the archives (both MS and MW) the "duplicate problem" is severely increased by having /var/spool as a separate filesystem, but the behaviour is there even if it isn't. It's a question of probabilities of inode reuse, and hitting the same microsecond:-). The original patch from Julian is in the archive (in a mail to me), and it'll apply without errors to a vanilla 4.35.11 IIRC. But best is to upgrade. Do clamav while you're at it;-). -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Dhawal Doshy > Sent: den 4 februari 2005 00:29 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Duplicate Message ID's > > > John Crossan writes: > > > /var and /var/spool are on the same partition. > > > > Hmm, in any case upgrade.. if you are interested in knowing > more, then start > here > http://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind04&L=mailscan ner&D=0&I=0&P= 2093670 and follow the topic. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From housey at SME-ECOM.CO.UK Fri Feb 4 10:44:09 2005 From: housey at SME-ECOM.CO.UK (Paul Houselander) Date: Thu Jan 12 21:28:26 2006 Subject: Failed to link message body between queues {Scanned by VITANIUM} Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Thanks for the replies. I ran sendmail -d0.10 and HASFLOCK appeared in the OS Defines. Does that mean sendmail uses FLOCK locking? If thats the case any other ideas what might be causing this problem? Thanks Paul -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of David Höhn Sent: 04 February 2005 10:25 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Failed to link message body between queues {Scanned by VITANIUM} -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Mike wrote: |>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On |>Behalf Of Paul Houselander |> |>I was thinking it maybe to do with locking, Mailscanner.conf reads |> |>Lock Type = |> |>Which I think means it defaults to flock. Im running sendmail-8.12.11-4.6 |>(Fedora Core 2 box) so I dont think I need to change this to posix. | | | You do have to change it. Sendmail 8.12.11 (from 8.12.10 I think) needs the posix locking. | Actually all redhat based versions (and that is where fedora core comes from) use FLOCK and not posix locking. You can easiyl check wheter your sendmail was compiled with posix though by outputting the compile flags - -d - -- nee anata wo mitsukete soshite nidoto wasurezu ~ donna ni munega itakutemo soba ni iru no ~ zutto...zutto...zutto Key fingerprint = FD77 F0B7 5C65 F546 EB08 A4EC 3CCA 1A32 7E24 291E -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (Darwin) iD8DBQFCA02IPMoaMn4kKR4RAxnyAJ0Z8Xlk5j3DwHQTovl/Fkp/3CuknwCeK964 TNcMB64zQkf2xQuVpED3V48= =Jw9b -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This message has been scanned for unacceptable content by 'VITANIUM' the industry leading email virus and content management service from Vitanium Systems. Contact details are available at www.vitanium.com. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rvitoria at CI.UCP.PT Fri Feb 4 10:47:58 2005 From: rvitoria at CI.UCP.PT (Rui Vitoria) Date: Thu Jan 12 21:28:26 2006 Subject: Problem with new version of Mailscanner Message-ID: Hi can`t anybody help me please. I`ve this error on my sistem, when i restart de service. Shutting down MailScanner daemons: MailScanner: [FAILED] incoming sendmail: [ OK ] outgoing sendmail: [ OK ] Starting MailScanner daemons: incoming sendmail: [ OK ] outgoing sendmail: [ OK ] MailScanner: Can't locate HTML/Tagset.pm in @INC (@INC contains: /usr/lib/MailScanner /usr/lib/perl5/5.6.1/i386- linux /usr/lib/perl5/5.6.1 /usr/lib/perl5/site_perl/5.6.1/i386- linux /usr/lib/perl5/site_perl/5.6.1 /usr/lib/perl5/site_perl/5.6.0/i386- linux /usr/lib/perl5/site_perl/5.6.0 /usr/lib/perl5/site_perl /usr/lib/perl 5/vendor_perl/5.6.1/i386- linux /usr/lib/perl5/vendor_perl/5.6.1 /usr/lib/perl5/vendor_perl . /usr/li b/MailScanner) at /usr/lib/perl5/site_perl/5.6.1/i386- linux/HTML/TokeParser.pm line 12. BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.6.1/i386- linux/HTML/TokeParser.pm line 12. Compilation failed in require at /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 44. BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 44. Compilation failed in require at /usr/sbin/MailScanner line 73. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 73. [ OK ] ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Feb 4 10:56:17 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:26 2006 Subject: Problem with new version of Mailscanner Message-ID: Rui hmm look like problems with RPM installations. Some people can fix this by installing the perl modules from CPAN rather than the RPMs. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Rui Vitoria wrote: > Hi can`t anybody help me please. > > I`ve this error on my sistem, when i restart de service. > > Shutting down MailScanner daemons: > MailScanner: [FAILED] > incoming sendmail: [ OK ] > outgoing sendmail: [ OK ] > Starting MailScanner daemons: > incoming sendmail: [ OK ] > outgoing sendmail: [ OK ] > MailScanner: Can't locate HTML/Tagset.pm in @INC (@INC > contains: /usr/lib/MailScanner /usr/lib/perl5/5.6.1/i386- > linux /usr/lib/perl5/5.6.1 /usr/lib/perl5/site_perl/5.6.1/i386- > linux /usr/lib/perl5/site_perl/5.6.1 /usr/lib/perl5/site_perl/5.6.0/i386- > linux /usr/lib/perl5/site_perl/5.6.0 /usr/lib/perl5/site_perl /usr/lib/perl > 5/vendor_perl/5.6.1/i386- > linux /usr/lib/perl5/vendor_perl/5.6.1 /usr/lib/perl5/vendor_perl . /usr/li > b/MailScanner) at /usr/lib/perl5/site_perl/5.6.1/i386- > linux/HTML/TokeParser.pm line 12. > BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.6.1/i386- > linux/HTML/TokeParser.pm line 12. > Compilation failed in require > at /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 44. > BEGIN failed--compilation aborted > at /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 44. > Compilation failed in require at /usr/sbin/MailScanner line 73. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 73. > [ OK ] > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at DFK-SYSTEMS.COM Fri Feb 4 11:24:26 2005 From: mailscanner at DFK-SYSTEMS.COM (Mark Waterhouse - Mailing Lists) Date: Thu Jan 12 21:28:26 2006 Subject: Mail unscanned when sent to multiple users Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have MailScanner setup to scan multiple domains on one box and then feed the resulting email to their destination server. I also have MailScanner to selectively scan messages sent to domain users. I have spam/virus checking based upon a ruleset....domain.filter.rules I have set my rules up as FromOrTo: *@mydomain1.com no FromOrTo: *@mydomain2.com yes FromOrTo: user@mydomain3.com no FromOrTo: default yes If a mail is sent to user@mydomain3.com, it isnt scanned.....desired behaviour If a mail is sent to user2@mydomain3.com, it is scanned....also desired behaviour (because of the default line) However, if a message is sent to user@mydomain3.com AND user2@mydomain3.com, neither message is scanned. If I alter the rule to include a YES statement for user2@mydomain3.com, it works as desired. I know the default rule is working as messages sent only to user2@domain3.com are scanned. Can anyone offer a reason for this and has anyone else seen this behaviour. Thanks Mark Waterhouse DFK Systems Limited ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Feb 4 11:43:16 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:26 2006 Subject: Mail unscanned when sent to multiple users Message-ID: Mark MS only checks the initial 'to' user, there's no way for it to resolve multiple 'to','cc','bcc' recipients and somehow figure out what it should do (ie for one user the result might need to be 'yes' and for another it might be 'no', so what should it do?). A way around this (if you're using sendmail or Exim) is to split the message into individual messages for the individual recipients then the rules are nice and simple. There's an exmaple of to setup sendmail and exim to do this in the Quarantine report MS addition at http://www.fsl.com/support/QuarantineReport.tar.gz From what I understand you can't do this with Postfix, but if anyone's figured it out please let the list know so Steve Swaney can update the Quarantine Report instructions.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Mark Waterhouse - Mailing Lists wrote: > I have MailScanner setup to scan multiple domains on one box and then feed > the resulting email to their destination server. > I also have MailScanner to selectively scan messages sent to domain users. > > I have spam/virus checking based upon a ruleset....domain.filter.rules > > I have set my rules up as > > FromOrTo: *@mydomain1.com no > FromOrTo: *@mydomain2.com yes > FromOrTo: user@mydomain3.com no > FromOrTo: default yes > > If a mail is sent to user@mydomain3.com, it isnt scanned.....desired > behaviour > If a mail is sent to user2@mydomain3.com, it is scanned....also desired > behaviour (because of the default line) > > However, if a message is sent to user@mydomain3.com AND > user2@mydomain3.com, > neither message is scanned. > > If I alter the rule to include a YES statement for user2@mydomain3.com, it > works as desired. > > I know the default rule is working as messages sent only to > user2@domain3.com are scanned. > > > Can anyone offer a reason for this and has anyone else seen this behaviour. > > Thanks > Mark Waterhouse > DFK Systems Limited > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at DFK-SYSTEMS.COM Fri Feb 4 11:51:24 2005 From: mailscanner at DFK-SYSTEMS.COM (Mark Waterhouse - Mailing Lists) Date: Thu Jan 12 21:28:26 2006 Subject: Mail unscanned when sent to multiple users Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Wow...surely the recipient lines could get split using some perl code and then the tests performed on that... ----- Original Message ----- From: "Martin Hepworth" To: Sent: Friday, February 04, 2005 11:43 AM Subject: Re: Mail unscanned when sent to multiple users > Mark > > MS only checks the initial 'to' user, there's no way for it to resolve > multiple 'to','cc','bcc' recipients and somehow figure out what it > should do (ie for one user the result might need to be 'yes' and for > another it might be 'no', so what should it do?). > > A way around this (if you're using sendmail or Exim) is to split the > message into individual messages for the individual recipients then the > rules are nice and simple. There's an exmaple of to setup sendmail and > exim to do this in the Quarantine report MS addition at > http://www.fsl.com/support/QuarantineReport.tar.gz > > From what I understand you can't do this with Postfix, but if anyone's > figured it out please let the list know so Steve Swaney can update the > Quarantine Report instructions.. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Mark Waterhouse - Mailing Lists wrote: >> I have MailScanner setup to scan multiple domains on one box and then >> feed >> the resulting email to their destination server. >> I also have MailScanner to selectively scan messages sent to domain >> users. >> >> I have spam/virus checking based upon a ruleset....domain.filter.rules >> >> I have set my rules up as >> >> FromOrTo: *@mydomain1.com no >> FromOrTo: *@mydomain2.com yes >> FromOrTo: user@mydomain3.com no >> FromOrTo: default yes >> >> If a mail is sent to user@mydomain3.com, it isnt scanned.....desired >> behaviour >> If a mail is sent to user2@mydomain3.com, it is scanned....also desired >> behaviour (because of the default line) >> >> However, if a message is sent to user@mydomain3.com AND >> user2@mydomain3.com, >> neither message is scanned. >> >> If I alter the rule to include a YES statement for user2@mydomain3.com, >> it >> works as desired. >> >> I know the default rule is working as messages sent only to >> user2@domain3.com are scanned. >> >> >> Can anyone offer a reason for this and has anyone else seen this >> behaviour. >> >> Thanks >> Mark Waterhouse >> DFK Systems Limited >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Fri Feb 4 11:52:57 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:28:26 2006 Subject: Mail unscanned when sent to multiple users Message-ID: Hi there, > > A way around this (if you're using sendmail or Exim) is to split the > message into individual messages for the individual recipients then the > rules are nice and simple. There's an exmaple of to setup sendmail and > exim to do this in the Quarantine report MS addition at > http://www.fsl.com/support/QuarantineReport.tar.gz > i mentioned this behaviour before, and shortly after that Julian fixed the Problem ;) this means, he wrote a workaround for sendmail, which splits the mails for each recipient itself. So i did not need to change a bit on my sendmail-conf itself. Maybe you should upgrade to some kind of more fresher version of MS? ;) Greetings Marcel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Feb 4 12:05:15 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:26 2006 Subject: Mail unscanned when sent to multiple users Message-ID: Mark See marcels email on this - can't see I saw anything in the change logs about this though.... Best for the MTA to do it currenly, unless Julian has any bright ideas when he gets back from holidays in a couple of weeks... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Mark Waterhouse - Mailing Lists wrote: > Wow...surely the recipient lines could get split using some perl code and > then the tests performed on that... > > ----- Original Message ----- > From: "Martin Hepworth" > To: > Sent: Friday, February 04, 2005 11:43 AM > Subject: Re: Mail unscanned when sent to multiple users > > >> Mark >> >> MS only checks the initial 'to' user, there's no way for it to resolve >> multiple 'to','cc','bcc' recipients and somehow figure out what it >> should do (ie for one user the result might need to be 'yes' and for >> another it might be 'no', so what should it do?). >> >> A way around this (if you're using sendmail or Exim) is to split the >> message into individual messages for the individual recipients then the >> rules are nice and simple. There's an exmaple of to setup sendmail and >> exim to do this in the Quarantine report MS addition at >> http://www.fsl.com/support/QuarantineReport.tar.gz >> >> From what I understand you can't do this with Postfix, but if anyone's >> figured it out please let the list know so Steve Swaney can update the >> Quarantine Report instructions.. >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >> Mark Waterhouse - Mailing Lists wrote: >> >>> I have MailScanner setup to scan multiple domains on one box and then >>> feed >>> the resulting email to their destination server. >>> I also have MailScanner to selectively scan messages sent to domain >>> users. >>> >>> I have spam/virus checking based upon a ruleset....domain.filter.rules >>> >>> I have set my rules up as >>> >>> FromOrTo: *@mydomain1.com no >>> FromOrTo: *@mydomain2.com yes >>> FromOrTo: user@mydomain3.com no >>> FromOrTo: default yes >>> >>> If a mail is sent to user@mydomain3.com, it isnt scanned.....desired >>> behaviour >>> If a mail is sent to user2@mydomain3.com, it is scanned....also desired >>> behaviour (because of the default line) >>> >>> However, if a message is sent to user@mydomain3.com AND >>> user2@mydomain3.com, >>> neither message is scanned. >>> >>> If I alter the rule to include a YES statement for user2@mydomain3.com, >>> it >>> works as desired. >>> >>> I know the default rule is working as messages sent only to >>> user2@domain3.com are scanned. >>> >>> >>> Can anyone offer a reason for this and has anyone else seen this >>> behaviour. >>> >>> Thanks >>> Mark Waterhouse >>> DFK Systems Limited >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> >> ********************************************************************** >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please notify >> the system manager. >> >> This footnote confirms that this email message has been swept >> for the presence of computer viruses and is believed to be clean. >> >> ********************************************************************** >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From carinus.carelse at MRC.AC.ZA Fri Feb 4 12:32:30 2005 From: carinus.carelse at MRC.AC.ZA (Carinus Carelse) Date: Thu Jan 12 21:28:26 2006 Subject: QuarantineReport Query Message-ID: I have just built my new MailScanner system with the new version of exim and I have everything working but everytime i try to release a message from the quarantine using the QuaratineReport utility I get the message below. Any help would be appreciated. Releasing email message 1CwbkG-0002j7-KK.mht to user@domain.com 1CwbkG-0002j7-KK.mht, user@domain.com, or 20050202 is not legitimate format! Carinus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Fri Feb 4 12:34:43 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:28:26 2006 Subject: High CPU load, RCPT TO: (solved) Message-ID: Hi there again, currently i am testing the IPBlock-Routine with MailScanner. Seems to do its job..but..(there is always a but, isnt it?) The Scripts changes the access.db directly.. but as i am using the access-file to create spam-protections also, i do edit the file access and then create the new access.db with makemap. So, if i do this, the entries created by mailscanner would be gone. Maybe it should be better, if the Routine would add those entries into the access-file, and then create the access.db on itself with the makemap command? As working with ViSpan for example.. So, every person just looking through the access-file would see and notice the change, and maybe could delete those entries on his/her own. Just my 2 cent.. Greetings Marcel PS: Julian..thanks for MailScanner again..and for the hidden routines ;) IPBlock seems to work though.. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Feb 4 12:42:05 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:26 2006 Subject: QuarantineReport Query Message-ID: Carinus .mht is an odd extension for Exim ... queue files are normall -D -H maybe it's an rfc-822 format with wierd extension. Maybe Mr Swaney can shed some like on the code??? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Carinus Carelse wrote: > I have just built my new MailScanner system with the new version of exim > > and I have everything working but everytime i try to release a message > from the quarantine using the QuaratineReport utility I get the message > below. Any help would be appreciated. > > Releasing email message 1CwbkG-0002j7-KK.mht to user@domain.com > > 1CwbkG-0002j7-KK.mht, user@domain.com, or 20050202 is not legitimate > format! > > > Carinus > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From carinus.carelse at MRC.AC.ZA Fri Feb 4 13:03:26 2005 From: carinus.carelse at MRC.AC.ZA (Carinus Carelse) Date: Thu Jan 12 21:28:26 2006 Subject: QuarantineReport Query Message-ID: i just had a look and it appears to only be a symbolic link to actual mail file in another directory. Carinus Martin Hepworth wrote: > Carinus > > .mht is an odd extension for Exim ... queue files are normall -D -H > > maybe it's an rfc-822 format with wierd extension. > > Maybe Mr Swaney can shed some like on the code??? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > Carinus Carelse wrote: > > I have just built my new MailScanner system with the new version of exim > > > > and I have everything working but everytime i try to release a message > > from the quarantine using the QuaratineReport utility I get the message > > below. Any help would be appreciated. > > > > Releasing email message 1CwbkG-0002j7-KK.mht to user@domain.com > > > > 1CwbkG-0002j7-KK.mht, user@domain.com, or 20050202 is not legitimate > > format! > > > > > > Carinus > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Fri Feb 4 14:25:24 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:28:26 2006 Subject: QuarantineReport Query Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Carinus Carelse > Sent: Friday, February 04, 2005 8:03 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: QuarantineReport Query > > i just had a look and it appears to only be a symbolic link to actual mail > file in another directory. > > Carinus > > > Martin Hepworth wrote: > > > Carinus > > > > .mht is an odd extension for Exim ... queue files are normall -D -H > > > > maybe it's an rfc-822 format with wierd extension. > > > > Maybe Mr Swaney can shed some like on the code??? > > Unfortunately my co-worker who wrote the code and I are very busy right now and not able to support the Quarantine report code as well as we would like to. There will probably be a rewrite later this month to add features but I know that the code we provide will only be supporting sendmail and Linux as that's what the majority of our customers use. If anyone wants to take on a project or work on versions for other MTAs or operating systems we'd be happy to work with them. Steve Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Feb 4 14:30:08 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:26 2006 Subject: QuarantineReport Query Message-ID: Stephen Swaney wrote: >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Carinus Carelse >>Sent: Friday, February 04, 2005 8:03 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: QuarantineReport Query >> >>i just had a look and it appears to only be a symbolic link to actual mail >>file in another directory. >> >>Carinus >> >> >>Martin Hepworth wrote: >> >> >>>Carinus >>> >>>.mht is an odd extension for Exim ... queue files are normall -D -H >>> >>>maybe it's an rfc-822 format with wierd extension. >>> >>>Maybe Mr Swaney can shed some like on the code??? >>> > > > Unfortunately my co-worker who wrote the code and I are very busy right now > and not able to support the Quarantine report code as well as we would like > to. > > There will probably be a rewrite later this month to add features but I know > that the code we provide will only be supporting sendmail and Linux as > that's what the majority of our customers use. > > If anyone wants to take on a project or work on versions for other MTAs or > operating systems we'd be happy to work with them. > > Steve > > Steve Swaney > President > Fortress Systems Ltd. > www.fsl.com > steve.swaney@fsl.com > Steve I think you need to alter the instructions etc in order to remove the comments about exim etc. I'd be willing to help with testing for Exim... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at DFK-SYSTEMS.COM Fri Feb 4 14:35:29 2005 From: mailscanner at DFK-SYSTEMS.COM (Mark Waterhouse - Mailing Lists) Date: Thu Jan 12 21:28:26 2006 Subject: Mail unscanned when sent to multiple users Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I'm actually running MS 4.37.7-1. I upgraded it on 01/27 and the problem is still there. I know there have been some releases since then but these, as Martin has stated, dont mention this change in the changelog. Mark ----- Original Message ----- From: "Martin Hepworth" To: Sent: Friday, February 04, 2005 12:05 PM Subject: Re: Mail unscanned when sent to multiple users > Mark > > See marcels email on this - can't see I saw anything in the change logs > about this though.... > > Best for the MTA to do it currenly, unless Julian has any bright ideas > when he gets back from holidays in a couple of weeks... > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Mark Waterhouse - Mailing Lists wrote: >> Wow...surely the recipient lines could get split using some perl code and >> then the tests performed on that... >> >> ----- Original Message ----- >> From: "Martin Hepworth" >> To: >> Sent: Friday, February 04, 2005 11:43 AM >> Subject: Re: Mail unscanned when sent to multiple users >> >> >>> Mark >>> >>> MS only checks the initial 'to' user, there's no way for it to resolve >>> multiple 'to','cc','bcc' recipients and somehow figure out what it >>> should do (ie for one user the result might need to be 'yes' and for >>> another it might be 'no', so what should it do?). >>> >>> A way around this (if you're using sendmail or Exim) is to split the >>> message into individual messages for the individual recipients then the >>> rules are nice and simple. There's an exmaple of to setup sendmail and >>> exim to do this in the Quarantine report MS addition at >>> http://www.fsl.com/support/QuarantineReport.tar.gz >>> >>> From what I understand you can't do this with Postfix, but if anyone's >>> figured it out please let the list know so Steve Swaney can update the >>> Quarantine Report instructions.. >>> >>> -- >>> Martin Hepworth >>> Snr Systems Administrator >>> Solid State Logic >>> Tel: +44 (0)1865 842300 >>> >>> >>> Mark Waterhouse - Mailing Lists wrote: >>> >>>> I have MailScanner setup to scan multiple domains on one box and then >>>> feed >>>> the resulting email to their destination server. >>>> I also have MailScanner to selectively scan messages sent to domain >>>> users. >>>> >>>> I have spam/virus checking based upon a ruleset....domain.filter.rules >>>> >>>> I have set my rules up as >>>> >>>> FromOrTo: *@mydomain1.com no >>>> FromOrTo: *@mydomain2.com yes >>>> FromOrTo: user@mydomain3.com no >>>> FromOrTo: default yes >>>> >>>> If a mail is sent to user@mydomain3.com, it isnt scanned.....desired >>>> behaviour >>>> If a mail is sent to user2@mydomain3.com, it is scanned....also desired >>>> behaviour (because of the default line) >>>> >>>> However, if a message is sent to user@mydomain3.com AND >>>> user2@mydomain3.com, >>>> neither message is scanned. >>>> >>>> If I alter the rule to include a YES statement for user2@mydomain3.com, >>>> it >>>> works as desired. >>>> >>>> I know the default rule is working as messages sent only to >>>> user2@domain3.com are scanned. >>>> >>>> >>>> Can anyone offer a reason for this and has anyone else seen this >>>> behaviour. >>>> >>>> Thanks >>>> Mark Waterhouse >>>> DFK Systems Limited >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> >>> ********************************************************************** >>> >>> This email and any files transmitted with it are confidential and >>> intended solely for the use of the individual or entity to whom they >>> are addressed. If you have received this email in error please notify >>> the system manager. >>> >>> This footnote confirms that this email message has been swept >>> for the presence of computer viruses and is believed to be clean. >>> >>> ********************************************************************** >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at DFK-SYSTEMS.COM Fri Feb 4 14:37:14 2005 From: mailscanner at DFK-SYSTEMS.COM (Mark Waterhouse - Mailing Lists) Date: Thu Jan 12 21:28:26 2006 Subject: Mail unscanned when sent to multiple users Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hang on....too many beers at lunch are kicking in here. My first post.... >>>> If a mail is sent to user@mydomain3.com, it isnt scanned.....desired >>>> behaviour >>>> If a mail is sent to user2@mydomain3.com, it is scanned....also desired >>>> behaviour (because of the default line) >>>> >>>> However, if a message is sent to user@mydomain3.com AND >>>> user2@mydomain3.com, >>>> neither message is scanned. >>>> >>>> If I alter the rule to include a YES statement for user2@mydomain3.com, >>>> it >>>> works as desired. >>>> So, by adding in the user in the domain.filter.rules file, it works.....isnt that what the default is supposed to do. Mark ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From carinus.carelse at MRC.AC.ZA Fri Feb 4 14:37:36 2005 From: carinus.carelse at MRC.AC.ZA (Carinus Carelse) Date: Thu Jan 12 21:28:26 2006 Subject: QuarantineReport Query Message-ID: Oh damn and I just got the exim to work and have been very impressed with it. I was hoping this was a quick fix. I can help with the testing for exim as well. It just seems to be expecting something that's not there. Maybe I could just then generate a list of emails that without the link in? Carinus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Fri Feb 4 14:49:51 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:28:26 2006 Subject: QuarantineReport Query Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Martin Hepworth > Sent: Friday, February 04, 2005 9:30 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: QuarantineReport Query > > Stephen Swaney wrote: > >>-----Original Message----- > >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > >>Behalf Of Carinus Carelse > >>Sent: Friday, February 04, 2005 8:03 AM > >>To: MAILSCANNER@JISCMAIL.AC.UK > >>Subject: Re: QuarantineReport Query > >> > >>i just had a look and it appears to only be a symbolic link to actual > mail > >>file in another directory. > >> > >>Carinus > >> > >> > >>Martin Hepworth wrote: > >> > >> > >>>Carinus > >>> > >>>.mht is an odd extension for Exim ... queue files are normall -D -H > >>> > >>>maybe it's an rfc-822 format with wierd extension. > >>> > >>>Maybe Mr Swaney can shed some like on the code??? > >>> > > > > > > Unfortunately my co-worker who wrote the code and I are very busy right > now > > and not able to support the Quarantine report code as well as we would > like > > to. > > > > There will probably be a rewrite later this month to add features but I > know > > that the code we provide will only be supporting sendmail and Linux as > > that's what the majority of our customers use. > > > > If anyone wants to take on a project or work on versions for other MTAs > or > > operating systems we'd be happy to work with them. > > > > Steve > > > > Steve Swaney > > President > > Fortress Systems Ltd. > > www.fsl.com > > steve.swaney@fsl.com > > > Steve > > I think you need to alter the instructions etc in order to remove the > comments about exim etc. > > I'd be willing to help with testing for Exim... Martin, Thanks for the offer as we have no Exim systems to test on. I have altered the instructions to say that. "--------------- ... the application is essentially unsupported code. Also note that these Instructions will apply only to sendmail, Red Hat and RH clone Linux systems. You will need to modify the installation, the scripts and modules to install on other operating systems or use with other MTAs." ---------------" We will be working on the code later this month and I will keep you up to date on events. BTW I have nothing against Exim and wish I had more time to become more conversant with it :) Regards, Steve Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Fri Feb 4 14:53:47 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:28:26 2006 Subject: QuarantineReport Query Message-ID: Hi there, > Oh damn and I just got the exim to work and have been very impressed with it. I > was hoping this was a quick fix. I can help with the testing for exim as well. It > just seems to be expecting something that's not there. Maybe I could just then > generate a list of emails that without the link in? > had the same problem..due to the fact, that the script is creating links to the original files but those files where not readable by the webserver. So, i just changed the code in LinkQuarantine from the ln -s into cp... then i had to change the group, which is in the original script apache i guess into the group the webserver is running with.. (on my site this is www) So, now the script copies the file to the dir, creates the report (remember to change the url in the File Emails.pm) and then the users are able to send the mail to themselve.. oh..you should not forget to say mailscanner (and spamassassin if you are calling it on yourself) not to scan mails coming from postmaster@yourlocalmaschine, as those mails will be send by postmaster...and else these mails would be caught as spam again ;) these where the steps i had to do on my system.. Greetings Marcel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Fri Feb 4 14:59:36 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:28:26 2006 Subject: Mail unscanned when sent to multiple users Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Mark Waterhouse - Mailing Lists > Sent: Friday, February 04, 2005 9:35 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Mail unscanned when sent to multiple users > > I'm actually running MS 4.37.7-1. I upgraded it on 01/27 and the problem > is > still there. I know there have been some releases since then but these, as > Martin has stated, dont mention this change in the changelog. > > Mark > > ----- Original Message ----- > From: "Martin Hepworth" > To: > Sent: Friday, February 04, 2005 12:05 PM > Subject: Re: Mail unscanned when sent to multiple users > > > > Mark > > > > See marcels email on this - can't see I saw anything in the change logs > > about this though.... > > > > Best for the MTA to do it currenly, unless Julian has any bright ideas > > when he gets back from holidays in a couple of weeks... > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > The code that Julian added a while back was to support the: Use Default Rules With Multiple Recipients = no Configuration Value. I quote below from MailScanner.conf: "------------ # When trying to work out the value of configuration parameters which are # using a ruleset, this controls the behaviour when a rule is checking the # "To:" addresses. # If this option is set to "yes", then the following happens when checking # the ruleset: # a) 1 recipient. Same behaviour as normal. # b) Several recipients, but all in the same domain (domain.com for example). # The rules are checked for one that matches the string "*@domain.com". # c) Several recipients, not all in the same domain. # The rules are checked for one that matches the string "*@*". # # If this option is set to "no", then some rules will use the result they # get from the first matching rule for any of the recipients of a message, # so the exact value cannot be predicted for messages with more than 1 # recipient. # # This value *cannot* be the filename of a ruleset. Use Default Rules With Multiple Recipients = no ------------" Since: 1. I'm pretty sure that Julian regards the splitting of email to multiple recipients into individual messages should be the task of the MTA. 2. From previous threads on this topic I'm pretty sure that Postfix can perform this task and I know that Sendmail and Exim can do this. I wouldn't expect that this will become a MailScanner feature. Be aware that splitting email to multiple recipients into individual messages can add substantially to your gateway load. I've seen reports of +30% load imposed by adding this feature. Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com > > Mark Waterhouse - Mailing Lists wrote: > >> Wow...surely the recipient lines could get split using some perl code > and > >> then the tests performed on that... > >> > >> ----- Original Message ----- > >> From: "Martin Hepworth" > >> To: > >> Sent: Friday, February 04, 2005 11:43 AM > >> Subject: Re: Mail unscanned when sent to multiple users > >> > >> > >>> Mark > >>> > >>> MS only checks the initial 'to' user, there's no way for it to resolve > >>> multiple 'to','cc','bcc' recipients and somehow figure out what it > >>> should do (ie for one user the result might need to be 'yes' and for > >>> another it might be 'no', so what should it do?). > >>> > >>> A way around this (if you're using sendmail or Exim) is to split the > >>> message into individual messages for the individual recipients then > the > >>> rules are nice and simple. There's an exmaple of to setup sendmail and > >>> exim to do this in the Quarantine report MS addition at > >>> http://www.fsl.com/support/QuarantineReport.tar.gz > >>> > >>> From what I understand you can't do this with Postfix, but if anyone's > >>> figured it out please let the list know so Steve Swaney can update the > >>> Quarantine Report instructions.. > >>> > >>> -- > >>> Martin Hepworth > >>> Snr Systems Administrator > >>> Solid State Logic > >>> Tel: +44 (0)1865 842300 > >>> > >>> > >>> Mark Waterhouse - Mailing Lists wrote: > >>> > >>>> I have MailScanner setup to scan multiple domains on one box and then > >>>> feed > >>>> the resulting email to their destination server. > >>>> I also have MailScanner to selectively scan messages sent to domain > >>>> users. > >>>> > >>>> I have spam/virus checking based upon a > ruleset....domain.filter.rules > >>>> > >>>> I have set my rules up as > >>>> > >>>> FromOrTo: *@mydomain1.com no > >>>> FromOrTo: *@mydomain2.com yes > >>>> FromOrTo: user@mydomain3.com no > >>>> FromOrTo: default yes > >>>> > >>>> If a mail is sent to user@mydomain3.com, it isnt scanned.....desired > >>>> behaviour > >>>> If a mail is sent to user2@mydomain3.com, it is scanned....also > desired > >>>> behaviour (because of the default line) > >>>> > >>>> However, if a message is sent to user@mydomain3.com AND > >>>> user2@mydomain3.com, > >>>> neither message is scanned. > >>>> > >>>> If I alter the rule to include a YES statement for > user2@mydomain3.com, > >>>> it > >>>> works as desired. > >>>> > >>>> I know the default rule is working as messages sent only to > >>>> user2@domain3.com are scanned. > >>>> > >>>> > >>>> Can anyone offer a reason for this and has anyone else seen this > >>>> behaviour. > >>>> > >>>> Thanks > >>>> Mark Waterhouse > >>>> DFK Systems Limited > >>>> > >>>> ------------------------ MailScanner list ------------------------ > >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>> 'leave mailscanner' in the body of the email. > >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>>> > >>>> Support MailScanner development - buy the book off the website! > >>> > >>> > >>> ********************************************************************** > >>> > >>> This email and any files transmitted with it are confidential and > >>> intended solely for the use of the individual or entity to whom they > >>> are addressed. If you have received this email in error please notify > >>> the system manager. > >>> > >>> This footnote confirms that this email message has been swept > >>> for the presence of computer viruses and is believed to be clean. > >>> > >>> ********************************************************************** > >>> > >>> ------------------------ MailScanner list ------------------------ > >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>> 'leave mailscanner' in the body of the email. > >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>> > >>> Support MailScanner development - buy the book off the website! > >>> > >> > >> ------------------------ MailScanner list ------------------------ > >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >> 'leave mailscanner' in the body of the email. > >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >> Support MailScanner development - buy the book off the website! > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From carinus.carelse at MRC.AC.ZA Fri Feb 4 14:59:31 2005 From: carinus.carelse at MRC.AC.ZA (Carinus Carelse) Date: Thu Jan 12 21:28:26 2006 Subject: QuarantineReport Query Message-ID: Marcel you are my hero. Just a quick one when yo say the original script where you changed the user which one do you mean? Carinus Marcel Blenkers wrote: > Hi there, > > > Oh damn and I just got the exim to work and have been very impressed with it. I > > was hoping this was a quick fix. I can help with the testing for exim as well. It > > just seems to be expecting something that's not there. Maybe I could just then > > generate a list of emails that without the link in? > > > had the same problem..due to the fact, that the script is creating links > to the original files but those files where not readable by the webserver. > > So, i just changed the code in LinkQuarantine from the ln -s into cp... > > then i had to change the group, which is in the original script apache i > guess into the group the webserver is running with.. (on my site this is > www) > > So, now the script copies the file to the dir, creates the report > (remember to change the url in the File Emails.pm) and then the users are > able to send the mail to themselve.. > > oh..you should not forget to say mailscanner (and spamassassin if you are > calling it on yourself) not to scan mails coming from > postmaster@yourlocalmaschine, as those mails will be send by > postmaster...and else these mails would be caught as spam again ;) > > these where the steps i had to do on my system.. > > Greetings > > Marcel > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MHewryk at SYMCOR.COM Fri Feb 4 15:18:31 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:26 2006 Subject: SA socres check Message-ID: Would somebody confirm the scores for the spam below? What was your score? "not spam, SpamAssassin (score=4.278, required 4.9, autolearn=spam, BAYES_00 -2.60, PYZOR_CHECK 3.45, RCVD_HELO_IP_MISMATCH 2.18, RCVD_NUMERIC_HELO 1.25)" Thanks, Magda Hewryk -------------------------------- Mid-Range Systems 905-273-1637 (Office) 416-554-0743 (Cell) ----- Forwarded by Magdalena Hewryk/TOR/SYM on 02/04/2005 10:16 AM ----- "Christoper Mccain" cc 02/04/2005 09:09 AM Subject Technica| p|ay in m0tiOn 0n penny st0ck THIS STOCK IS UNDISCOVERED STOCK GEM - Just starting to trade Millennium National Events, Inc. - Symbol: MNEI Millenniums current roster of event sponsors inc|udes such names as: WM Wrig|ey, American Express, Office Depot, Verizon, Ita|ian Rose, TWA, Power Sports, Pizza Hut, Coca-Cola, Samuel Adams, C|ear Channe| Communications, Viacom, Infinity Broadcasting, Budweiser, COX Broadcasting, NBC |ocal affiliates, Brown Foreman (Jack Danie|s), Southern Wine & Spirits, Viking Ovens and Bergwater Vineyards. And just read the News... Read the entire news be|ow NEWS>>>..Mi||ennium announced that it has entered into an agreement to acquire al| of the outstanding shares of Mi||ennium National Imports, Inc., a Texas Company. Yes you read it right - this is serious company with some serious business Symbo|: MNEI Current Price: $0.45 1-2 weeks specu|ative targer price: SKY IS THE LIMIT ON THIS STOCK $2-3 is real|y possibe (if you look at |eve|2 you wi|| see why) Mi||ennium Nationa| Events, Inc. (MNEI) is an event company that is currently transforming the wor|d of specia| events and corporate sponsorship. The Company is a fu||y integrated event promoter which owns, partially or entire|y, and/or operates a diversified network of events and event promoters in the states of F|orida, New York, Indiana, Colorado, California and Washington DC. Through its diverse segments, Mi||ennium's footprint is expanding in live entertainment, including sports and music. While Mi|lennium Nationa| Events owns and is constant|y acquiring existing events, our upcoming ca|endar inc|udes events with IMG, Clear Channe|, SFX, the ATP, NFL, PGA, LPGA, and NASCAR. Symbol: MNEI Current Price: $O.45 1-2 weeks speculative targer price: SKY IS THE LIMIT ON THIS STOCK $2-3 is rea||y possibe (if you |ook at leve|2 you wil| see why) NEWS DELRAY BEACH, Fla., Jan 21 /PRNewswire-FirstCa|l/ -- Mil|ennium National Events (OTC Pink Sheets: MNEI) today announced that it has entered into negotiations to acquire al| or part of a working interest in Match Point, Inc., the owner of the ATP sanctioned event known as the Mi||ennium Internationa| Tennis Tournament. Millennium earlier became the title sponsor of the Match Point, Inc. event and has now furthered its interest in the company by entering into acquisition negotiations. Both |ocal Delray Beach-based companies cou|d integrate the two entities. "Basical|y we're both from the same industry, and together I believe we cou|d be bigger and accomp|ish more than as stand-alone companies," said Robert McAl|ister, CEO & President of Mi||ennium National Events. Mark Baron, President of Match Point, Inc., says of the negotiations, "We are considering Millennium's offers and be|ieve that there cou|d be a possib|e f i t here for our company and our share holders." McA||ister also fee|s the purchase of Match Point is a good move for both Mi|lennium shareholders and Match Point. "This acquisition is consistent with our overa|| business plan. It has a|ways been our intent to target and acquire successful, high-profi|e events and their promoters; we've had our eye on Match Point for a|most one year now. Consolidation is the key, not only to our bottom line, but also to the success of each individua| event." Exact terms have been not yet been announced, but Mi|lennium sees the Match Point acquisition ultimate|y being ab|e to bring net revenues to MNEI's bottom |ine. MNEI sees both the internationa| te|evision audience and the ability to attract a Fortune 5O0 as a potentia| source of even greater, and as of yet, untapped revenue. McAl|ister expects the dea| to be consummated in this quarter. The ATP tournament is being held Jan. 31 - Feb. 6 at the Delray Beach Tennis Center. The draw for the 13th annual Millennium ITC inc|udes top Americans Vince Spadea, current|y No. 19 in the world, two-time ITC champion Jan-Michael Gambil| and James Blake. Also entered in the tournament are Jiri Novak (Czech Republic), current|y at No. 25, two-time Mil|ennium ITC fina|ist Xavier Malisse (Belgium) and defending champion Ricardo Me||o (Brazi|). The tournament stil| ho|ds two wildcards that can be offered to other top p|ayers in the weeks |eading up to the event. read this |ega| info Information within this emai| contains "forward |ooking statements" within the meaning of Section 27A of the Securities Act of 1933 and Section 21B of the Securities Exchange Act of 1934. Any statements that express or invo|ve discussions with respect to predictions, goa|s, expectations, be|iefs, p|ans, projections, objectives, assumptions or future events or performance are not statements of historica| fact and may be "forward looking statements." Forward |ooking statements are based on expectations, estimates and projections at the time the statements are made that involve a number of risks and uncertainties which cou|d cause actual results or events to differ material|y from those present|y anticipated. Forward |ooking statements in this action may be identified through the use of words such as: "projects", "foresee", "expects", "estimates," "believes," "understands" "will," "part of: "anticipates," or that by statements indicating certain actions "may," "cou|d," or "might" occur. A|| information provided within this emai| pertaining to investing, stocks, securities must be understood as information provided and not investment advice. Emerging Equity A|ert advises all readers and subscribers to seek advice from a registered professiona| securities representative before deciding to trade in stocks featured within this emai|. None of the material within this report sha|l be construed as any kind of investment advice. P|ease have in mind that the interpretation of the witer of this news|etter about the news pub|ished by the company does not represent the company officia| statement and in fact may differ from the rea| meaning of what the news re|ease meant to say. Look the news release by yourse|f and judge by yourse|f about the details in it.

In compliance with Section 17(b), we disc|ose the ho|ding of MNEI shares prior to the publication of this report. Be aware of an inherent conf|ict of interest resulting from such holdings due to our intent to profit from the |iquidation of these shares. Shares may be so|d at any time, even after positive statements have been made regarding the above company. Since we own shares, there is an inherent conflict of interest in our statements and opinions. Readers of this pub|ication are cautioned not to place undue reliance on forward-looking statements, which are based on certain assumptions and expectations involving various risks and uncertainties, that cou|d cause results to differ material|y from those set forth in the forward- |ooking statements. Please be advised that nothing within this emai| sha|l constitute a solicitation or an invitation to get position in or se|l any security mentioned herein. This newsletter is neither a registered investment advisor nor affiliated with any broker or dealer. This news|etter was paid $52600 from third party to send this report. Al| statements made are our express opinion on|y and shou|d be treated as such. We may own, take position and sell any securities mentioned at any time. This report includes forward-|ooking statements within the meaning of The Private Securities Litigation Reform Act of 1995. These statements may inc|ude terms as "expect", "believe", "may", "wi||", "move","underva|ued" and "intend" or simi|ar terms. If you wish to stop future mailings, or if you feel you have been wrongfu|ly p|aced in our list, p|ease go here (-stox0011@yahoo.com-) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Feb 4 15:25:47 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:26 2006 Subject: SA socres check Message-ID: Magda lots.. 46.8 Spam Report: 0.00 BAYES_50 Bayesian spam probability is 40 to 60% 2.29 BIZ_TLD Contains an URL in the BIZ top-level domain 3.02 FB_FORWARD 0.50 FB_INVEST_ADVICE 1.20 FB_ST0CK 1.10 FM_MULTI_ODD2 1.40 FU_TLD_BIZ 0.60 J_CHICKENPOX_12 {1}Letter - punctuation - {2}Letter 0.60 J_CHICKENPOX_13 {1}Letter - punctuation - {3}Letter 0.60 J_CHICKENPOX_14 {1}Letter - punctuation - {4}Letter 0.60 J_CHICKENPOX_15 {1}Letter - punctuation - {5}Letter 0.60 J_CHICKENPOX_21 {2}Letter - punctuation - {1}Letter 0.60 J_CHICKENPOX_22 {2}Letter - punctuation - {2}Letter 0.60 J_CHICKENPOX_24 {2}Letter - punctuation - {4}Letter 0.60 J_CHICKENPOX_25 {2}Letter - punctuation - {5}Letter 0.60 J_CHICKENPOX_27 {2}Letter - punctuation - {7}Letter 0.60 J_CHICKENPOX_31 {3}Letter - punctuation - {1}Letter 0.60 J_CHICKENPOX_33 {3}Letter - punctuation - {3}Letter 0.60 J_CHICKENPOX_34 {3}Letter - punctuation - {4}Letter 0.60 J_CHICKENPOX_35 {3}Letter - punctuation - {5}Letter 0.60 J_CHICKENPOX_36 {3}Letter - punctuation - {6}Letter 0.60 J_CHICKENPOX_37 {3}Letter - punctuation - {7}Letter 0.60 J_CHICKENPOX_41 {4}Letter - punctuation - {1}Letter 0.60 J_CHICKENPOX_42 {4}Letter - punctuation - {2}Letter 0.60 J_CHICKENPOX_43 {4}Letter - punctuation - {3}Letter 0.60 J_CHICKENPOX_45 {4}Letter - punctuation - {5}Letter 0.60 J_CHICKENPOX_55 {5}Letter - punctuation - {5}Letter 0.60 J_CHICKENPOX_61 {6}Letter - punctuation - {1}Letter 0.60 J_CHICKENPOX_63 {6}Letter - punctuation - {3}Letter 0.60 J_CHICKENPOX_71 {7}Letter - punctuation - {1}Letter 0.60 J_CHICKENPOX_72 {7}Letter - punctuation - {2}Letter 0.60 J_CHICKENPOX_81 {8}Letter - punctuation - {1}Letter 2.30 MANGLED_BELOW mangled below 2.30 MANGLED_FULL mangled full 2.30 MANGLED_LIST mangled list 2.30 MANGLED_LOW mangled low 2.30 MANGLED_OFF mangled off 2.30 MANGLED_PLEASE mangled please 2.30 MANGLED_REALLY mangled really 2.30 MANGLED_SPCALS mangled special(s) 2.30 MANGLED_STOCK mangled stock(s) 1.67 SARE_FWDLOOK Forward looking statements about stocks -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Magda Hewryk wrote: > Would somebody confirm the scores for the spam below? What was your score? > > "not spam, SpamAssassin (score=4.278, required 4.9, autolearn=spam, > BAYES_00 -2.60, PYZOR_CHECK 3.45, RCVD_HELO_IP_MISMATCH 2.18, > RCVD_NUMERIC_HELO 1.25)" > > > > Thanks, > > Magda Hewryk > -------------------------------- > Mid-Range Systems > 905-273-1637 (Office) > 416-554-0743 (Cell) > ----- Forwarded by Magdalena Hewryk/TOR/SYM on 02/04/2005 10:16 AM ----- > > "Christoper > Mccain" > .com> > cc > 02/04/2005 09:09 > AM Subject > Technica| p|ay in m0tiOn 0n penny > st0ck > > > > > > > > > > > THIS STOCK IS UNDISCOVERED STOCK GEM - Just starting to trade > > > Millennium National Events, Inc. - Symbol: MNEI > > Millenniums current roster of event sponsors inc|udes such names as: WM > Wrig|ey, American Express, Office Depot, Verizon, Ita|ian Rose, TWA, > Power Sports, Pizza Hut, Coca-Cola, Samuel Adams, C|ear Channe| > Communications, Viacom, Infinity Broadcasting, Budweiser, COX > Broadcasting, NBC > |ocal affiliates, Brown Foreman (Jack Danie|s), Southern Wine & > Spirits, Viking Ovens and Bergwater Vineyards. > > > And just read the News... Read the entire news be|ow > > NEWS>>>..Mi||ennium announced that it has entered into an agreement to > acquire > al| of the outstanding shares of Mi||ennium National Imports, Inc., a > Texas Company. > > > Yes you read it right - this is serious company with some serious > business > > > Symbo|: MNEI > Current Price: $0.45 > 1-2 weeks specu|ative targer price: SKY IS THE LIMIT ON THIS STOCK $2-3 > is real|y > possibe (if you look at |eve|2 you wi|| see why) > > > Mi||ennium Nationa| Events, Inc. (MNEI) is an event company that is > currently transforming the wor|d of specia| events and corporate > sponsorship. The Company is a fu||y integrated event promoter which > owns, > partially or entire|y, and/or operates a diversified network of events > and > event promoters in the states of F|orida, New York, Indiana, Colorado, > California and Washington DC. > > Through its diverse segments, Mi||ennium's footprint is expanding in > live entertainment, including sports and music. While Mi|lennium > Nationa| > Events owns and is constant|y acquiring existing events, our upcoming > ca|endar inc|udes events with IMG, Clear Channe|, SFX, the ATP, NFL, > PGA, LPGA, and NASCAR. > > > Symbol: MNEI > Current Price: $O.45 > 1-2 weeks speculative targer price: SKY IS THE LIMIT ON THIS STOCK $2-3 > is rea||y > possibe (if you |ook at leve|2 you wil| see why) > > > NEWS > > DELRAY BEACH, Fla., Jan 21 /PRNewswire-FirstCa|l/ -- Mil|ennium > National Events (OTC Pink Sheets: MNEI) today announced that it has > entered > into negotiations to acquire al| or part of a working interest in Match > Point, Inc., the owner of the ATP sanctioned event known as the > Mi||ennium Internationa| Tennis Tournament. > > > Millennium earlier became the title sponsor of the Match Point, Inc. > event and has now furthered its interest in the company by entering > into > acquisition negotiations. > > Both |ocal Delray Beach-based companies cou|d integrate the two > entities. "Basical|y we're both from the same industry, and together I > believe > we cou|d be bigger and accomp|ish more than as stand-alone companies," > said Robert McAl|ister, CEO & President of Mi||ennium National Events. > > Mark Baron, President of Match Point, Inc., says of the negotiations, > "We are considering Millennium's offers and be|ieve that there cou|d be > a possib|e f i t here for our company and our share holders." > > McA||ister also fee|s the purchase of Match Point is a good move for > both Mi|lennium shareholders and Match Point. "This acquisition is > consistent with our overa|| business plan. It has a|ways been our > intent to > target and acquire successful, high-profi|e events and their promoters; > we've had our eye on Match Point for a|most one year now. Consolidation > is the key, not only to our bottom line, but also to the success of > each individua| event." > > Exact terms have been not yet been announced, but Mi|lennium sees the > Match Point acquisition ultimate|y being ab|e to bring net revenues to > MNEI's bottom |ine. > > MNEI sees both the internationa| te|evision audience and the ability to > attract a Fortune 5O0 as a potentia| source of even greater, and as of > yet, untapped revenue. McAl|ister expects the dea| to be consummated in > this quarter. > > The ATP tournament is being held Jan. 31 - Feb. 6 at the Delray Beach > Tennis Center. The draw for the 13th annual Millennium ITC inc|udes top > Americans Vince Spadea, current|y No. 19 in the world, two-time ITC > champion Jan-Michael Gambil| and James Blake. Also entered in the > tournament are Jiri Novak (Czech Republic), current|y at No. 25, > two-time > Mil|ennium ITC fina|ist Xavier Malisse (Belgium) and defending champion > Ricardo Me||o (Brazi|). The tournament stil| ho|ds two wildcards that > can > be offered to other top p|ayers in the weeks |eading up to the event. > > > > read this |ega| info > > Information within this emai| contains "forward |ooking statements" > within the meaning of Section 27A of the Securities Act of 1933 and > Section 21B of the Securities Exchange Act of 1934. Any statements that > express or invo|ve discussions with respect to predictions, goa|s, > expectations, be|iefs, p|ans, projections, objectives, assumptions or > future > events or performance are not statements of historica| fact and may be > "forward looking statements." Forward |ooking statements are based on > expectations, estimates and projections at the time the statements are > made > that involve a number of risks and uncertainties which cou|d cause > actual results or events to differ material|y from those present|y > anticipated. Forward |ooking statements in this action may be > identified > through the use of words such as: "projects", "foresee", "expects", > "estimates," "believes," "understands" "will," "part of: "anticipates," > or that > by statements indicating certain actions "may," "cou|d," or "might" > occur. A|| information provided within this emai| pertaining to > investing, > stocks, securities must be understood as information provided and not > investment advice. Emerging Equity A|ert advises all readers and > subscribers to seek advice from a registered professiona| securities > representative before deciding to trade in stocks featured within this > emai|. > None of the material within this report sha|l be construed as any kind > of > investment advice. P|ease have in mind that the interpretation of the > witer of this news|etter about the news pub|ished by the company does > not represent the company officia| statement and in fact may differ > from > the rea| meaning of what the news re|ease meant to say. Look the news > release by yourse|f and judge by yourse|f about the details in it.

> > In compliance with Section 17(b), we disc|ose the ho|ding of MNEI > shares prior to the publication of this report. Be aware of an inherent > conf|ict of interest resulting from such holdings due to our intent to > profit from the |iquidation of these shares. Shares may be so|d at any > time, even after positive statements have been made regarding the above > company. Since we own shares, there is an inherent conflict of interest > in > our statements and opinions. Readers of this pub|ication are cautioned > not to place undue reliance on forward-looking statements, which are > based on certain assumptions and expectations involving various risks > and > uncertainties, that cou|d cause results to differ material|y from those > set forth in the forward- |ooking statements. > > Please be advised that nothing within this emai| sha|l constitute a > solicitation or an invitation to get position in or se|l any security > mentioned herein. This newsletter is neither a registered investment > advisor nor affiliated with any broker or dealer. This news|etter was > paid > $52600 from third party to send this report. Al| statements made are > our > express opinion on|y and shou|d be treated as such. We may own, take > position and sell any securities mentioned at any time. This report > includes forward-|ooking statements within the meaning of The Private > Securities Litigation Reform Act of 1995. These statements may inc|ude > terms > as "expect", "believe", "may", "wi||", "move","underva|ued" and > "intend" or simi|ar terms. > > > If you wish to stop future mailings, or if you feel you have been > wrongfu|ly p|aced in our list, p|ease go here > (-stox0011@yahoo.com-) > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Fri Feb 4 15:44:12 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:28:26 2006 Subject: SA socres check Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin, Are the rules you have available somewhere for download? I could use some more rules to add to my SA install. Thanks, Rodney Martin Hepworth wrote: > Magda > > lots.. > > 46.8 > > Spam Report: > 0.00 BAYES_50 Bayesian spam probability is 40 to 60% > 2.29 BIZ_TLD Contains an URL in the BIZ top-level domain > 3.02 FB_FORWARD > 0.50 FB_INVEST_ADVICE > 1.20 FB_ST0CK > 1.10 FM_MULTI_ODD2 > 1.40 FU_TLD_BIZ > 0.60 J_CHICKENPOX_12 {1}Letter - punctuation - {2}Letter > 0.60 J_CHICKENPOX_13 {1}Letter - punctuation - {3}Letter > 0.60 J_CHICKENPOX_14 {1}Letter - punctuation - {4}Letter > 0.60 J_CHICKENPOX_15 {1}Letter - punctuation - {5}Letter > 0.60 J_CHICKENPOX_21 {2}Letter - punctuation - {1}Letter > 0.60 J_CHICKENPOX_22 {2}Letter - punctuation - {2}Letter > 0.60 J_CHICKENPOX_24 {2}Letter - punctuation - {4}Letter > 0.60 J_CHICKENPOX_25 {2}Letter - punctuation - {5}Letter > 0.60 J_CHICKENPOX_27 {2}Letter - punctuation - {7}Letter > 0.60 J_CHICKENPOX_31 {3}Letter - punctuation - {1}Letter > 0.60 J_CHICKENPOX_33 {3}Letter - punctuation - {3}Letter > 0.60 J_CHICKENPOX_34 {3}Letter - punctuation - {4}Letter > 0.60 J_CHICKENPOX_35 {3}Letter - punctuation - {5}Letter > 0.60 J_CHICKENPOX_36 {3}Letter - punctuation - {6}Letter > 0.60 J_CHICKENPOX_37 {3}Letter - punctuation - {7}Letter > 0.60 J_CHICKENPOX_41 {4}Letter - punctuation - {1}Letter > 0.60 J_CHICKENPOX_42 {4}Letter - punctuation - {2}Letter > 0.60 J_CHICKENPOX_43 {4}Letter - punctuation - {3}Letter > 0.60 J_CHICKENPOX_45 {4}Letter - punctuation - {5}Letter > 0.60 J_CHICKENPOX_55 {5}Letter - punctuation - {5}Letter > 0.60 J_CHICKENPOX_61 {6}Letter - punctuation - {1}Letter > 0.60 J_CHICKENPOX_63 {6}Letter - punctuation - {3}Letter > 0.60 J_CHICKENPOX_71 {7}Letter - punctuation - {1}Letter > 0.60 J_CHICKENPOX_72 {7}Letter - punctuation - {2}Letter > 0.60 J_CHICKENPOX_81 {8}Letter - punctuation - {1}Letter > 2.30 MANGLED_BELOW mangled below > 2.30 MANGLED_FULL mangled full > 2.30 MANGLED_LIST mangled list > 2.30 MANGLED_LOW mangled low > 2.30 MANGLED_OFF mangled off > 2.30 MANGLED_PLEASE mangled please > 2.30 MANGLED_REALLY mangled really > 2.30 MANGLED_SPCALS mangled special(s) > 2.30 MANGLED_STOCK mangled stock(s) > 1.67 SARE_FWDLOOK Forward looking statements about stocks > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Magda Hewryk wrote: > >> Would somebody confirm the scores for the spam below? What was your >> score? >> >> "not spam, SpamAssassin (score=4.278, required 4.9, autolearn=spam, >> BAYES_00 -2.60, PYZOR_CHECK 3.45, RCVD_HELO_IP_MISMATCH 2.18, >> RCVD_NUMERIC_HELO 1.25)" >> >> >> >> Thanks, >> >> Magda Hewryk >> -------------------------------- >> Mid-Range Systems >> 905-273-1637 (Office) >> 416-554-0743 (Cell) >> ----- Forwarded by Magdalena Hewryk/TOR/SYM on 02/04/2005 10:16 AM ----- >> >> "Christoper >> Mccain" >> >> > .com> >> >> cc >> 02/04/2005 09:09 >> AM >> Subject >> Technica| p|ay in m0tiOn 0n penny >> st0ck >> >> >> >> >> >> >> >> >> >> >> THIS STOCK IS UNDISCOVERED STOCK GEM - Just starting to trade >> >> >> Millennium National Events, Inc. - Symbol: MNEI >> >> Millenniums current roster of event sponsors inc|udes such names as: WM >> Wrig|ey, American Express, Office Depot, Verizon, Ita|ian Rose, TWA, >> Power Sports, Pizza Hut, Coca-Cola, Samuel Adams, C|ear Channe| >> Communications, Viacom, Infinity Broadcasting, Budweiser, COX >> Broadcasting, NBC >> |ocal affiliates, Brown Foreman (Jack Danie|s), Southern Wine & >> Spirits, Viking Ovens and Bergwater Vineyards. >> >> >> And just read the News... Read the entire news be|ow >> >> NEWS>>>..Mi||ennium announced that it has entered into an agreement to >> acquire >> al| of the outstanding shares of Mi||ennium National Imports, Inc., a >> Texas Company. >> >> >> Yes you read it right - this is serious company with some serious >> business >> >> >> Symbo|: MNEI >> Current Price: $0.45 >> 1-2 weeks specu|ative targer price: SKY IS THE LIMIT ON THIS STOCK $2-3 >> is real|y >> possibe (if you look at |eve|2 you wi|| see why) >> >> >> Mi||ennium Nationa| Events, Inc. (MNEI) is an event company that is >> currently transforming the wor|d of specia| events and corporate >> sponsorship. The Company is a fu||y integrated event promoter which >> owns, >> partially or entire|y, and/or operates a diversified network of events >> and >> event promoters in the states of F|orida, New York, Indiana, Colorado, >> California and Washington DC. >> >> Through its diverse segments, Mi||ennium's footprint is expanding in >> live entertainment, including sports and music. While Mi|lennium >> Nationa| >> Events owns and is constant|y acquiring existing events, our upcoming >> ca|endar inc|udes events with IMG, Clear Channe|, SFX, the ATP, NFL, >> PGA, LPGA, and NASCAR. >> >> >> Symbol: MNEI >> Current Price: $O.45 >> 1-2 weeks speculative targer price: SKY IS THE LIMIT ON THIS STOCK $2-3 >> is rea||y >> possibe (if you |ook at leve|2 you wil| see why) >> >> >> NEWS >> >> DELRAY BEACH, Fla., Jan 21 /PRNewswire-FirstCa|l/ -- Mil|ennium >> National Events (OTC Pink Sheets: MNEI) today announced that it has >> entered >> into negotiations to acquire al| or part of a working interest in Match >> Point, Inc., the owner of the ATP sanctioned event known as the >> Mi||ennium Internationa| Tennis Tournament. >> >> >> Millennium earlier became the title sponsor of the Match Point, Inc. >> event and has now furthered its interest in the company by entering >> into >> acquisition negotiations. >> >> Both |ocal Delray Beach-based companies cou|d integrate the two >> entities. "Basical|y we're both from the same industry, and together I >> believe >> we cou|d be bigger and accomp|ish more than as stand-alone companies," >> said Robert McAl|ister, CEO & President of Mi||ennium National Events. >> >> Mark Baron, President of Match Point, Inc., says of the negotiations, >> "We are considering Millennium's offers and be|ieve that there cou|d be >> a possib|e f i t here for our company and our share holders." >> >> McA||ister also fee|s the purchase of Match Point is a good move for >> both Mi|lennium shareholders and Match Point. "This acquisition is >> consistent with our overa|| business plan. It has a|ways been our >> intent to >> target and acquire successful, high-profi|e events and their promoters; >> we've had our eye on Match Point for a|most one year now. Consolidation >> is the key, not only to our bottom line, but also to the success of >> each individua| event." >> >> Exact terms have been not yet been announced, but Mi|lennium sees the >> Match Point acquisition ultimate|y being ab|e to bring net revenues to >> MNEI's bottom |ine. >> >> MNEI sees both the internationa| te|evision audience and the ability to >> attract a Fortune 5O0 as a potentia| source of even greater, and as of >> yet, untapped revenue. McAl|ister expects the dea| to be consummated in >> this quarter. >> >> The ATP tournament is being held Jan. 31 - Feb. 6 at the Delray Beach >> Tennis Center. The draw for the 13th annual Millennium ITC inc|udes top >> Americans Vince Spadea, current|y No. 19 in the world, two-time ITC >> champion Jan-Michael Gambil| and James Blake. Also entered in the >> tournament are Jiri Novak (Czech Republic), current|y at No. 25, >> two-time >> Mil|ennium ITC fina|ist Xavier Malisse (Belgium) and defending champion >> Ricardo Me||o (Brazi|). The tournament stil| ho|ds two wildcards that >> can >> be offered to other top p|ayers in the weeks |eading up to the event. >> >> >> >> read this |ega| info >> >> Information within this emai| contains "forward |ooking statements" >> within the meaning of Section 27A of the Securities Act of 1933 and >> Section 21B of the Securities Exchange Act of 1934. Any statements that >> express or invo|ve discussions with respect to predictions, goa|s, >> expectations, be|iefs, p|ans, projections, objectives, assumptions or >> future >> events or performance are not statements of historica| fact and may be >> "forward looking statements." Forward |ooking statements are based on >> expectations, estimates and projections at the time the statements are >> made >> that involve a number of risks and uncertainties which cou|d cause >> actual results or events to differ material|y from those present|y >> anticipated. Forward |ooking statements in this action may be >> identified >> through the use of words such as: "projects", "foresee", "expects", >> "estimates," "believes," "understands" "will," "part of: "anticipates," >> or that >> by statements indicating certain actions "may," "cou|d," or "might" >> occur. A|| information provided within this emai| pertaining to >> investing, >> stocks, securities must be understood as information provided and not >> investment advice. Emerging Equity A|ert advises all readers and >> subscribers to seek advice from a registered professiona| securities >> representative before deciding to trade in stocks featured within this >> emai|. >> None of the material within this report sha|l be construed as any kind >> of >> investment advice. P|ease have in mind that the interpretation of the >> witer of this news|etter about the news pub|ished by the company does >> not represent the company officia| statement and in fact may differ >> from >> the rea| meaning of what the news re|ease meant to say. Look the news >> release by yourse|f and judge by yourse|f about the details in it.

>> >> In compliance with Section 17(b), we disc|ose the ho|ding of MNEI >> shares prior to the publication of this report. Be aware of an inherent >> conf|ict of interest resulting from such holdings due to our intent to >> profit from the |iquidation of these shares. Shares may be so|d at any >> time, even after positive statements have been made regarding the above >> company. Since we own shares, there is an inherent conflict of interest >> in >> our statements and opinions. Readers of this pub|ication are cautioned >> not to place undue reliance on forward-looking statements, which are >> based on certain assumptions and expectations involving various risks >> and >> uncertainties, that cou|d cause results to differ material|y from those >> set forth in the forward- |ooking statements. >> >> Please be advised that nothing within this emai| sha|l constitute a >> solicitation or an invitation to get position in or se|l any security >> mentioned herein. This newsletter is neither a registered investment >> advisor nor affiliated with any broker or dealer. This news|etter was >> paid >> $52600 from third party to send this report. Al| statements made are >> our >> express opinion on|y and shou|d be treated as such. We may own, take >> position and sell any securities mentioned at any time. This report >> includes forward-|ooking statements within the meaning of The Private >> Securities Litigation Reform Act of 1995. These statements may inc|ude >> terms >> as "expect", "believe", "may", "wi||", "move","underva|ued" and >> "intend" or simi|ar terms. >> >> >> If you wish to stop future mailings, or if you feel you have been >> wrongfu|ly p|aced in our list, p|ease go here >> (-stox0011@yahoo.com-) >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Rodney Green Network/Security Administrator Trayer Products, Inc. E-Mail: rgreen@trayerproducts.com Phone: 607-734-8124 Ext. 343 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From carinus.carelse at MRC.AC.ZA Fri Feb 4 15:43:17 2005 From: carinus.carelse at MRC.AC.ZA (Carinus Carelse) Date: Thu Jan 12 21:28:26 2006 Subject: QuarantineReport Query Message-ID: Ok I have got it to copy the original message and the rights are ok but i still get the Error Releasing email message 1CwbkG-0002j7-KK to user@domain.com 1CwbkG-0002j7-KK, user@domain.com, or 20050202 is not legitimate format! Well i guess that's that unless someone has another suggestion. Carinus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Feb 4 15:51:41 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:26 2006 Subject: SA socres check Message-ID: Rodney www.rulesemporium.com/rules.htm -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Rodney Green wrote: > Martin, > > Are the rules you have available somewhere for download? I could use > some more rules to add to my SA install. > > Thanks, > Rodney > > Martin Hepworth wrote: > >> Magda >> >> lots.. >> >> 46.8 >> >> Spam Report: >> 0.00 BAYES_50 Bayesian spam probability is 40 to 60% >> 2.29 BIZ_TLD Contains an URL in the BIZ top-level domain >> 3.02 FB_FORWARD >> 0.50 FB_INVEST_ADVICE >> 1.20 FB_ST0CK >> 1.10 FM_MULTI_ODD2 >> 1.40 FU_TLD_BIZ >> 0.60 J_CHICKENPOX_12 {1}Letter - punctuation - {2}Letter >> 0.60 J_CHICKENPOX_13 {1}Letter - punctuation - {3}Letter >> 0.60 J_CHICKENPOX_14 {1}Letter - punctuation - {4}Letter >> 0.60 J_CHICKENPOX_15 {1}Letter - punctuation - {5}Letter >> 0.60 J_CHICKENPOX_21 {2}Letter - punctuation - {1}Letter >> 0.60 J_CHICKENPOX_22 {2}Letter - punctuation - {2}Letter >> 0.60 J_CHICKENPOX_24 {2}Letter - punctuation - {4}Letter >> 0.60 J_CHICKENPOX_25 {2}Letter - punctuation - {5}Letter >> 0.60 J_CHICKENPOX_27 {2}Letter - punctuation - {7}Letter >> 0.60 J_CHICKENPOX_31 {3}Letter - punctuation - {1}Letter >> 0.60 J_CHICKENPOX_33 {3}Letter - punctuation - {3}Letter >> 0.60 J_CHICKENPOX_34 {3}Letter - punctuation - {4}Letter >> 0.60 J_CHICKENPOX_35 {3}Letter - punctuation - {5}Letter >> 0.60 J_CHICKENPOX_36 {3}Letter - punctuation - {6}Letter >> 0.60 J_CHICKENPOX_37 {3}Letter - punctuation - {7}Letter >> 0.60 J_CHICKENPOX_41 {4}Letter - punctuation - {1}Letter >> 0.60 J_CHICKENPOX_42 {4}Letter - punctuation - {2}Letter >> 0.60 J_CHICKENPOX_43 {4}Letter - punctuation - {3}Letter >> 0.60 J_CHICKENPOX_45 {4}Letter - punctuation - {5}Letter >> 0.60 J_CHICKENPOX_55 {5}Letter - punctuation - {5}Letter >> 0.60 J_CHICKENPOX_61 {6}Letter - punctuation - {1}Letter >> 0.60 J_CHICKENPOX_63 {6}Letter - punctuation - {3}Letter >> 0.60 J_CHICKENPOX_71 {7}Letter - punctuation - {1}Letter >> 0.60 J_CHICKENPOX_72 {7}Letter - punctuation - {2}Letter >> 0.60 J_CHICKENPOX_81 {8}Letter - punctuation - {1}Letter >> 2.30 MANGLED_BELOW mangled below >> 2.30 MANGLED_FULL mangled full >> 2.30 MANGLED_LIST mangled list >> 2.30 MANGLED_LOW mangled low >> 2.30 MANGLED_OFF mangled off >> 2.30 MANGLED_PLEASE mangled please >> 2.30 MANGLED_REALLY mangled really >> 2.30 MANGLED_SPCALS mangled special(s) >> 2.30 MANGLED_STOCK mangled stock(s) >> 1.67 SARE_FWDLOOK Forward looking statements about stocks >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >> Magda Hewryk wrote: >> >>> Would somebody confirm the scores for the spam below? What was your >>> score? >>> >>> "not spam, SpamAssassin (score=4.278, required 4.9, autolearn=spam, >>> BAYES_00 -2.60, PYZOR_CHECK 3.45, RCVD_HELO_IP_MISMATCH 2.18, >>> RCVD_NUMERIC_HELO 1.25)" >>> >>> >>> >>> Thanks, >>> >>> Magda Hewryk >>> -------------------------------- >>> Mid-Range Systems >>> 905-273-1637 (Office) >>> 416-554-0743 (Cell) >>> ----- Forwarded by Magdalena Hewryk/TOR/SYM on 02/04/2005 10:16 AM ----- >>> >>> "Christoper >>> Mccain" >>> >>> >> .com> >>> >>> cc >>> 02/04/2005 09:09 >>> AM >>> Subject >>> Technica| p|ay in m0tiOn 0n penny >>> st0ck >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> THIS STOCK IS UNDISCOVERED STOCK GEM - Just starting to trade >>> >>> >>> Millennium National Events, Inc. - Symbol: MNEI >>> >>> Millenniums current roster of event sponsors inc|udes such names as: WM >>> Wrig|ey, American Express, Office Depot, Verizon, Ita|ian Rose, TWA, >>> Power Sports, Pizza Hut, Coca-Cola, Samuel Adams, C|ear Channe| >>> Communications, Viacom, Infinity Broadcasting, Budweiser, COX >>> Broadcasting, NBC >>> |ocal affiliates, Brown Foreman (Jack Danie|s), Southern Wine & >>> Spirits, Viking Ovens and Bergwater Vineyards. >>> >>> >>> And just read the News... Read the entire news be|ow >>> >>> NEWS>>>..Mi||ennium announced that it has entered into an agreement to >>> acquire >>> al| of the outstanding shares of Mi||ennium National Imports, Inc., a >>> Texas Company. >>> >>> >>> Yes you read it right - this is serious company with some serious >>> business >>> >>> >>> Symbo|: MNEI >>> Current Price: $0.45 >>> 1-2 weeks specu|ative targer price: SKY IS THE LIMIT ON THIS STOCK $2-3 >>> is real|y >>> possibe (if you look at |eve|2 you wi|| see why) >>> >>> >>> Mi||ennium Nationa| Events, Inc. (MNEI) is an event company that is >>> currently transforming the wor|d of specia| events and corporate >>> sponsorship. The Company is a fu||y integrated event promoter which >>> owns, >>> partially or entire|y, and/or operates a diversified network of events >>> and >>> event promoters in the states of F|orida, New York, Indiana, Colorado, >>> California and Washington DC. >>> >>> Through its diverse segments, Mi||ennium's footprint is expanding in >>> live entertainment, including sports and music. While Mi|lennium >>> Nationa| >>> Events owns and is constant|y acquiring existing events, our upcoming >>> ca|endar inc|udes events with IMG, Clear Channe|, SFX, the ATP, NFL, >>> PGA, LPGA, and NASCAR. >>> >>> >>> Symbol: MNEI >>> Current Price: $O.45 >>> 1-2 weeks speculative targer price: SKY IS THE LIMIT ON THIS STOCK $2-3 >>> is rea||y >>> possibe (if you |ook at leve|2 you wil| see why) >>> >>> >>> NEWS >>> >>> DELRAY BEACH, Fla., Jan 21 /PRNewswire-FirstCa|l/ -- Mil|ennium >>> National Events (OTC Pink Sheets: MNEI) today announced that it has >>> entered >>> into negotiations to acquire al| or part of a working interest in Match >>> Point, Inc., the owner of the ATP sanctioned event known as the >>> Mi||ennium Internationa| Tennis Tournament. >>> >>> >>> Millennium earlier became the title sponsor of the Match Point, Inc. >>> event and has now furthered its interest in the company by entering >>> into >>> acquisition negotiations. >>> >>> Both |ocal Delray Beach-based companies cou|d integrate the two >>> entities. "Basical|y we're both from the same industry, and together I >>> believe >>> we cou|d be bigger and accomp|ish more than as stand-alone companies," >>> said Robert McAl|ister, CEO & President of Mi||ennium National Events. >>> >>> Mark Baron, President of Match Point, Inc., says of the negotiations, >>> "We are considering Millennium's offers and be|ieve that there cou|d be >>> a possib|e f i t here for our company and our share holders." >>> >>> McA||ister also fee|s the purchase of Match Point is a good move for >>> both Mi|lennium shareholders and Match Point. "This acquisition is >>> consistent with our overa|| business plan. It has a|ways been our >>> intent to >>> target and acquire successful, high-profi|e events and their promoters; >>> we've had our eye on Match Point for a|most one year now. Consolidation >>> is the key, not only to our bottom line, but also to the success of >>> each individua| event." >>> >>> Exact terms have been not yet been announced, but Mi|lennium sees the >>> Match Point acquisition ultimate|y being ab|e to bring net revenues to >>> MNEI's bottom |ine. >>> >>> MNEI sees both the internationa| te|evision audience and the ability to >>> attract a Fortune 5O0 as a potentia| source of even greater, and as of >>> yet, untapped revenue. McAl|ister expects the dea| to be consummated in >>> this quarter. >>> >>> The ATP tournament is being held Jan. 31 - Feb. 6 at the Delray Beach >>> Tennis Center. The draw for the 13th annual Millennium ITC inc|udes top >>> Americans Vince Spadea, current|y No. 19 in the world, two-time ITC >>> champion Jan-Michael Gambil| and James Blake. Also entered in the >>> tournament are Jiri Novak (Czech Republic), current|y at No. 25, >>> two-time >>> Mil|ennium ITC fina|ist Xavier Malisse (Belgium) and defending champion >>> Ricardo Me||o (Brazi|). The tournament stil| ho|ds two wildcards that >>> can >>> be offered to other top p|ayers in the weeks |eading up to the event. >>> >>> >>> >>> read this |ega| info >>> >>> Information within this emai| contains "forward |ooking statements" >>> within the meaning of Section 27A of the Securities Act of 1933 and >>> Section 21B of the Securities Exchange Act of 1934. Any statements that >>> express or invo|ve discussions with respect to predictions, goa|s, >>> expectations, be|iefs, p|ans, projections, objectives, assumptions or >>> future >>> events or performance are not statements of historica| fact and may be >>> "forward looking statements." Forward |ooking statements are based on >>> expectations, estimates and projections at the time the statements are >>> made >>> that involve a number of risks and uncertainties which cou|d cause >>> actual results or events to differ material|y from those present|y >>> anticipated. Forward |ooking statements in this action may be >>> identified >>> through the use of words such as: "projects", "foresee", "expects", >>> "estimates," "believes," "understands" "will," "part of: "anticipates," >>> or that >>> by statements indicating certain actions "may," "cou|d," or "might" >>> occur. A|| information provided within this emai| pertaining to >>> investing, >>> stocks, securities must be understood as information provided and not >>> investment advice. Emerging Equity A|ert advises all readers and >>> subscribers to seek advice from a registered professiona| securities >>> representative before deciding to trade in stocks featured within this >>> emai|. >>> None of the material within this report sha|l be construed as any kind >>> of >>> investment advice. P|ease have in mind that the interpretation of the >>> witer of this news|etter about the news pub|ished by the company does >>> not represent the company officia| statement and in fact may differ >>> from >>> the rea| meaning of what the news re|ease meant to say. Look the news >>> release by yourse|f and judge by yourse|f about the details in it.

>>> >>> In compliance with Section 17(b), we disc|ose the ho|ding of MNEI >>> shares prior to the publication of this report. Be aware of an inherent >>> conf|ict of interest resulting from such holdings due to our intent to >>> profit from the |iquidation of these shares. Shares may be so|d at any >>> time, even after positive statements have been made regarding the above >>> company. Since we own shares, there is an inherent conflict of interest >>> in >>> our statements and opinions. Readers of this pub|ication are cautioned >>> not to place undue reliance on forward-looking statements, which are >>> based on certain assumptions and expectations involving various risks >>> and >>> uncertainties, that cou|d cause results to differ material|y from those >>> set forth in the forward- |ooking statements. >>> >>> Please be advised that nothing within this emai| sha|l constitute a >>> solicitation or an invitation to get position in or se|l any security >>> mentioned herein. This newsletter is neither a registered investment >>> advisor nor affiliated with any broker or dealer. This news|etter was >>> paid >>> $52600 from third party to send this report. Al| statements made are >>> our >>> express opinion on|y and shou|d be treated as such. We may own, take >>> position and sell any securities mentioned at any time. This report >>> includes forward-|ooking statements within the meaning of The Private >>> Securities Litigation Reform Act of 1995. These statements may inc|ude >>> terms >>> as "expect", "believe", "may", "wi||", "move","underva|ued" and >>> "intend" or simi|ar terms. >>> >>> >>> If you wish to stop future mailings, or if you feel you have been >>> wrongfu|ly p|aced in our list, p|ease go here >>> (-stox0011@yahoo.com-) >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> >> >> ********************************************************************** >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please notify >> the system manager. >> >> This footnote confirms that this email message has been swept >> for the presence of computer viruses and is believed to be clean. >> >> ********************************************************************** >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Rodney Green > Network/Security Administrator > Trayer Products, Inc. > E-Mail: rgreen@trayerproducts.com > Phone: 607-734-8124 Ext. 343 > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Fri Feb 4 15:59:42 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:26 2006 Subject: I have been trying to change the spam score in MailScanner and have been having some problems with s Message-ID: I have been trying to change the spam score in MailScanner and have been having some problems with some. I did not have a score in the spam.assassin.prefs.conf for AWL. I added "score AWL 1.393 1.320 1.613 1.02". It still shows in the log as AWL -1.61. Am I missing something??? Do I have rules in spamassassin some place else that I am missing??? Thanks, Dave Feb 4 10:55:42 spamfilter MailScanner[3773]: Message 917E516F54F.517ED from 65.205.157.199 (cash@earningsavenue.com) to sbschools.net is spam, SBL+XBL, SpamAssassin (score=9.36, required 4.3, AWL -1.61, BAYES_50 0.00, BE_BOSS 1.65, HTML_80_90 0.15, HTML_IMAGE_ONLY_16 1.05, HTML_IMAGE_RATIO_02 0.02, HTML_MESSAGE 0.00, HTML_NONELEMENT_00_10 0.00, HTML_WEB_BUGS 0.04, MIME_HTML_ONLY 0.18, MSGID_FROM_MTA_ID 1.72, RCVD_IN_SBL 0.50, URIBL_OB_SURBL 3.21, URIBL_SBL 1.00, URIBL_WS_SURBL 1.46) This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MHewryk at SYMCOR.COM Fri Feb 4 16:03:28 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:26 2006 Subject: SA socres check Message-ID: Such a shame the same spam was scored for me at 4.2 and you got 46 points for it! I will definitely use the extra rules. Did anybody got the below spam flagged with URIBL_SBL and URIBL_WS_SURBL??? I did not. Thanks, Magda Martin Hepworth To Sent by: MAILSCANNER@JISCMAIL.AC.UK MailScanner cc mailing list Re: SA socres check 02/04/2005 10:51 AM Please respond to MailScanner mailing list Rodney www.rulesemporium.com/rules.htm -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Rodney Green wrote: > Martin, > > Are the rules you have available somewhere for download? I could use > some more rules to add to my SA install. > > Thanks, > Rodney > > Martin Hepworth wrote: > >> Magda >> >> lots.. >> >> 46.8 >> >> Spam Report: >> 0.00 BAYES_50 Bayesian spam probability is 40 to 60% >> 2.29 BIZ_TLD Contains an URL in the BIZ top-level domain >> 3.02 FB_FORWARD >> 0.50 FB_INVEST_ADVICE >> 1.20 FB_ST0CK >> 1.10 FM_MULTI_ODD2 >> 1.40 FU_TLD_BIZ >> 0.60 J_CHICKENPOX_12 {1}Letter - punctuation - {2}Letter >> 0.60 J_CHICKENPOX_13 {1}Letter - punctuation - {3}Letter >> 0.60 J_CHICKENPOX_14 {1}Letter - punctuation - {4}Letter >> 0.60 J_CHICKENPOX_15 {1}Letter - punctuation - {5}Letter >> 0.60 J_CHICKENPOX_21 {2}Letter - punctuation - {1}Letter >> 0.60 J_CHICKENPOX_22 {2}Letter - punctuation - {2}Letter >> 0.60 J_CHICKENPOX_24 {2}Letter - punctuation - {4}Letter >> 0.60 J_CHICKENPOX_25 {2}Letter - punctuation - {5}Letter >> 0.60 J_CHICKENPOX_27 {2}Letter - punctuation - {7}Letter >> 0.60 J_CHICKENPOX_31 {3}Letter - punctuation - {1}Letter >> 0.60 J_CHICKENPOX_33 {3}Letter - punctuation - {3}Letter >> 0.60 J_CHICKENPOX_34 {3}Letter - punctuation - {4}Letter >> 0.60 J_CHICKENPOX_35 {3}Letter - punctuation - {5}Letter >> 0.60 J_CHICKENPOX_36 {3}Letter - punctuation - {6}Letter >> 0.60 J_CHICKENPOX_37 {3}Letter - punctuation - {7}Letter >> 0.60 J_CHICKENPOX_41 {4}Letter - punctuation - {1}Letter >> 0.60 J_CHICKENPOX_42 {4}Letter - punctuation - {2}Letter >> 0.60 J_CHICKENPOX_43 {4}Letter - punctuation - {3}Letter >> 0.60 J_CHICKENPOX_45 {4}Letter - punctuation - {5}Letter >> 0.60 J_CHICKENPOX_55 {5}Letter - punctuation - {5}Letter >> 0.60 J_CHICKENPOX_61 {6}Letter - punctuation - {1}Letter >> 0.60 J_CHICKENPOX_63 {6}Letter - punctuation - {3}Letter >> 0.60 J_CHICKENPOX_71 {7}Letter - punctuation - {1}Letter >> 0.60 J_CHICKENPOX_72 {7}Letter - punctuation - {2}Letter >> 0.60 J_CHICKENPOX_81 {8}Letter - punctuation - {1}Letter >> 2.30 MANGLED_BELOW mangled below >> 2.30 MANGLED_FULL mangled full >> 2.30 MANGLED_LIST mangled list >> 2.30 MANGLED_LOW mangled low >> 2.30 MANGLED_OFF mangled off >> 2.30 MANGLED_PLEASE mangled please >> 2.30 MANGLED_REALLY mangled really >> 2.30 MANGLED_SPCALS mangled special(s) >> 2.30 MANGLED_STOCK mangled stock(s) >> 1.67 SARE_FWDLOOK Forward looking statements about stocks >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >> Magda Hewryk wrote: >> >>> Would somebody confirm the scores for the spam below? What was your >>> score? >>> >>> "not spam, SpamAssassin (score=4.278, required 4.9, autolearn=spam, >>> BAYES_00 -2.60, PYZOR_CHECK 3.45, RCVD_HELO_IP_MISMATCH 2.18, >>> RCVD_NUMERIC_HELO 1.25)" >>> >>> >>> >>> Thanks, >>> >>> Magda Hewryk >>> -------------------------------- >>> Mid-Range Systems >>> 905-273-1637 (Office) >>> 416-554-0743 (Cell) >>> ----- Forwarded by Magdalena Hewryk/TOR/SYM on 02/04/2005 10:16 AM ----- >>> >>> "Christoper >>> Mccain" >>> >>> >> .com> >>> >>> cc >>> 02/04/2005 09:09 >>> AM >>> Subject >>> Technica| p|ay in m0tiOn 0n penny >>> st0ck >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> THIS STOCK IS UNDISCOVERED STOCK GEM - Just starting to trade >>> >>> >>> Millennium National Events, Inc. - Symbol: MNEI >>> >>> Millenniums current roster of event sponsors inc|udes such names as: WM >>> Wrig|ey, American Express, Office Depot, Verizon, Ita|ian Rose, TWA, >>> Power Sports, Pizza Hut, Coca-Cola, Samuel Adams, C|ear Channe| >>> Communications, Viacom, Infinity Broadcasting, Budweiser, COX >>> Broadcasting, NBC >>> |ocal affiliates, Brown Foreman (Jack Danie|s), Southern Wine & >>> Spirits, Viking Ovens and Bergwater Vineyards. >>> >>> >>> And just read the News... Read the entire news be|ow >>> >>> NEWS>>>..Mi||ennium announced that it has entered into an agreement to >>> acquire >>> al| of the outstanding shares of Mi||ennium National Imports, Inc., a >>> Texas Company. >>> >>> >>> Yes you read it right - this is serious company with some serious >>> business >>> >>> >>> Symbo|: MNEI >>> Current Price: $0.45 >>> 1-2 weeks specu|ative targer price: SKY IS THE LIMIT ON THIS STOCK $2-3 >>> is real|y >>> possibe (if you look at |eve|2 you wi|| see why) >>> >>> >>> Mi||ennium Nationa| Events, Inc. (MNEI) is an event company that is >>> currently transforming the wor|d of specia| events and corporate >>> sponsorship. The Company is a fu||y integrated event promoter which >>> owns, >>> partially or entire|y, and/or operates a diversified network of events >>> and >>> event promoters in the states of F|orida, New York, Indiana, Colorado, >>> California and Washington DC. >>> >>> Through its diverse segments, Mi||ennium's footprint is expanding in >>> live entertainment, including sports and music. While Mi|lennium >>> Nationa| >>> Events owns and is constant|y acquiring existing events, our upcoming >>> ca|endar inc|udes events with IMG, Clear Channe|, SFX, the ATP, NFL, >>> PGA, LPGA, and NASCAR. >>> >>> >>> Symbol: MNEI >>> Current Price: $O.45 >>> 1-2 weeks speculative targer price: SKY IS THE LIMIT ON THIS STOCK $2-3 >>> is rea||y >>> possibe (if you |ook at leve|2 you wil| see why) >>> >>> >>> NEWS >>> >>> DELRAY BEACH, Fla., Jan 21 /PRNewswire-FirstCa|l/ -- Mil|ennium >>> National Events (OTC Pink Sheets: MNEI) today announced that it has >>> entered >>> into negotiations to acquire al| or part of a working interest in Match >>> Point, Inc., the owner of the ATP sanctioned event known as the >>> Mi||ennium Internationa| Tennis Tournament. >>> >>> >>> Millennium earlier became the title sponsor of the Match Point, Inc. >>> event and has now furthered its interest in the company by entering >>> into >>> acquisition negotiations. >>> >>> Both |ocal Delray Beach-based companies cou|d integrate the two >>> entities. "Basical|y we're both from the same industry, and together I >>> believe >>> we cou|d be bigger and accomp|ish more than as stand-alone companies," >>> said Robert McAl|ister, CEO & President of Mi||ennium National Events. >>> >>> Mark Baron, President of Match Point, Inc., says of the negotiations, >>> "We are considering Millennium's offers and be|ieve that there cou|d be >>> a possib|e f i t here for our company and our share holders." >>> >>> McA||ister also fee|s the purchase of Match Point is a good move for >>> both Mi|lennium shareholders and Match Point. "This acquisition is >>> consistent with our overa|| business plan. It has a|ways been our >>> intent to >>> target and acquire successful, high-profi|e events and their promoters; >>> we've had our eye on Match Point for a|most one year now. Consolidation >>> is the key, not only to our bottom line, but also to the success of >>> each individua| event." >>> >>> Exact terms have been not yet been announced, but Mi|lennium sees the >>> Match Point acquisition ultimate|y being ab|e to bring net revenues to >>> MNEI's bottom |ine. >>> >>> MNEI sees both the internationa| te|evision audience and the ability to >>> attract a Fortune 5O0 as a potentia| source of even greater, and as of >>> yet, untapped revenue. McAl|ister expects the dea| to be consummated in >>> this quarter. >>> >>> The ATP tournament is being held Jan. 31 - Feb. 6 at the Delray Beach >>> Tennis Center. The draw for the 13th annual Millennium ITC inc|udes top >>> Americans Vince Spadea, current|y No. 19 in the world, two-time ITC >>> champion Jan-Michael Gambil| and James Blake. Also entered in the >>> tournament are Jiri Novak (Czech Republic), current|y at No. 25, >>> two-time >>> Mil|ennium ITC fina|ist Xavier Malisse (Belgium) and defending champion >>> Ricardo Me||o (Brazi|). The tournament stil| ho|ds two wildcards that >>> can >>> be offered to other top p|ayers in the weeks |eading up to the event. >>> >>> >>> >>> read this |ega| info >>> >>> Information within this emai| contains "forward |ooking statements" >>> within the meaning of Section 27A of the Securities Act of 1933 and >>> Section 21B of the Securities Exchange Act of 1934. Any statements that >>> express or invo|ve discussions with respect to predictions, goa|s, >>> expectations, be|iefs, p|ans, projections, objectives, assumptions or >>> future >>> events or performance are not statements of historica| fact and may be >>> "forward looking statements." Forward |ooking statements are based on >>> expectations, estimates and projections at the time the statements are >>> made >>> that involve a number of risks and uncertainties which cou|d cause >>> actual results or events to differ material|y from those present|y >>> anticipated. Forward |ooking statements in this action may be >>> identified >>> through the use of words such as: "projects", "foresee", "expects", >>> "estimates," "believes," "understands" "will," "part of: "anticipates," >>> or that >>> by statements indicating certain actions "may," "cou|d," or "might" >>> occur. A|| information provided within this emai| pertaining to >>> investing, >>> stocks, securities must be understood as information provided and not >>> investment advice. Emerging Equity A|ert advises all readers and >>> subscribers to seek advice from a registered professiona| securities >>> representative before deciding to trade in stocks featured within this >>> emai|. >>> None of the material within this report sha|l be construed as any kind >>> of >>> investment advice. P|ease have in mind that the interpretation of the >>> witer of this news|etter about the news pub|ished by the company does >>> not represent the company officia| statement and in fact may differ >>> from >>> the rea| meaning of what the news re|ease meant to say. Look the news >>> release by yourse|f and judge by yourse|f about the details in it.

>>> >>> In compliance with Section 17(b), we disc|ose the ho|ding of MNEI >>> shares prior to the publication of this report. Be aware of an inherent >>> conf|ict of interest resulting from such holdings due to our intent to >>> profit from the |iquidation of these shares. Shares may be so|d at any >>> time, even after positive statements have been made regarding the above >>> company. Since we own shares, there is an inherent conflict of interest >>> in >>> our statements and opinions. Readers of this pub|ication are cautioned >>> not to place undue reliance on forward-looking statements, which are >>> based on certain assumptions and expectations involving various risks >>> and >>> uncertainties, that cou|d cause results to differ material|y from those >>> set forth in the forward- |ooking statements. >>> >>> Please be advised that nothing within this emai| sha|l constitute a >>> solicitation or an invitation to get position in or se|l any security >>> mentioned herein. This newsletter is neither a registered investment >>> advisor nor affiliated with any broker or dealer. This news|etter was >>> paid >>> $52600 from third party to send this report. Al| statements made are >>> our >>> express opinion on|y and shou|d be treated as such. We may own, take >>> position and sell any securities mentioned at any time. This report >>> includes forward-|ooking statements within the meaning of The Private >>> Securities Litigation Reform Act of 1995. These statements may inc|ude >>> terms >>> as "expect", "believe", "may", "wi||", "move","underva|ued" and >>> "intend" or simi|ar terms. >>> >>> >>> If you wish to stop future mailings, or if you feel you have been >>> wrongfu|ly p|aced in our list, p|ease go here >>> (-stox0011@yahoo.com-) >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> >> >> ********************************************************************** >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please notify >> the system manager. >> >> This footnote confirms that this email message has been swept >> for the presence of computer viruses and is believed to be clean. >> >> ********************************************************************** >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Rodney Green > Network/Security Administrator > Trayer Products, Inc. > E-Mail: rgreen@trayerproducts.com > Phone: 607-734-8124 Ext. 343 > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From carinus.carelse at MRC.AC.ZA Fri Feb 4 16:15:57 2005 From: carinus.carelse at MRC.AC.ZA (Carinus Carelse) Date: Thu Jan 12 21:28:26 2006 Subject: QuarantineReport Query command line works web interface doesn't Message-ID: I can copy the command line out of the quarnatine release file and it will send with now problem. just not via the browser interface. I wonder if i have'nt forgotten something in my php install. Carinus Carinus Carelse wrote: > Ok I have got it to copy the original message and the rights are ok but i still get the > Error > > Releasing email message 1CwbkG-0002j7-KK to user@domain.com > > 1CwbkG-0002j7-KK, user@domain.com, or 20050202 is not legitimate format! > > Well i guess that's that unless someone has another suggestion. > > Carinus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Feb 4 16:33:11 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:26 2006 Subject: SA socres check Message-ID: Magda no URL's in the email s othe URI-RBL's won't pick up anything.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Magda Hewryk wrote: > Such a shame the same spam was scored for me at 4.2 and you got 46 points > for it! I will definitely use the extra rules. > > Did anybody got the below spam flagged with URIBL_SBL and > URIBL_WS_SURBL??? I did not. > > > Thanks, > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Fri Feb 4 16:36:32 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:28:26 2006 Subject: QuarantineReport Query command line works web interface doesn't Message-ID: Hi, maybe the directory for the ReleaseQuarantine.php is not found? Check your dir-settings on the webserver..and if you are able to get the php-file itself.. this also means the spam-dir etc. Greetings Marcel On Fri, 4 Feb 2005, Carinus Carelse wrote: > I can copy the command line out of the quarnatine release file and it > will send with now > problem. just not via the browser interface. I wonder if i have'nt > forgotten something in > my php install. > > Carinus > > > Carinus Carelse wrote: > > > Ok I have got it to copy the original message and the rights are ok > but i still get the > > Error > > > > Releasing email message 1CwbkG-0002j7-KK to user@domain.com > > > > 1CwbkG-0002j7-KK, user@domain.com, or 20050202 is not legitimate > format! > > > > Well i guess that's that unless someone has another suggestion. > > > > Carinus > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MHewryk at SYMCOR.COM Fri Feb 4 16:42:15 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:26 2006 Subject: Fw: SA socres check Message-ID: Thanks Martin! Few question about the custom SA rules. I've already downloaded the rules_du_jour script & made some basic variable changes. I have also created the /etc/rulesdujour/config file. It looks like below. Is this a correct configuration setting? Is this all I need? /etc/rulesdujour/config: " TRUSTED_RULESETS=" Thanks, Magda ----- Forwarded by Magdalena Hewryk/TOR/SYM on 02/04/2005 11:37 AM ----- Martin Hepworth To Sent by: MAILSCANNER@JISCMAIL.AC.UK MailScanner cc mailing list Re: SA socres check 02/04/2005 11:33 AM Please respond to MailScanner mailing list Magda no URL's in the email s othe URI-RBL's won't pick up anything.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Magda Hewryk wrote: > Such a shame the same spam was scored for me at 4.2 and you got 46 points > for it! I will definitely use the extra rules. > > Did anybody got the below spam flagged with URIBL_SBL and > URIBL_WS_SURBL??? I did not. > > > Thanks, > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From carinus.carelse at MRC.AC.ZA Fri Feb 4 16:44:38 2005 From: carinus.carelse at MRC.AC.ZA (Carinus Carelse) Date: Thu Jan 12 21:28:26 2006 Subject: QuarantineReport Query command line works web interface doesn't Message-ID: Ja i can access the php file with no hassle and the spamdir. Carinus Marcel Blenkers wrote: > Hi, > > maybe the directory for the ReleaseQuarantine.php is not found? > > Check your dir-settings on the webserver..and if you are able to get the > php-file itself.. > > this also means the spam-dir etc. > > Greetings > > Marcel > > On Fri, 4 Feb 2005, Carinus Carelse wrote: > > > I can copy the command line out of the quarnatine release file and it > > will send with now > > problem. just not via the browser interface. I wonder if i have'nt > > forgotten something in > > my php install. > > > > Carinus > > > > > > Carinus Carelse wrote: > > > > > Ok I have got it to copy the original message and the rights are ok > > but i still get the > > > Error > > > > > > Releasing email message 1CwbkG-0002j7-KK to user@domain.com > > > > > > 1CwbkG-0002j7-KK, user@domain.com, or 20050202 is not legitimate > > format! > > > > > > Well i guess that's that unless someone has another suggestion. > > > > > > Carinus > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From carinus.carelse at MRC.AC.ZA Fri Feb 4 16:50:34 2005 From: carinus.carelse at MRC.AC.ZA (Carinus Carelse) Date: Thu Jan 12 21:28:26 2006 Subject: QuarantineReport Query command line works web interface doesn't Message-ID: For interests sake what version of php and what webserver are you running. How did you install your php. Carinus Carinus Carelse wrote: > Ja i can access the php file with no hassle and the spamdir. > > Carinus > > Marcel Blenkers wrote: > > > Hi, > > > > maybe the directory for the ReleaseQuarantine.php is not found? > > > > Check your dir-settings on the webserver..and if you are able to get the > > php-file itself.. > > > > this also means the spam-dir etc. > > > > Greetings > > > > Marcel > > > > On Fri, 4 Feb 2005, Carinus Carelse wrote: > > > > > I can copy the command line out of the quarnatine release file and it > > > will send with now > > > problem. just not via the browser interface. I wonder if i have'nt > > > forgotten something in > > > my php install. > > > > > > Carinus > > > > > > > > > Carinus Carelse wrote: > > > > > > > Ok I have got it to copy the original message and the rights are ok > > > but i still get the > > > > Error > > > > > > > > Releasing email message 1CwbkG-0002j7-KK to user@domain.com > > > > > > > > 1CwbkG-0002j7-KK, user@domain.com, or 20050202 is not legitimate > > > format! > > > > > > > > Well i guess that's that unless someone has another suggestion. > > > > > > > > Carinus > > > > > > ------------------------ MailScanner list ------------------------ > > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > 'leave mailscanner' in the body of the email. > > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cconn at ABACOM.COM Fri Feb 4 16:52:02 2005 From: cconn at ABACOM.COM (Chris Conn) Date: Thu Jan 12 21:28:26 2006 Subject: Missing BAYES??? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] score=6.893, requis xxx, FROM_ENDS_IN_NUMS 0.99, HTML_MESSAGE 0.10, HTML_TAG_BALANCE_A0.20, LONGWORD 0.30, MR_BAD_QUOTE_1 1.00, MR_BAD_QUOTE_2 1.00, MR_STRANGE_QUESTION 1.50, NO_RDNS2 0.01, RCVD_IN_SORBS 1.00, SARE_HTML_NO_HTML1 0.79, UPPERCASE_25_50 0.00) Hello, From time to time I spot messages that SpamAssassin matches rules to as above (an example), but no Bayes is included in the report and therefore no negative scoring occurs. What can cause this, and what steps can I use to limit or remedy this behaviour???? I thank you in advance, Chris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From webalizer at NWCWEB.COM Fri Feb 4 16:53:07 2005 From: webalizer at NWCWEB.COM (Dave Duffner - NWCWEB.com) Date: Thu Jan 12 21:28:26 2006 Subject: SA scores check Message-ID: And with this question I have another related to it: Got the same thing in place, works just fine but because we're using an Ensim-based server setup the only .cf file it recognizes is the local.cf. So while the rules_du_jour does it's thing for updating, it places the new .cf files in the proper directory and that's it. From that point, unless I manually import them into the local.cf file, they're ignored. Any way to automate this process or change settings in the rules_du_jour scripting to possibly import these into the local.cf file without doing it on every update we get? Thanks! David J. Duffner VP Operations NWC Corporation www.nwcxpress.com > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Magda Hewryk > Sent: Friday, February 04, 2005 11:42 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Fw: SA socres check > > > Thanks Martin! > > Few question about the custom SA rules. > I've already downloaded the rules_du_jour script & made some > basic variable changes. I have also created the > /etc/rulesdujour/config file. It looks like below. > Is this a correct configuration setting? Is this all I need? > > /etc/rulesdujour/config: > > " TRUSTED_RULESETS=" > > > > Thanks, > > Magda -- Message scanned by MailScanner, and is believed to be clean. CONFIDENTIALITY NOTICE: This transmission intended for the specified destination and person. If this is not you, this e-mail must be deleted immediately. www.nwcweb.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nmeverde at NP.K12.MN.US Fri Feb 4 17:12:24 2005 From: nmeverde at NP.K12.MN.US (Nick Meverden) Date: Thu Jan 12 21:28:26 2006 Subject: Missing BAYES??? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > From time to time I spot messages that SpamAssassin matches rules to as > above (an example), but no Bayes is included in the report and therefore > no negative scoring occurs. What can cause this, and what steps can I > use to limit or remedy this behaviour???? > Check permissions on the bayes database. And the path to bayes database in spam.assassin.prefs.conf. Also run spamassassin -D --lint --prefs-file=/path/to/spam.assassin.prefs.conf > /tmp/spam.log 2>&1 check /tmp/spam.log for bayes errors. - Nick ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cconn at ABACOM.COM Fri Feb 4 17:02:04 2005 From: cconn at ABACOM.COM (Chris Conn) Date: Thu Jan 12 21:28:26 2006 Subject: Missing BAYES??? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Nick Meverden wrote: >> From time to time I spot messages that SpamAssassin matches rules to as >>above (an example), but no Bayes is included in the report and therefore >>no negative scoring occurs. What can cause this, and what steps can I >>use to limit or remedy this behaviour???? >> > > > Check permissions on the bayes database. And the path to bayes database > in spam.assassin.prefs.conf. Also run spamassassin -D --lint > --prefs-file=/path/to/spam.assassin.prefs.conf > /tmp/spam.log 2>&1 > check /tmp/spam.log for bayes errors. Hello, Just to be clear, 98% of the time the BAYES_XX score is there. Occasionally, it is not. The lint does not report any configuration errors or bayes problems, and the final spamscore of the lint shows BAYES scoring. Thanks, Chris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Feb 4 17:01:59 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:26 2006 Subject: Fw: SA socres check Message-ID: Magda I use the my_rules_du_jour wrapper script so I can add in my own rules and get RDJ to fetch them , but yes you probably just need to put in your required RULE_Set names (see the main RDJ file for those) into that line and it will automagically download them, --lint then and if fine restart MS (change the restart config line) for you... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Magda Hewryk wrote: > Thanks Martin! > > Few question about the custom SA rules. > I've already downloaded the rules_du_jour script & made some basic variable > changes. > I have also created the /etc/rulesdujour/config file. It looks like below. > Is this a correct configuration setting? Is this all I need? > > /etc/rulesdujour/config: > > " TRUSTED_RULESETS=" > > > > Thanks, > > Magda > ----- Forwarded by Magdalena Hewryk/TOR/SYM on 02/04/2005 11:37 AM ----- > > Martin Hepworth > ATE-LOGIC.COM> To > Sent by: MAILSCANNER@JISCMAIL.AC.UK > MailScanner cc > mailing list > MAIL.AC.UK> Re: SA socres check > > > 02/04/2005 11:33 > AM > > > Please respond to > MailScanner > mailing list > MAIL.AC.UK> > > > > > > > Magda > no URL's in the email s othe URI-RBL's won't pick up anything.. > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Magda Hewryk wrote: > >>Such a shame the same spam was scored for me at 4.2 and you got 46 points >>for it! I will definitely use the extra rules. >> >>Did anybody got the below spam flagged with URIBL_SBL and >>URIBL_WS_SURBL??? I did not. >> >> >>Thanks, >> > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nmeverde at NP.K12.MN.US Fri Feb 4 17:33:47 2005 From: nmeverde at NP.K12.MN.US (Nick Meverden) Date: Thu Jan 12 21:28:26 2006 Subject: Missing BAYES??? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Just to be clear, 98% of the time the BAYES_XX score is there. > Occasionally, it is not. > > The lint does not report any configuration errors or bayes problems, and > the final spamscore of the lint shows BAYES scoring. > Sounds like bayes is working fine then, someone else on the list may have a more "technical" sounding answer for this, but bayes will only speakup and score a message when it has something to say. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Feb 4 17:24:45 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:26 2006 Subject: Missing BAYES??? Message-ID: Nick Meverden wrote: >>Just to be clear, 98% of the time the BAYES_XX score is there. >>Occasionally, it is not. >> >>The lint does not report any configuration errors or bayes problems, and >>the final spamscore of the lint shows BAYES scoring. >> > > Sounds like bayes is working fine then, someone else on the list may have > a more "technical" sounding answer for this, but bayes will only speakup > and score a message when it has something to say. > Nick not in my experiance. the bayes system should tag all emails. I'd make sure MS is doing the re-sync of the bayes DB itself and an outside cron isn't trying to do this... In MainScanner.conf its the rebuild bayes options you need to set correctly and make sure it's set to wait while this happens as well. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cconn at ABACOM.COM Fri Feb 4 17:37:34 2005 From: cconn at ABACOM.COM (Chris Conn) Date: Thu Jan 12 21:28:26 2006 Subject: Missing BAYES??? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > > not in my experiance. the bayes system should tag all emails. > > I'd make sure MS is doing the re-sync of the bayes DB itself and an > outside cron isn't trying to do this... > > In MainScanner.conf its the rebuild bayes options you need to set > correctly and make sure it's set to wait while this happens as well. Hello, This is what I have: Rebuild Bayes Every = 259200 Wait During Bayes Rebuild = yes Out of 4975 messages marked as possible spam today, only 4842 had BAYES_XXX scores attached, the rest having a bunch of spamassassin scores but no BAYES. Chris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nmeverde at NP.K12.MN.US Fri Feb 4 17:54:10 2005 From: nmeverde at NP.K12.MN.US (Nick Meverden) Date: Thu Jan 12 21:28:26 2006 Subject: Missing BAYES??? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Out of 4975 messages marked as possible spam today, only 4842 had > BAYES_XXX scores attached, the rest having a bunch of spamassassin > scores but no BAYES. > Chris, your bayes is working fine, every once and a while I'll have an email not have a bayes score because there was nothing in the email that bayes has be taught to score. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Feb 4 17:40:56 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:26 2006 Subject: Missing BAYES??? Message-ID: Chris I've been corrected by someone on the IRC channel, who states that if the Bayes DB find no tokens that match it's DB then it will indeed have nothing to say about the email and therefore not contribute to the score. Sounds logical. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Chris Conn wrote: >> >> not in my experiance. the bayes system should tag all emails. >> >> I'd make sure MS is doing the re-sync of the bayes DB itself and an >> outside cron isn't trying to do this... >> >> In MainScanner.conf its the rebuild bayes options you need to set >> correctly and make sure it's set to wait while this happens as well. > > > Hello, > > This is what I have: > > Rebuild Bayes Every = 259200 > > Wait During Bayes Rebuild = yes > > Out of 4975 messages marked as possible spam today, only 4842 had > BAYES_XXX scores attached, the rest having a bunch of spamassassin > scores but no BAYES. > > Chris > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kodak at FRONTIERHOMEMORTGAGE.COM Fri Feb 4 18:28:05 2005 From: kodak at FRONTIERHOMEMORTGAGE.COM (Jason Balicki) Date: Thu Jan 12 21:28:26 2006 Subject: Slightly OT: virtual hosting Message-ID: Hello all, First of all, if this is too OT, let me know (preferably with a suggestion as where to take the discussion -- this is the only list I know of that has a good size community of mail admins that use all sorts of different MTA setups.) I've been a faithful MailScanner user for years now, and I love the package. However, I'm trying to consolidate several separate mail servers that I maintain under one roof (so to speak) and it seems like every virtual hosting solution has severe drawbacks. The options are limitless, but here's what I've considered so far: Webmin+Virtualmin (and the associated mailscanner webmin component). I like this, and I've had it partially set up, but the one drawback that I see is that I have to give people funky pop/imap logins, and for some reason I find that quite distasteful. The same as above, but without Webmin. Same drawbacks, plus I'd have to maintain the virtual user table by hand. qmail+vpopper+clamav+spamassassin. This would allow me to use sane usernames, but 1) I've heard it's a pain to get running (small, but my frustration level is high enough now :) and 2) I'd be ditching MailScanner. I know I could run Mailscanner on a separate box, but I'd be doubling the number of servers needed, plus I don't know if I could get the MailScanner box to drop unknown users. Well, that's about all I've seriously considered at this point. I'd like to continue to use MailScanner, as I like the all in one anti-spam and anti-virus capabilities, as well as the wonderful community, but it looks like I may have to switch out, and I'm not liking that possibility. Some other considerations: 1) someone else may have to administer this at some point. 2) I may add more domains, especially since I'll have the infrastructure in place. 3) I have absolutely no budget right now. I have a few spare desktops that I can sacrifice to be servers, but new hardware is not an option right now. (My boss won't even let me convert the 5 desktop-cased servers into rackmounts right now, even though I have a nearly empty relay-rack.) If you're running a virtual hosting solution, what are you using? Are you happy with it? If not what would you change? Is there anything I've missed that I should be considering? Also, I'm most familiar with Linux based solutions, but I'm not opposed to *bsd. However, I've tried to standardize on WhiteBox Enterprise Linux (where I can) to make things easy on myself. Thanks a lot for any input. If you think this isn't a good discussion for the list, please email me directly. --J(K) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Fri Feb 4 19:02:26 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:28:26 2006 Subject: Missing BAYES??? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Chris Conn wrote: >> >> not in my experiance. the bayes system should tag all emails. >> >> I'd make sure MS is doing the re-sync of the bayes DB itself and an >> outside cron isn't trying to do this... >> >> In MainScanner.conf its the rebuild bayes options you need to set >> correctly and make sure it's set to wait while this happens as well. > > > Hello, > > This is what I have: > > Rebuild Bayes Every = 259200 > > Wait During Bayes Rebuild = yes > > Out of 4975 messages marked as possible spam today, only 4842 had > BAYES_XXX scores attached, the rest having a bunch of spamassassin > scores but no BAYES. > Chris, I had one yesterday out of 16946 spam emails. So far I have none today. Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From campbell at cnpapers.com Fri Feb 4 19:14:43 2005 From: campbell at cnpapers.com (Steve Campbell) Date: Thu Jan 12 21:28:26 2006 Subject: Slightly OT: virtual hosting Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] ----- Original Message ----- From: "Jason Balicki" To: Sent: Friday, February 04, 2005 1:28 PM Subject: Slightly OT: virtual hosting > Hello all, > > First of all, if this is too OT, let me know (preferably > with a suggestion as where to take the discussion -- > this is the only list I know of that has a good size > community of mail admins that use all sorts of different > MTA setups.) > > I've been a faithful MailScanner user for years now, > and I love the package. > > However, I'm trying to consolidate several separate > mail servers that I maintain under one roof (so > to speak) and it seems like every virtual hosting > solution has severe drawbacks. > > The options are limitless, but here's what I've > considered so far: > > Webmin+Virtualmin (and the associated mailscanner > webmin component). I like this, and I've had it > partially set up, but the one drawback that I see > is that I have to give people funky pop/imap logins, > and for some reason I find that quite distasteful. > > The same as above, but without Webmin. Same > drawbacks, plus I'd have to maintain the > virtual user table by hand. > > qmail+vpopper+clamav+spamassassin. This would allow > me to use sane usernames, but 1) I've heard it's > a pain to get running (small, but my frustration > level is high enough now :) and 2) I'd be ditching > MailScanner. I know I could run Mailscanner on > a separate box, but I'd be doubling the number > of servers needed, plus I don't know if I could > get the MailScanner box to drop unknown users. > > Well, that's about all I've seriously considered > at this point. > > I'd like to continue to use MailScanner, as I like > the all in one anti-spam and anti-virus capabilities, > as well as the wonderful community, but it looks like > I may have to switch out, and I'm not liking that > possibility. > > Some other considerations: > > 1) someone else may have to administer this at some > point. > > 2) I may add more domains, especially since I'll have > the infrastructure in place. > > 3) I have absolutely no budget right now. I have > a few spare desktops that I can sacrifice to be > servers, but new hardware is not an option right > now. (My boss won't even let me convert the 5 > desktop-cased servers into rackmounts right now, > even though I have a nearly empty relay-rack.) > > If you're running a virtual hosting solution, what > are you using? Are you happy with it? If not what > would you change? Is there anything I've missed > that I should be considering? > > Also, I'm most familiar with Linux based solutions, > but I'm not opposed to *bsd. However, I've tried > to standardize on WhiteBox Enterprise Linux (where > I can) to make things easy on myself. > > Thanks a lot for any input. If you think this isn't > a good discussion for the list, please email me > directly. > > --J(K) Jason, I use two different solutions here for different domain combinations. The first is linuxconf. It allows you just about anything you want with virtual domains - one server to handle multiple domains, common user names across domains (usr1@domain1.com and usr1@domain2.com), and the likes. It requires a few changes to your xinetd pop entries, but MailScanner works flawlessly with the end result. It uses its own virtual server pop daemon, I think, called vserver. It's very easy to move domains around from one machine to another. The second is webmin. I switched from linuxconf to webmin for the opposite reason for which you are asking - I wanted to split up domains to different servers. The down side to each: Linuxconf is getting old, and a lot of the default uses older sendmail stubs. You can make it work with the newer sendmail stuff, and get the advantages of the latest sendmail with a little(?) work. There is a new version of LC 2 that has been mentioned on their list, but I wouldn't hold my breath. I use the console gui for most of my admin work, and it's OK, and there is a web based gui if you just have to have it. Webmin could possibly do all, but after using LC for so long, Webmin has a small learning curve to it. I like it very much. But it requires you to know sendmail (If this is your MTA of choice). Fortunately, Webmin also acts as a very good tutor, which, due to the way LC interacts with what it does, cannot always do that. This is just my opinions based on what I know about each. Once you learn the particulars of each, they both become second hand stuff. Steve Campbell campbell@cnpapers.com Charleston Newspapers ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rpoe at PLATTESHERIFF.ORG Fri Feb 4 20:25:19 2005 From: rpoe at PLATTESHERIFF.ORG (Rob Poe) Date: Thu Jan 12 21:28:26 2006 Subject: Slightly OT: virtual hosting Message-ID: Just thought I'd mention, CentOS is the same thing as Whitebox, however where Whitebox is a one-man show, CentOS relies on community support. CentOS generally gets patches a little faster than Whitebox. I'm not trying to start anything here, just thought I'd mention it. It's quite simple to "upgrade" to CentOS from WhiteBox. Basically installing a new *-release file in your /etc and changing the yum.conf to point to the CentOS site/mirrors. Then yum upgrade, if I'm not mistaken. Rob >Also, I'm most familiar with Linux based solutions, >but I'm not opposed to *bsd. However, I've tried >to standardize on WhiteBox Enterprise Linux (where >I can) to make things easy on myself. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Fri Feb 4 20:43:53 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:27 2006 Subject: Slightly OT: virtual hosting Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jason Balicki wrote: >Hello all, > >First of all, if this is too OT, let me know (preferably >with a suggestion as where to take the discussion -- >this is the only list I know of that has a good size >community of mail admins that use all sorts of different >MTA setups.) > >I've been a faithful MailScanner user for years now, >and I love the package. > >However, I'm trying to consolidate several separate >mail servers that I maintain under one roof (so >to speak) and it seems like every virtual hosting >solution has severe drawbacks. > > Well, assuming you have enough bits to make one decent enough machine (Lots of RAM particularly) I would suggest having a look at a Postfix (Or indeed Exim but I have no experience with that), Courier-IMAP (Which also does POP!) and MailScanner all controlled by a MySQL database and use something like phpMyAdmin to edit the database. There is an excellent how to here http://www.gentoo.org/doc/en/virt-mail-howto.xml which although is based on Gentoo, it will be a synch to change the details for your OS. The only bit the guide doesn't cover is MailScanner but that is easy enough as you are familiar with MS anyway :-) . The advantage is that you only have to edit one database and it will scale really easily when your boss has a sudden moment of weakness and drops his tight hold of the cheque book :-) HTH Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cparker at SWATGEAR.COM Fri Feb 4 21:16:15 2005 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:28:27 2006 Subject: What does this strange email mean? Message-ID: Hello, I found two emails in my /var/spool/mqueue.in that are ~95KB of the following: MCBvYmo8PC9UeXBlL0ZvbnQvRW5jb2RpbmcgNTkgMCBSL0Jhc2VGb250L0dISk1JRStBcmlh bE1U L0ZpcnN0Q2hhciAzMi9MYXN0Q2hhciAxNDQvU3VidHlwZS9UeXBlMS9Ub1VuaWNvZGUgNjAg MCBS L0ZvbnREZXNjcmlwdG9yIDYyIDAgUi9XaWR0aHNbMjc4IDc1MCAzNTUgNzUwIDc1MCA4ODkg NzUw IDc1MCAzMzMgMzMzIDc1MCA3NTAgMjc4IDMzMyAyNzggMjc4IDU1NiA1NTYgNTU2IDU1NiA1 NTYg NTU2IDU1NiA1NTYgNTU2IDU1NiAyNzggNzUwIDc1MCA3NTAgNzUwIDc1MCA3NTAgNjY3IDY2 NyA3 MjIgNzIyIDY2NyA2MTEgNzc4IDcyMiAyNzggNTAwIDY2NyA1NTYgODMzIDcyMiA3NzggNjY3 IDc3 OCA3MjIgNjY3IDYxMSA3MjIgNjY3IDk0NCA2NjcgNjY3IDYxMSA3NTAgNzUwIDc1MCA3NTAg NzUw That's just a small sample of what the file contains. There are no normal mail headers or anything like that. The entire file looks like the above. Thanks, Chris. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at ELIQUID.COM Fri Feb 4 21:22:57 2005 From: mailscanner at ELIQUID.COM (Wess Bechard) Date: Thu Jan 12 21:28:27 2006 Subject: What does this strange email mean? Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Looks like base64 data to me. On Fri, 2005-02-04 at 16:16, Chris W. Parker wrote: Hello, I found two emails in my /var/spool/mqueue.in that are ~95KB of the following: MCBvYmo8PC9UeXBlL0ZvbnQvRW5jb2RpbmcgNTkgMCBSL0Jhc2VGb250L0dISk1JRStBcmlh bE1U L0ZpcnN0Q2hhciAzMi9MYXN0Q2hhciAxNDQvU3VidHlwZS9UeXBlMS9Ub1VuaWNvZGUgNjAg MCBS L0ZvbnREZXNjcmlwdG9yIDYyIDAgUi9XaWR0aHNbMjc4IDc1MCAzNTUgNzUwIDc1MCA4ODkg NzUw IDc1MCAzMzMgMzMzIDc1MCA3NTAgMjc4IDMzMyAyNzggMjc4IDU1NiA1NTYgNTU2IDU1NiA1 NTYg NTU2IDU1NiA1NTYgNTU2IDU1NiAyNzggNzUwIDc1MCA3NTAgNzUwIDc1MCA3NTAgNjY3IDY2 NyA3 MjIgNzIyIDY2NyA2MTEgNzc4IDcyMiAyNzggNTAwIDY2NyA1NTYgODMzIDcyMiA3NzggNjY3 IDc3 OCA3MjIgNjY3IDYxMSA3MjIgNjY3IDk0NCA2NjcgNjY3IDYxMSA3NTAgNzUwIDc1MCA3NTAg NzUw That's just a small sample of what the file contains. There are no normal mail headers or anything like that. The entire file looks like the above. Thanks, Chris. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! Wess Bechard System Administrator eliquidMEDIA International www.eliquid.com MailScanner on IRC Community Support irc.freenode.net #mailscanner ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Fri Feb 4 21:29:42 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:28:27 2006 Subject: Volunteers to convert FAQ to a Wiki? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, To everyone who offered their help for the FAQ -> Wiki migration, please contact me off list. Thanks, >> Julian Field wrote: >> >>> If I were to install a Wiki on the MailScanner site, would someone (or >>> several of you) be prepared to take on the job of converting the current ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From svigano at BOOTHCREEK.COM Fri Feb 4 21:49:35 2005 From: svigano at BOOTHCREEK.COM (Stefffan Vigano) Date: Thu Jan 12 21:28:27 2006 Subject: MCP - Chewing up resources even though it's off Message-ID: Searched the archives and couldn't find anything... so I hope this isn't a repeat. We recently upgraded to 4.37.7 and I've noticed overall load and processing times have gone up. Looking at the logs, it seems that although I have MCP checks set to no, MS is still processing MCP checks. Here'a a snippet of our log: Feb 4 13:34:44 patrol MailScanner[32776]: MCP Checks completed at 52254 bytes per second Feb 4 13:34:49 patrol MailScanner[32776]: Spam Checks completed at 10450 bytes per second Feb 4 13:34:51 patrol MailScanner[32776]: Virus Scanning completed at 26127 bytes per second Feb 4 13:34:52 patrol MailScanner[32776]: Virus Processing completed at 52254 bytes per second Feb 4 13:34:52 patrol MailScanner[32776]: Disinfection completed at 52254 bytes per second Feb 4 13:34:52 patrol MailScanner[32776]: Batch completed at 6531 bytes per second (52254 / 8) Feb 4 13:34:52 patrol MailScanner[32776]: MCP Checks completed at 3636 bytes per second Feb 4 13:34:54 patrol MailScanner[32776]: Spam Checks completed at 1818 bytes per second Feb 4 13:34:56 patrol MailScanner[32776]: Virus Scanning completed at 1818 bytes per second Feb 4 13:34:56 patrol MailScanner[32776]: Virus Processing completed at 3636 bytes per second Feb 4 13:34:56 patrol MailScanner[32776]: Disinfection completed at 3636 bytes per second Feb 4 13:34:56 patrol MailScanner[32776]: Batch completed at 909 bytes per second (3636 / 4) I have the following relevant switches in our MailScanner.conf file: Keep Spam And MCP Archive Clean = no MCP Checks = no Should MS still be running them through the MCP checks if I have it explicitly turned off? Having never run the LogSpeed command before, is there any guideline on how to read this? Anything stand out as abnormal? Anything else I could contribute decreased speed to after an upgrade from 4.29.7 to 4.37.7? Thanks... keep up the great work! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Felix.Schwarz at WEB.DE Fri Feb 4 22:10:28 2005 From: Felix.Schwarz at WEB.DE (Felix Schwarz) Date: Thu Jan 12 21:28:27 2006 Subject: Slightly OT: virtual hosting Message-ID: Hi Jason, Jason Balicki wrote: > If you're running a virtual hosting solution, what are you using? > Are you happy with it? If not what would you change? Is there > anything I've missed that I should be considering? I'm using XAMS (www.xams.org). XAMS is only about email administration (no webhosting, ftp etc). It uses MySQL, Exim and Courier. Pro: + Nice usernames (email address) allthough unique usernames (e.g. "web96p1") are supported too. + web interface with multiple languages for customers available + "site" concept (domain.com and domain.net may belong to the same site so info@domain.com and info@domain.net are the same) + MailScanner may be used + Exim (my favorite mail server ;-) + May use Dovecot for POP3/Imap and get rid of the custom Courier Auth-Daemon (allthough you are loosing the Quota support) Con: + web interface too overloaded, not really what usability is all about + very slow development because the main author doesn't have the time any more (but still good support on the list and XAMS just works) + web interface uses PHP + MailScanner not really integrated (you have to write the MailScanner rules by hand) Regarding the cons: I will probably get a contract that will involve a XAMS setup. I hope they will pay me enough so that I can rewrite the web interface in Python with a more modular structure and a really nice looking interface :-) -- Felix ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Fri Feb 4 22:18:26 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:27 2006 Subject: I have been trying to change the spam score in MailScanner and have been having some problems with s Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] David Curtis wrote: > I have been trying to change the spam score in MailScanner and have been > having some problems with some. I did not have a score in the > spam.assassin.prefs.conf for AWL. I added "score AWL 1.393 1.320 1.613 > 1.02". It still shows in the log as AWL -1.61. Am I missing something??? > Do I have rules in spamassassin some place else that I am missing??? > > Thanks, > Dave > > Feb 4 10:55:42 spamfilter MailScanner[3773]: Message 917E516F54F.517ED > from 65.205.157.199 (cash@earningsavenue.com) to sbschools.net is spam, > SBL+XBL, SpamAssassin (score=9.36, required 4.3, AWL -1.61, BAYES_50 > 0.00, BE_BOSS 1.65, HTML_80_90 0.15, HTML_IMAGE_ONLY_16 1.05, > HTML_IMAGE_RATIO_02 0.02, HTML_MESSAGE 0.00, HTML_NONELEMENT_00_10 0.00, > HTML_WEB_BUGS 0.04, MIME_HTML_ONLY 0.18, MSGID_FROM_MTA_ID 1.72, > RCVD_IN_SBL 0.50, URIBL_OB_SURBL 3.21, URIBL_SBL 1.00, URIBL_WS_SURBL > 1.46) You can't score AWL manually, you can only turn it on or off by using the "use_auto_whitelist" option set to 1 or 0. Many would recommend disabling it when used with MS. I suggest you read the README file that came with SA to learn how it scores messages. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Fri Feb 4 22:27:27 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:27 2006 Subject: SA socres check Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Magda Hewryk wrote: > Would somebody confirm the scores for the spam below? What was your score? > > "not spam, SpamAssassin (score=4.278, required 4.9, autolearn=spam, > BAYES_00 -2.60, PYZOR_CHECK 3.45, RCVD_HELO_IP_MISMATCH 2.18, > RCVD_NUMERIC_HELO 1.25)" Something looks wrong when such a low scoring message is autolearned as spam. Have you tweaked the auto learn thresholds? Your message is classified as non spam but autolearned as spam even though it scores lower than the minimum of 6 points. You seem to have a lot of problems with your installation. Where did you get SA? Are you using something that came with your dist? If so, try compiling a source RPM to get a clean install. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vachanta at GMAIL.COM Fri Feb 4 22:34:30 2005 From: vachanta at GMAIL.COM (Venkata Achanta) Date: Thu Jan 12 21:28:27 2006 Subject: Detected HTML-specific exploits and the message is lost ? Message-ID: Looking at the logs there is nothing about what happened after the content checks and the users are complaining that they are missing e-mails root@test test # grep "j13NaAhx006236" /var/log/maillog.1 Feb 3 15:36:11 sendmail[6236]: j13NaAhx006236: from=, size=48073, class=0, nrcpts=1, msgid=<200502032336.j13NaAhx006236@xyz.com>, proto=ESMTP, daemon=MTA, relay=smtp.expedia.com [216.251.115.225] Feb 3 15:36:11 sendmail[6236]: j13NaAhx006236: to=, delay=00:00:01, mailer=relay, pri=78073, stat=queued Feb 3 15:36:14 MailScanner[13718]: Message j13NaAhx006236 from 216.251.115.225 (travel@expedia.com) is whitelisted Feb 3 15:36:19 MailScanner[13718]: Content Checks: Detected HTML-specific exploits in j13NaAhx006236 I'm MailScanner version 4.35.11, i know i have to upgrade and we are in the process. but still where are these e-mails going,did we loose them already? Please advise Thanks ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jd at BENTECMED.COM Fri Feb 4 23:02:01 2005 From: jd at BENTECMED.COM (JD) Date: Thu Jan 12 21:28:27 2006 Subject: Relaying Denied error. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I just installed the new sendmail 8.13.3. now for some reason im getting relaying denied ip lookup failed [192.168.1.194] when I try to telnet to it and test email. My access.db reads 192.168 RELAY mydomain.com RELAY where my email address would be name@mydomain.com am I using the wrong syntax for my access file? should it be in the form 192.168.*.* ?? -JD ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Fri Feb 4 23:05:36 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:27 2006 Subject: Relaying Denied error. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] JD wrote: > I just installed the new sendmail 8.13.3. now for some reason im getting > relaying denied ip lookup failed [192.168.1.194] when I try to telnet to it > and test email. My access.db reads 192.168 RELAY > mydomain.com RELAY And what does 192.168.1.194 resolve to from the MS server? -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jd at BENTECMED.COM Fri Feb 4 23:39:25 2005 From: jd at BENTECMED.COM (JD) Date: Thu Jan 12 21:28:27 2006 Subject: Relaying Denied error. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] umm, how do I do that? -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Peter Bonivart Sent: Friday, February 04, 2005 3:06 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Relaying Denied error. JD wrote: > I just installed the new sendmail 8.13.3. now for some reason im getting > relaying denied ip lookup failed [192.168.1.194] when I try to telnet to it > and test email. My access.db reads 192.168 RELAY > mydomain.com RELAY And what does 192.168.1.194 resolve to from the MS server? -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Fri Feb 4 23:42:07 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:27 2006 Subject: Relaying Denied error. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] JD wrote: > umm, how do I do that? On the MS server, type "nslookup 192.168.1.194". -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vlad at MAZEK.COM Sat Feb 5 02:32:45 2005 From: vlad at MAZEK.COM (Vlad Mazek) Date: Thu Jan 12 21:28:27 2006 Subject: Slightly OT: virtual hosting Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Looks like frontierhomemortgage.com is a sendmail/qpopper box. Given all your alternatives, changing the entire email system from the ground up sounds like a major overkill, compared to maintaining several flat ascii files by hand, especially in an environment with $0 budget where user count is not going to increase all that much. Leave sendmail/mailscanner as is and research dovecot a little. It will allow you to use a custom authentication (ie, their email address can be their username, and they can keep accesing the same mbox file that sendmail or procmail currently deliver mail to). Given all the tradeoffs, that seems like the least amount of work. -Vlad Mazek ExchangeDefender Jason Balicki wrote: >Hello all, > >First of all, if this is too OT, let me know (preferably >with a suggestion as where to take the discussion -- >this is the only list I know of that has a good size >community of mail admins that use all sorts of different >MTA setups.) > >I've been a faithful MailScanner user for years now, >and I love the package. > >However, I'm trying to consolidate several separate >mail servers that I maintain under one roof (so >to speak) and it seems like every virtual hosting >solution has severe drawbacks. > >The options are limitless, but here's what I've >considered so far: > >Webmin+Virtualmin (and the associated mailscanner >webmin component). I like this, and I've had it >partially set up, but the one drawback that I see >is that I have to give people funky pop/imap logins, >and for some reason I find that quite distasteful. > >The same as above, but without Webmin. Same >drawbacks, plus I'd have to maintain the >virtual user table by hand. > >qmail+vpopper+clamav+spamassassin. This would allow >me to use sane usernames, but 1) I've heard it's >a pain to get running (small, but my frustration >level is high enough now :) and 2) I'd be ditching >MailScanner. I know I could run Mailscanner on >a separate box, but I'd be doubling the number >of servers needed, plus I don't know if I could >get the MailScanner box to drop unknown users. > >Well, that's about all I've seriously considered >at this point. > >I'd like to continue to use MailScanner, as I like >the all in one anti-spam and anti-virus capabilities, >as well as the wonderful community, but it looks like >I may have to switch out, and I'm not liking that >possibility. > >Some other considerations: > >1) someone else may have to administer this at some >point. > >2) I may add more domains, especially since I'll have >the infrastructure in place. > >3) I have absolutely no budget right now. I have >a few spare desktops that I can sacrifice to be >servers, but new hardware is not an option right >now. (My boss won't even let me convert the 5 >desktop-cased servers into rackmounts right now, >even though I have a nearly empty relay-rack.) > >If you're running a virtual hosting solution, what >are you using? Are you happy with it? If not what >would you change? Is there anything I've missed >that I should be considering? > >Also, I'm most familiar with Linux based solutions, >but I'm not opposed to *bsd. However, I've tried >to standardize on WhiteBox Enterprise Linux (where >I can) to make things easy on myself. > >Thanks a lot for any input. If you think this isn't >a good discussion for the list, please email me >directly. > >--J(K) > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kodak at FRONTIERHOMEMORTGAGE.COM Sat Feb 5 05:52:41 2005 From: kodak at FRONTIERHOMEMORTGAGE.COM (Jason Balicki) Date: Thu Jan 12 21:28:27 2006 Subject: Slightly OT: virtual hosting Message-ID: Vlad Mazek <> wrote: > Looks like frontierhomemortgage.com is a sendmail/qpopper box. Given It's not. Bear with me here: frontierhomemortgage.com runs a server side package called Bynari Insight, which is made up of Cyrus+Postfix+ OpenLDAP+ some glue, which allows me to integrate with Bynari's client side, which is a MAPI plugin for outlook that allows me to store native Outlook messages in that IMAP store -- effectively fully replacing Exchange capabilities. The problem looming is that Bynari took my advice and has integrated SpamAssassin and ClamAV into their product, however they did not integrate MailScanner, as they bought into the whole "postfix doesn't work with MailScanner" (for the record: I protested. Loudly.) The final package doesn't allow for lovely things like rulesets and the like. It also doesn't allow for other AV products, rendering my Sophos license useless for that particular application. Before anyone says anything: at the time this was purchased, this was the only thing available to do what needed to be done to satisfy my users. I am happy with the product, even though I do wish there was a bit more flexibility. That, however, is the least of my worries. I have several other domains, tangently related to Frontier and otherwise (such as my domain I use at home, plus I run several domains for other clients) all of which use MailScanner+ClamAV, plus some run Sophos. All of which currently reside on separate servers, with separate MailScanner installs, etc... I'd like to virtual host some domains, and forward frontierhomemortgage.com from the virtual host/MailScanner box to the existing mail server, allowing me to upgrade to the latest version of Insight and still use MailScanner. Also, much of this is motivated by the fact that my wife and I have become dependant on my local domain, but I'm paying $60/mo for a 608k/128k crappy DSL line to host it on (low, low volume) but I can get 3.2Mb/512k cable internet for $40/mo. My boss doesn't care if I host the box at Frontier, but if I'm going to go through the trouble of doing that, I may as well make it capable of making us a little bit of money. We're not looking to be a full fledged hosting company, but you know how it goes: the bosses friend owns a business, complains about hosting... and it ends up in my lap. And yet, still no budget... :( > all your alternatives, changing the entire email system from the > ground up sounds like a major overkill, compared to maintaining > several flat ascii files by hand, especially in an environment with > $0 budget where user count is not going to increase all that much. I should have been more clear in the first email, but I didn't want to cloud it up with minutia. I guess I could have spent a little more time crafting it. Sorry. I won't be changing the existing Frontier box much, but I'd like to put a box in front of it that can virtual host domains OTHER than Frontier, yet still provide scanning for the hosted domains AND Frontier. Also, I expect the load to increase, plus (another consideration) I'd like to be able to have the individual domain owners administer as much of their stuff as possible. I've been given a lot of good suggestions, and if anyone is interested I can post either my progress through setting this up, or when I'm done (done?) I can post a summary of what I ended up with. > Leave sendmail/MailScanner as is and research dovecot a little. It I will look into dovecot. Thanks for the suggestion, that's something I've not heard of. > Given all the tradeoffs, that seems like the least amount of work. I'm not afraid of the work. I'd rather work a lot now and have things be easier later than continue fighting things as they are. --J(K) PS: I also wanted to say that Frontier is not one of the scummy spamming mortgage companies. All of our business is either local to St. Louis (or Las Vegas -- we had someone move out there) and is generated via radio ads, phone book or word of mouth. We are a no-spamming-zone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Sat Feb 5 11:45:12 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:27 2006 Subject: Detected HTML-specific exploits and the message is lost ? Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] AFAICS they should be wherever you put viruses and other bad content... If you store, then look in the quarantine;) -- Glenn -----Original Message----- From: MailScanner mailing list on behalf of Venkata Achanta Sent: Fri 2/4/2005 11:34 PM To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Detected HTML-specific exploits and the message is lost ? Looking at the logs there is nothing about what happened after the content checks and the users are complaining that they are missing e-mails root@test test # grep "j13NaAhx006236" /var/log/maillog.1 Feb 3 15:36:11 sendmail[6236]: j13NaAhx006236: from=, size=48073, class=0, nrcpts=1, msgid=<200502032336.j13NaAhx006236@xyz.com>, proto=ESMTP, daemon=MTA, relay=smtp.expedia.com [216.251.115.225] Feb 3 15:36:11 sendmail[6236]: j13NaAhx006236: to=, delay=00:00:01, mailer=relay, pri=78073, stat=queued Feb 3 15:36:14 MailScanner[13718]: Message j13NaAhx006236 from 216.251.115.225 (travel@expedia.com) is whitelisted Feb 3 15:36:19 MailScanner[13718]: Content Checks: Detected HTML-specific exploits in j13NaAhx006236 I'm MailScanner version 4.35.11, i know i have to upgrade and we are in the process. but still where are these e-mails going,did we loose them already? Please advise Thanks ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHTSOLUTIONS.COM Sat Feb 5 12:41:31 2005 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:28:27 2006 Subject: Slightly OT: virtual hosting Message-ID: I'd recommend DirectAdmin (http://www.directadmin.com) It is not free, but an internal license will only cost you about $80 It uses exim and has a few oddities, but is a very nice solution for virtual hosting. Just my 2 cents Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 http://www.blacknight.ie/specialoffers.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHTSOLUTIONS.COM Sat Feb 5 12:46:06 2005 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:28:27 2006 Subject: Out of office reples - Again! Message-ID: Would people please ensure that they DO NOT subscribe to the list using email addresses that can send out of office replies. It is extremely annoying to send a message to a mailing list and get out of office replies in response. If you are a mail admin you should know better Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 http://www.blacknight.ie/specialoffers.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dfilchak at SYMPATICO.CA Sat Feb 5 17:56:59 2005 From: dfilchak at SYMPATICO.CA (Dave Filchak) Date: Thu Jan 12 21:28:27 2006 Subject: filetype rules Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I have searched the archives and cannot find specific reference to my issue. I have the book but it is not with me at the moment. I need to set up specific file type rules for a single domain. I do not want to just allow all file types but specific ones like .zip, .wmv etc. I tried to add a new file called filetype.rules2.conf and change the MailScanner entry to point to this file. In this file I put FromOrTo: *@domain.com yes FromOrTo: default %etc-dir%/filetype.rules.conf This did not work as it gave me syntax errors in the logs. So I then renamed filetype.rules2.conf to filetype.rules and moved it into the rules directory. However, this would allow all file types to this domain and this is not what I am looking for. Can I use the same type of language in this file that is used in the filetype.rules.conf file? Or, if not, how would I approach this problem. Regards, Dave ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Sat Feb 5 18:47:33 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:27 2006 Subject: filetype rules Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dave Filchak wrote: > Hi, > > I have searched the archives and cannot find specific reference to my > issue. I have the book but it is not with me at the moment. I need to > set up specific file type rules for a single domain. I do not want to > just allow all file types but specific ones like .zip, .wmv etc. I tried > to add a new file called filetype.rules2.conf and change the MailScanner > entry to point to this file. In this file I put > > FromOrTo: *@domain.com yes > FromOrTo: default %etc-dir%/filetype.rules.conf > > This did not work as it gave me syntax errors in the logs. So I then > renamed filetype.rules2.conf to filetype.rules and moved it into the > rules directory. However, this would allow all file types to this domain > and this is not what I am looking for. Can I use the same type of > language in this file that is used in the filetype.rules.conf file? Or, > if not, how would I approach this problem. MailScanner.conf: Filetype Rules = %rules-dir%/filetype.rules filetype.rules: FromOrTo: *@domain.com %etc-dir%/filetype.rules2.conf FromOrTo: default %etc-dir%/filetype.rules.conf Then you make the changes you need in filetype.rules2.conf. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dfilchak at SYMPATICO.CA Sat Feb 5 19:22:02 2005 From: dfilchak at SYMPATICO.CA (Dave Filchak) Date: Thu Jan 12 21:28:27 2006 Subject: filetype rules Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter, Thank you. That seemed to do the trick. I now also better understand how the rules and conf files can be applied. Cheers Dave Peter Bonivart wrote: > Dave Filchak wrote: > >> Hi, >> >> I have searched the archives and cannot find specific reference to my >> issue. I have the book but it is not with me at the moment. I need to >> set up specific file type rules for a single domain. I do not want to >> just allow all file types but specific ones like .zip, .wmv etc. I tried >> to add a new file called filetype.rules2.conf and change the MailScanner >> entry to point to this file. In this file I put >> >> FromOrTo: *@domain.com yes >> FromOrTo: default %etc-dir%/filetype.rules.conf >> >> This did not work as it gave me syntax errors in the logs. So I then >> renamed filetype.rules2.conf to filetype.rules and moved it into the >> rules directory. However, this would allow all file types to this domain >> and this is not what I am looking for. Can I use the same type of >> language in this file that is used in the filetype.rules.conf file? Or, >> if not, how would I approach this problem. > > > MailScanner.conf: > Filetype Rules = %rules-dir%/filetype.rules > > filetype.rules: > FromOrTo: *@domain.com %etc-dir%/filetype.rules2.conf > FromOrTo: default %etc-dir%/filetype.rules.conf > > Then you make the changes you need in filetype.rules2.conf. > > -- > /Peter Bonivart > > --Unix lovers do it in the Sun > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mgt at STELLARCORE.NET Sat Feb 5 23:08:16 2005 From: mgt at STELLARCORE.NET (Mike Tremaine) Date: Thu Jan 12 21:28:27 2006 Subject: OT: SA 3.0.2 add on rules. Message-ID: Just wondering what other sets [IE SARE, etc] people are using with SA 3+ [3.0.2]. I upgraded most of the mail servers I control last month from 2.6 to 3.0.2 and removed all the extra .cf files I had installed just to see how it was out of the box. Other then Stock Picking spam and some Pill ads it seems to be pretty good. But I think it is time to add some extra rules again. Thanks, -- Mike Tremaine mgt@stellarcore.net http://www.stellarcore.net ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From james at GRAYONLINE.ID.AU Sun Feb 6 01:04:49 2005 From: james at GRAYONLINE.ID.AU (James Gray) Date: Thu Jan 12 21:28:27 2006 Subject: OT: SA 3.0.2 add on rules. Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Sun, 6 Feb 2005 10:08 am, Mike Tremaine wrote: > Just wondering what other sets [IE SARE, etc] people are using with SA > 3+ [3.0.2]. I upgraded most of the mail servers I control last month > from 2.6 to 3.0.2 and removed all the extra .cf files I had installed > just to see how it was out of the box. > > Other then Stock Picking spam and some Pill ads it seems to be pretty > good. But I think it is time to add some extra rules again. > > Thanks, > > -- > Mike Tremaine I've made publically available the rules we use on our company's mail gateways. 1800+ rules to pick and choose from: http://files.grayonline.id.au I'll be uploading a new ruleset this week as the one that's there has been modified a fair bit. The huuuuuge list of URI's I built into the rules will be ripped out (eventually) and replaced by my own RBL - but that's a project I'm still working on :P The other thing I'm doing (when time permits) is running stats to see which rules get hit the most, because out of the 1800-odd rules, I'm sure there's plenty that don't really need to be there any more. Stay tuned. Cheers, James ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jim at SASHBOX.NET Sun Feb 6 06:21:48 2005 From: jim at SASHBOX.NET (Jim Barry) Date: Thu Jan 12 21:28:27 2006 Subject: New Phishing technique? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Snip from the raw email. To update your account now, please follow the link below, validate your inf= ormation, and verify your acceptance of the updated agreement.

     WARNING: "signi= n.ebay.com" claims to be https://scgi.ebay.com/ws/eBayISAPI.dll= ?UpdateAgreement MailScanner sees this as and is reported as: To update your account now, please follow the link below, validate your information, and verify your acceptance of the updated agreement. WARNING: "signin.ebay.com" claims to be https://scgi.ebay.com/ws/eBayISAPI.dll?UpdateAgreement And it still looks real in a browser.. tested in IE and Firefox. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From andrew at DONEHUE.NET Sun Feb 6 09:24:28 2005 From: andrew at DONEHUE.NET (Andrew) Date: Thu Jan 12 21:28:27 2006 Subject: invalid queue file?? help! :( Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi! I started getting this message in my maillog this afternoon - MailScanner[29869]: Batch: Ignoring invalid queue file for message 1CxiUW-0007sC-6J-H (find the contents below) I am using exim 4.3.x - what could be causing this error? (nothing has changed :( ) - (I get this error for all messages). Any thought/help greatly appreciated. Thanks, Andrew. charlie:/var/spool/exim4.in/input# cat 1CxiUW-0007sC-6J-H 1CxiUW-0007sC-6J-H root 0 0 1107681244 0 -helo_name 166-82-131-156.quickclick.ctc.net -host_address 166.82.131.156.3877 -host_name 166-82-131-156.quickclick.ctc.net -interface_address x.x.x.x.25 -received_protocol smtp -acl 19 14 166.82.131.156 -body_linecount 47 -deliver_firsttime XX 3 siteops@edited.com travis@edited.com bruce@edited.com 169P Received: from 166-82-131-156.quickclick.ctc.net ([166.82.131.156]) by charlie.edited.com with smtp (Exim 4.34) id 1CxiUW-0007sC-6J; Sun, 06 Feb 2005 20:14:05 +1100 058 X-Message-Info: V68RL558TFivipw7nGEipnJY31YWJ9uRIwhmJZ462 172P Received: from dns0usvi-realestate.com ([130.229.150.111]) by zub789-7429.FSMXWAMIWITVRO@bulut.com with Microsoft SMTPSVC(5.0.2195.0266); Sun, 06 Feb 2005 01:11:55 -0800 138P Received: (from cling@localhost) by lifetime3.FSMXWAMIWITVRO@bulut.com (2.59.7/7.07.4) id g147LpQ70587; Sun, 06 Feb 2005 01:11:55 -0800 055I Message-ID: <337926862.83066@FSMXWAMIWITVRO@bulut.com> 051R Reply-To: "Helen Swain" 047F From: "Helen Swain" 037T To: "Siteops" 016 Subject: August 038 Date: Sun, 06 Feb 2005 01:11:55 -0800 018 MIME-Version: 1.0 067 Content-Type: multipart/alternative; boundary="--424793811057263" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From greg at BLASTZONE.COM Sun Feb 6 20:01:56 2005 From: greg at BLASTZONE.COM (Greg Deputy) Date: Thu Jan 12 21:28:27 2006 Subject: Intermittent Blank Emails Message-ID: For the last few months I've been seeing intermittent messages that are blank. Various senders, but the messages are usually HTML, and when I ask the sender to resend, the message comes across. I'm now starting to have other users report the same issue. When I check the logs I don't see anything out of the ordinary about the blank message. I saw a post on this in the archives back in Nov of 03, but no replies. Has anyone else seen this, or have any ideas what is going on? I just upgraded to MailScanner 4.38.10 today, have been running 4.35.9 previously. Other details: Fedora Core 2, Postfix 2.1.5, ClamAV0.81. Scanning about 15-20k messages a day. Thanks. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From G.Pentland at SOTON.AC.UK Sun Feb 6 22:14:18 2005 From: G.Pentland at SOTON.AC.UK (Pentland G.) Date: Thu Jan 12 21:28:27 2006 Subject: Intermittent Blank Emails Message-ID: I've seen something similar, Always HTML, always sent by Outlook. If you view the message source via IMAP with your favourite client you should see that... The message is in fact intact and has all of the text in it. The plain text part of the message is fine. The HTML is blank in some clients as there is a badly written style sheet, that has an which I understand to mean if the client is not Microsoft. Outlook can't display because of this HTML bug but some other clients can. I first came across this on the 17th Of Jan and surprise, surprise there was a Microsoft HTML patch around then. It is my suspicion that this patch is the cause of it becoming visible but not the actual bug as if it was there would be noise on the net about it. I've been trying different versions of HTML::Parser and trying to reproduce without success. There is some suspicion (among my colleagues) of the phishing code. This is all very vague so if anyone else has some good solid testing to help narrow this down it will be appreciated. Answers on a postcard, Gary Greg Deputy wrote: > For the last few months I've been seeing intermittent messages that > are blank. Various senders, but the messages are usually HTML, and > when I ask the sender to resend, the message comes across. I'm now > starting to have other users report the same issue. > > When I check the logs I don't see anything out of the ordinary about > the blank message. > > I saw a post on this in the archives back in Nov of 03, but no > replies. > > > Has anyone else seen this, or have any ideas what is going on? > > I just upgraded to MailScanner 4.38.10 today, have been running > 4.35.9 previously. Other details: Fedora Core 2, Postfix 2.1.5, > ClamAV0.81. Scanning about 15-20k messages a day. > > Thanks. > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From andrew at DONEHUE.NET Mon Feb 7 00:38:32 2005 From: andrew at DONEHUE.NET (Andrew) Date: Thu Jan 12 21:28:27 2006 Subject: invalid queue file?? help! :( Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] It turns out that mailscanner doesn't like exim acl details in the email headers... I found this in the change log (does it mean that the issue is fixed? or is this an unrelated change?)- - Exim multiple ACLs now supported for SPF compatibility. Cheers, Andrew Andrew wrote: > Hi! > > I started getting this message in my maillog this afternoon - > > MailScanner[29869]: Batch: Ignoring invalid queue file for message > 1CxiUW-0007sC-6J-H > (find the contents below) > > I am using exim 4.3.x - what could be causing this error? (nothing has > changed :( ) - (I get this error for all messages). > > Any thought/help greatly appreciated. > > Thanks, > Andrew. > > charlie:/var/spool/exim4.in/input# cat 1CxiUW-0007sC-6J-H > 1CxiUW-0007sC-6J-H > root 0 0 > > 1107681244 0 > -helo_name 166-82-131-156.quickclick.ctc.net > -host_address 166.82.131.156.3877 > -host_name 166-82-131-156.quickclick.ctc.net > -interface_address x.x.x.x.25 > -received_protocol smtp > -acl 19 14 > 166.82.131.156 > -body_linecount 47 > -deliver_firsttime > XX > 3 > siteops@edited.com > travis@edited.com > bruce@edited.com > > 169P Received: from 166-82-131-156.quickclick.ctc.net ([166.82.131.156]) > by charlie.edited.com with smtp (Exim 4.34) > id 1CxiUW-0007sC-6J; Sun, 06 Feb 2005 20:14:05 +1100 > 058 X-Message-Info: V68RL558TFivipw7nGEipnJY31YWJ9uRIwhmJZ462 > 172P Received: from dns0usvi-realestate.com ([130.229.150.111]) by > zub789-7429.FSMXWAMIWITVRO@bulut.com with Microsoft > SMTPSVC(5.0.2195.0266); > Sun, 06 Feb 2005 01:11:55 -0800 > 138P Received: (from cling@localhost) > by lifetime3.FSMXWAMIWITVRO@bulut.com (2.59.7/7.07.4) id g147LpQ70587; > Sun, 06 Feb 2005 01:11:55 -0800 > 055I Message-ID: <337926862.83066@FSMXWAMIWITVRO@bulut.com> > 051R Reply-To: "Helen Swain" > 047F From: "Helen Swain" > 037T To: "Siteops" > 016 Subject: August > 038 Date: Sun, 06 Feb 2005 01:11:55 -0800 > 018 MIME-Version: 1.0 > 067 Content-Type: multipart/alternative; > boundary="--424793811057263" > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From carinus.carelse at MRC.AC.ZA Mon Feb 7 05:00:35 2005 From: carinus.carelse at MRC.AC.ZA (Carinus Carelse) Date: Thu Jan 12 21:28:27 2006 Subject: QuarantineReport Fixed Message-ID: jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From evertjan at VANRAMSELAAR.NL Mon Feb 7 06:39:27 2005 From: evertjan at VANRAMSELAAR.NL (Evert Jan van Ramselaar) Date: Thu Jan 12 21:28:27 2006 Subject: [Fwd: [Clamav-announce] announcing ClamAV 0.82] Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] ---------------------------- Original Message ---------------------------- Subject: [Clamav-announce] announcing ClamAV 0.82 From: "Luca Gibelli" Date: Sun, February 6, 2005 23:43 To: clamav-announce@lists.clamav.net -------------------------------------------------------------------------- Dear ClamAV users, this release adds generic detection of MS05-002 ("Vulnerability in Cursor and Icon Format Handling Could Allow Remote Code Execution") based exploits. Fixes include correct attachment scanning in e-mails generated by some Internet worms (broken in 0.81), removed false positive "Suspected.Zip" warning on non-standard zip archives created by ICEOWS, better proxy support in freshclam, and speed improvements. -- The ClamAV team (http://www.clamav.net/team.html) -- Luca Gibelli (luca at clamav.net) - http://www.ClamAV.net - A GPL virus scanner PGP Key Fingerprint: C782 121E 8C3A 90E3 7A87 D802 6277 8FF4 5EFC 5582 PGP Key Available on: Key Servers || http://www.clamav.net/gpg/nervoso.gpg _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-announce ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From devi.sambamoorthy at INMAIL.TRANQUILMONEY.COM Mon Feb 7 07:13:12 2005 From: devi.sambamoorthy at INMAIL.TRANQUILMONEY.COM (Devi) Date: Thu Jan 12 21:28:27 2006 Subject: Missing Mails Sendmail + ClamAV + Mailscanner Message-ID: Hi All, Some mails that reach my user community are missing. These are my relevant observations, 1. It is not a virus 2. It is not struck in any queue 3. The maillog (it is same for Mailscanner and Sendmail) reads something like, Feb 3 20:50:42 inmail sendmail[13093]: j13FKYEm013093: from=, size=140405, class=0, nrcpts=1, msgid=<008c01c50a05$09bc3250$031a10ac@GloriaPC>, proto=ESMTP, daemon=MTA, relay=abc.com [129.33.228.39] Feb 3 20:50:43 inmail sendmail[13133]: j13FKYEm013093: to=, delay=00:00:08, xdelay=00:00:00, mailer=local, pri=260405, dsn=2.0.0, stat=Sent Though the log says stat=sent the user is not receiving it. I verified the user's mail box (in server itself) it is not reaching him. 4. This mail is cc'ed to two other persons and they are receiving it. Please suggest what might have went wrong. My setup is this, White Box Enterprise Linux release 3.0 (Liberation Respin 1)+ Sendmail + MailScanner + ClamAV Thanks, Devi S. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dmehler26 at woh.rr.com Mon Feb 7 08:39:22 2005 From: dmehler26 at woh.rr.com (dave) Date: Thu Jan 12 21:28:27 2006 Subject: MailScanner 4.37 can not find sa Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, I'm running MailScanner on a FreeBSD 5.3 box. TOday i updated from 4.36 to 4.37 via ports, i also have SA 3.02 i believe is the version, yet MS is saying that the Spamassassin installation can not be found and no mail is being delivered. I'm using postfix as my MTA with the single queue setup. Aside from the update which went fine nothing else has changed. Any suggestions appreciated. Dave. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From adrik at SALESMANAGER.NL Mon Feb 7 09:12:15 2005 From: adrik at SALESMANAGER.NL (Adri Koppes) Date: Thu Jan 12 21:28:27 2006 Subject: Missing lines/scores from SA long report Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Since my last upgrade of MS to vertsion 4.37.7, I noticed sometimes there is information missing from the long spam report. It seems some lines are truncated and merged with the remainder of another line. Adri. Here's a snip from an affected email message: X-MailScanner-SpamCheck: spam, SpamAssassin (score=9.604, required 5, BAYES_50 0.00, FORGED_YAHOO_RCVD 2.70, HTML_30_40 0.02, HTML_MESSAGE 0.00, RCVD_IN_BL_NIGERIA_NET 5.00, RCVD_IN_BL_SPAMCOP_NET 1.22, SUBJ_ALL_CAPS 0.67, UPPERCASE_75_100 0.00) X--MailScanner-SpamScore: 9 X-MailScanner-From: xxxxxxxx@yahoo.com X-MailScanner-To: xxxx@salesmanager.nl This is a multi-part message in MIME format... --======18019==27509====== Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Our MailScanner believes that the attachment to this message sent to = you =20 To: xxxx@salesmanager.nl From: xxxxxxxx@yahoo.com Subject: MAIL ORDER................. is Unsolicited Commercial Email (spam). Unless you are sure that this = message is incorrectly thought to be spam, please delete this message without = opening it. Opening spam messages might allow the spammer to verify your email address. If you believe that this message has been incorrectly marked as spam, = please forward this email to postmaster. pts rule name description ---- ---------------------- = -------------------------------------------------- 0.7 SUBJ_ALL_CAPS Subject is all capitals 2.7 FORGED_YAHOO_RCVD 'From' yahoo.com does not match 'Received' = headers 0.0 HTML_30_40 BODY: Message is 30 HTML 0.0 HTML_MESSAGE BODY: HTML included in message 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60 = uppercase --======18019==27509====== ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Feb 7 09:27:54 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:27 2006 Subject: OT: SA 3.0.2 add on rules. Message-ID: Mike lots of the SARE rules, .. oh here's the listing.. 70_sare_adult.cf 88_FVGT_uri.cf 70_sare_bayes_poison_nxm.cf 99_FVGT_Tripwire.cf 70_sare_genlsubj.cf 99_FVGT_meta.cf 70_sare_header.cf 99_sare_fraud_post25x.cf 70_sare_html.cf 70_sare_oem.cf backhair.cf 70_sare_random.cf bogus-virus-warnings.cf 70_sare_specific.cf chickenpox.cf 70_sare_spoof.cf evilnumbers.cf 70_sare_unsub.cf 70_sare_uri.cf 72_sare_bml_post25x.cf mangled.cf 72_sare_redirect_post3.0.0.cf random.cf 88_FVGT_body.cf 88_FVGT_headers.cf tripwire.cf 88_FVGT_rawbody.cf weeds.cf 88_FVGT_subject.cf In my local.cf I've got lots of osbufacted rules from.. http://sandgnat.com/cmos/cmos.jsp and some pre generated ones from.... http://tinyurl.com/3rrrl ("obfuscated only" wordlist for words like mortgage) http://tinyurl.com/4wmzt (badwords wordlist) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Mike Tremaine wrote: > Just wondering what other sets [IE SARE, etc] people are using with SA > 3+ [3.0.2]. I upgraded most of the mail servers I control last month > from 2.6 to 3.0.2 and removed all the extra .cf files I had installed > just to see how it was out of the box. > > Other then Stock Picking spam and some Pill ads it seems to be pretty > good. But I think it is time to add some extra rules again. > > Thanks, > > -- > Mike Tremaine > mgt@stellarcore.net > http://www.stellarcore.net > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Feb 7 09:33:40 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:27 2006 Subject: MailScanner 4.37 can not find sa Message-ID: Dave try running in debug mode.... Stop MS, edit MailScanner.conf - chage both debug entries to 'YES', and run checkmailscanner. Was SA installed by hand (or CPAN), or from ports? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 dave wrote: > Hello, > I'm running MailScanner on a FreeBSD 5.3 box. TOday i updated from 4.36 > to 4.37 via ports, i also have SA 3.02 i believe is the version, yet MS is > saying that the Spamassassin installation can not be found and no mail is > being delivered. I'm using postfix as my MTA with the single queue setup. > Aside from the update which went fine nothing else has changed. > Any suggestions appreciated. > Dave. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Mon Feb 7 09:43:42 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:28:27 2006 Subject: OT: SA 3.0.2 add on rules. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin Hepworth wrote: > Mike > > lots of the SARE rules, .. oh here's the listing.. > Martin, From your experience and results how effective are these? and what is the resource usage like? 88_FVGT_body.cf 88_FVGT_headers.cf 88_FVGT_rawbody.cf 88_FVGT_subject.cf 88_FVGT_uri.cf 99_FVGT_Tripwire.cf 99_FVGT_meta.cf and for these as well.. weeds.cf weeds2.cf - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From carinus.carelse at MRC.AC.ZA Mon Feb 7 09:33:59 2005 From: carinus.carelse at MRC.AC.ZA (Carinus Carelse) Date: Thu Jan 12 21:28:27 2006 Subject: MailWatch Query Message-ID: I do not want to release my quaratine messages from the localhost where can I point MailWatch to the real interface address. Warning: fsockopen(): unable to connect to 127.0.0.1:25 in /mailwatch/mailscanner2/pear/Net/Socket.php on line 108 Carinus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Feb 7 10:02:03 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:27 2006 Subject: OT: SA 3.0.2 add on rules. Message-ID: Dhawal hmm might be time to trim down a little according to my stats .... alot of the FH_ rules aren't getting hit much.... sigh - more work.. My emails gets scanned in 2 seconds and my system can process around 6,000 an hour when I only have around 3,500 per day max. So I've gots lof capacity to burn...so it's not a big priority, but I will put it on th todo list.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Dhawal Doshy wrote: > Martin Hepworth wrote: > >> Mike >> >> lots of the SARE rules, .. oh here's the listing.. >> > > Martin, > > From your experience and results how effective are these? and what is > the resource usage like? > > 88_FVGT_body.cf > 88_FVGT_headers.cf > 88_FVGT_rawbody.cf > 88_FVGT_subject.cf > 88_FVGT_uri.cf > 99_FVGT_Tripwire.cf > 99_FVGT_meta.cf > > and for these as well.. > weeds.cf > weeds2.cf > > - dhawal > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Mon Feb 7 10:12:23 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:27 2006 Subject: BUG: handling of silent virusses in zips Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Mon, February 7, 2005 10:02, Peter Peters said: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, > > I think I noticed an error in the handling of (silent) virusses in zips. > When I receive a virus in a zip and I have configured MS not to > quarantaine silent virusses it does not quarantaine the virus (GOOD) but > it still sends the recipient a message claiming to have quarantained the > message and telling the recipient he can contact the helpdesk to get the > message (BAD). > > The relevant config parameters: > Maximum Archive Depth = 0 > Find Archives By Content = yes > Virus Scanning = yes > Silent Viruses = HTML-IFrame All-Viruses > Still Deliver Silent Viruses = yes Try turning this to no ^^^^^^^^^^^^^ I think that may well do waht you want. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Mon Feb 7 11:35:20 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:27 2006 Subject: MailWatch Query Message-ID: As said in the MW-list, you can change detail.php for pears Mail::factory so that you pass an array of settings... and only set the host. With my changes you can have a line define(QUARANTINE_MAIL_HOST, 'mail.example.com'); in conf.php, where you set the relevant name for your servers IF. The relevant diff looks like this: --- detail.php.old 2004-02-03 01:16:29.000000000 +0100 +++ detail.php 2005-02-07 12:34:42.024702556 +0100 @@ -259,9 +259,11 @@ $mime->addAttachment($quarantined[$val]['path'], $quarantined[$val]['type' ], $quarantined[$val]['file'], true); } } + // Fix by Glenn Steen, to set an arbitrary smtp host + $mail_param = array('localhost' => QUARANTINE_MAIL_HOST); $body = $mime->get(); $hdrs = $mime->headers($hdrs); - $mail =& Mail::factory('smtp'); + $mail =& Mail::factory('smtp',$mail_param); // Send to the original recipient(s) or to an alternate address if(($_GET['alt_recpt_yn'] == "y")) { $to = $_GET['alt_recpt']; Cheers -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Carinus Carelse > Sent: den 7 februari 2005 10:34 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: MailWatch Query > > > I do not want to release my quaratine messages from the > localhost where > can I point MailWatch to the real interface address. > > Warning: fsockopen(): unable to connect to 127.0.0.1:25 in > /mailwatch/mailscanner2/pear/Net/Socket.php on line 108 > > > Carinus > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joan.bryan at KCL.AC.UK Mon Feb 7 12:11:26 2005 From: joan.bryan at KCL.AC.UK (Joan Bryan) Date: Thu Jan 12 21:28:27 2006 Subject: invalid queue file?? help! :( Message-ID: Hi We are running MailScanner-4.34-8 and this problem no longer occurs with exim. If you can't upgrade lib/MailScanner/exim.pm is the file that needs to be altered. Also just delete the invalid queue files, they are just spam. Joan On Sun, 6 Feb 2005 20:24:28 +1100 Andrew wrote: > Hi! > > I started getting this message in my maillog this afternoon - > > MailScanner[29869]: Batch: Ignoring invalid queue file for message > 1CxiUW-0007sC-6J-H > (find the contents below) > > I am using exim 4.3.x - what could be causing this error? (nothing has > changed :( ) - (I get this error for all messages). > > Any thought/help greatly appreciated. > > Thanks, > Andrew. > > charlie:/var/spool/exim4.in/input# cat 1CxiUW-0007sC-6J-H > 1CxiUW-0007sC-6J-H > root 0 0 > > 1107681244 0 > -helo_name 166-82-131-156.quickclick.ctc.net > -host_address 166.82.131.156.3877 > -host_name 166-82-131-156.quickclick.ctc.net > -interface_address x.x.x.x.25 > -received_protocol smtp > -acl 19 14 > 166.82.131.156 > -body_linecount 47 > -deliver_firsttime > XX > 3 > siteops@edited.com > travis@edited.com > bruce@edited.com > > 169P Received: from 166-82-131-156.quickclick.ctc.net ([166.82.131.156]) > by charlie.edited.com with smtp (Exim 4.34) > id 1CxiUW-0007sC-6J; Sun, 06 Feb 2005 20:14:05 +1100 > 058 X-Message-Info: V68RL558TFivipw7nGEipnJY31YWJ9uRIwhmJZ462 > 172P Received: from dns0usvi-realestate.com ([130.229.150.111]) by > zub789-7429.FSMXWAMIWITVRO@bulut.com with Microsoft SMTPSVC(5.0.2195.0266); > Sun, 06 Feb 2005 01:11:55 -0800 > 138P Received: (from cling@localhost) > by lifetime3.FSMXWAMIWITVRO@bulut.com (2.59.7/7.07.4) id g147LpQ70587; > Sun, 06 Feb 2005 01:11:55 -0800 > 055I Message-ID: <337926862.83066@FSMXWAMIWITVRO@bulut.com> > 051R Reply-To: "Helen Swain" > 047F From: "Helen Swain" > 037T To: "Siteops" > 016 Subject: August > 038 Date: Sun, 06 Feb 2005 01:11:55 -0800 > 018 MIME-Version: 1.0 > 067 Content-Type: multipart/alternative; > boundary="--424793811057263" > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ---------------------- Joan Bryan Unix Systems Administrator Information Systems Telephone: +44 (0) 20 7848 2671 mailto:joan.bryan@kcl.ac.uk ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From carinus.carelse at MRC.AC.ZA Mon Feb 7 12:33:56 2005 From: carinus.carelse at MRC.AC.ZA (Carinus Carelse) Date: Thu Jan 12 21:28:27 2006 Subject: MailWatch Query Message-ID: Ja thank you I had no idea it would forward to this list as well. I am gona test it now. Carinus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at FRACTALWEB.COM Mon Feb 7 15:43:01 2005 From: itdept at FRACTALWEB.COM (Fractal IT Dept.) Date: Thu Jan 12 21:28:27 2006 Subject: Bayes and spam increase? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi everyone! We've noticed an increase in the number of spam sneaking through with scores "just under" our threshold. After looking through the headers for these messages, I've noticed that bayes seems to have "no opinion" on the majority of these (ie. no bayes entry). Am I missing something? I thought bayes would score every message? Thanks. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at FRACTALWEB.COM Mon Feb 7 15:46:59 2005 From: itdept at FRACTALWEB.COM (Fractal IT Dept.) Date: Thu Jan 12 21:28:27 2006 Subject: Intermittent Blank Emails Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] We've experienced a few blank "zen mails" as well. In one case I saw Outlook 2003 pop up it's little summary in the bottom-right that DID have part of the message body, but then the message was blank; this was Outlook 2000 sending to Outlook 2003. In other cases, we've had people complain that HTML messages from Outlook Express arrived at another Outlook Express but weer blank. I have no idea what the cause might be. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Feb 7 15:47:57 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:27 2006 Subject: Bayes and spam increase? Message-ID: Hi mean bayes found no tokens in the message that it has in it's database. what sort of emails are these? Are you using the URI-RBLs, or any extra rules ontop ofthe base SA ones? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Fractal IT Dept. wrote: > Hi everyone! > > We've noticed an increase in the number of spam sneaking through with > scores "just under" our threshold. After looking through the headers for > these messages, I've noticed that bayes seems to have "no opinion" on > the majority of these (ie. no bayes entry). Am I missing something? I > thought bayes would score every message? > > Thanks. > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From G.Pentland at SOTON.AC.UK Mon Feb 7 15:56:32 2005 From: G.Pentland at SOTON.AC.UK (Pentland G.) Date: Thu Jan 12 21:28:27 2006 Subject: Intermittent Blank Emails Message-ID: In a newer developement it appears I have some more evidence. I turned off the "phishing" stuff and we haven't had another report. I'm still not fully convinced, I'm going to turn it back on and see if the reports start again... If they do then a newer version of MailScanner to be installed. If that doesn't solve it, it'll be back to Julian with my testing report for him to comment. If the reports don't restart when phishing goes back on then I don't where I'll be. Gary Fractal IT Dept. wrote: > We've experienced a few blank "zen mails" as well. In one case I saw > Outlook 2003 pop up it's little summary in the bottom-right that DID > have part of the message body, but then the message was blank; this > was Outlook 2000 sending to Outlook 2003. In other cases, we've had > people complain that HTML messages from Outlook Express arrived at > another Outlook Express but weer blank. > > I have no idea what the cause might be. > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dmehler26 at woh.rr.com Mon Feb 7 15:57:20 2005 From: dmehler26 at woh.rr.com (dave) Date: Thu Jan 12 21:28:27 2006 Subject: MailScanner 4.37 can not find sa Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, Thank you for your response. I stopped MailScanner enabled the debug options and have some information although i don't understand it. When MS starts i get the message "Spamassassin installation could not be found at /usr/local/lib/MailScanner/MailScanner/SA.pm line 119" I am confused. These packages are on here via the ports system so MS should see SA. Thanks. Dave. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Mon Feb 7 16:23:33 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:27 2006 Subject: Bayes and spam increase? Message-ID: At 10:43 AM 2/7/2005, Fractal IT Dept. wrote: >Hi everyone! > >We've noticed an increase in the number of spam sneaking through with >scores "just under" our threshold. After looking through the headers for >these messages, I've noticed that bayes seems to have "no opinion" on the >majority of these (ie. no bayes entry). Am I missing something? I thought >bayes would score every message? That's not entirely true, especially for the 2.6 series.. in 2.6x or 2.5x, In those any "no matches" or other 50/50 chance does not get a BAYES_ rule match. Can you tell us what version of SpamAssassin you are using? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Feb 7 16:56:24 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:27 2006 Subject: Missing BAYES??? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Chris Conn wrote: >> >> not in my experiance. the bayes system should tag all emails. >> >> I'd make sure MS is doing the re-sync of the bayes DB itself and an >> outside cron isn't trying to do this... >> >> In MainScanner.conf its the rebuild bayes options you need to set >> correctly and make sure it's set to wait while this happens as well. > > > Hello, > > This is what I have: > > Rebuild Bayes Every = 259200 > > Wait During Bayes Rebuild = yes > > Out of 4975 messages marked as possible spam today, only 4842 had > BAYES_XXX scores attached, the rest having a bunch of spamassassin > scores but no BAYES. > > Chris > That is a long Bayes rebuild interval. Maybe it is just taking a long time to rebuild. -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MHewryk at SYMCOR.COM Mon Feb 7 18:22:41 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:27 2006 Subject: Bayes and spam increase? Message-ID: Yes, I've got a lot untagged spam email on the weekend. I found BAYES_00 -2.60 attached to all of them. Thanks, Magda Matt Kettler To Sent by: MAILSCANNER@JISCMAIL.AC.UK MailScanner cc mailing list Re: Bayes and spam increase? 02/07/2005 11:23 AM Please respond to MailScanner mailing list At 10:43 AM 2/7/2005, Fractal IT Dept. wrote: >Hi everyone! > >We've noticed an increase in the number of spam sneaking through with >scores "just under" our threshold. After looking through the headers for >these messages, I've noticed that bayes seems to have "no opinion" on the >majority of these (ie. no bayes entry). Am I missing something? I thought >bayes would score every message? That's not entirely true, especially for the 2.6 series.. in 2.6x or 2.5x, In those any "no matches" or other 50/50 chance does not get a BAYES_ rule match. Can you tell us what version of SpamAssassin you are using? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Mon Feb 7 18:26:26 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:27 2006 Subject: You can't score AWL manually Message-ID: I asked before about the AWL score. I was told I could not score it but to tun off "use_auto_whitelist". I have searched high and low and can not find this setting. I have found "SpamAssassin Auto Whitelist = " I have changed it to no and reloaded (/etc/init.d/MailScanner reload). We are still getting spam passed because the AWL score brings it down over two points. This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nmeverde at NP.K12.MN.US Mon Feb 7 18:48:01 2005 From: nmeverde at NP.K12.MN.US (Nick Meverden) Date: Thu Jan 12 21:28:27 2006 Subject: You can't score AWL manually Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > I asked before about the AWL score. I was told I could not score it but > to tun off "use_auto_whitelist". I have searched high and low and can > not find this setting. I have found "SpamAssassin Auto Whitelist = " I > have changed it to no and reloaded (/etc/init.d/MailScanner reload). We > are still getting spam passed because the AWL score brings it down over > two points. edit spam.assassin.prefs.conf and add use_auto_whitelist 0 then reload mailscanner ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Mon Feb 7 18:37:39 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:27 2006 Subject: You can't score AWL manually Message-ID: At 01:26 PM 2/7/2005, David Curtis wrote: >I asked before about the AWL score. I was told I could not score it but >to tun off "use_auto_whitelist". I have searched high and low and can >not find this setting. I have found "SpamAssassin Auto Whitelist = " I >have changed it to no and reloaded (/etc/init.d/MailScanner reload). We >are still getting spam passed because the AWL score brings it down over >two points. If you are using SA 3.0.x you MUST use the "use_auto_whitelist" setting. This is a SpamAssassin setting, not a MailScanner setting, so put it in your /etc/mail/spamassassin/local.cf. The MailScanner.conf "SpamAssassin Auto Whitelist" setting only works for SpamAssassin versions prior to 3.0.0. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Mon Feb 7 18:41:08 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:28:27 2006 Subject: Bayes and spam increase? Message-ID: This sounds like the "bayes poisoning" issue that has been discussed numerous times on this list. I've kept the following in my spam.assassin.prefs.conf file: score BAYES_00 0 0 -0.05 -0.05 score BAYES_01 0 0 -0.04 -0.04 score BAYES_10 0 0 -0.03 -0.03 score BAYES_20 0 0 -0.02 -0.02 score BAYES_30 0 0 -0.01 -0.01 I don't trust Bayes enough to let it substantially lower a score -- only to increase a score. Jeff Earickson Colby College On Mon, 7 Feb 2005, Magda Hewryk wrote: > Date: Mon, 7 Feb 2005 13:22:41 -0500 > From: Magda Hewryk > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Bayes and spam increase? > > Yes, I've got a lot untagged spam email on the weekend. I found BAYES_00 > -2.60 attached to all of them. > > > Thanks, > > Magda > > > > Matt Kettler > .COM> To > Sent by: MAILSCANNER@JISCMAIL.AC.UK > MailScanner cc > mailing list > MAIL.AC.UK> Re: Bayes and spam increase? > > > 02/07/2005 11:23 > AM > > > Please respond to > MailScanner > mailing list > MAIL.AC.UK> > > > > > > > At 10:43 AM 2/7/2005, Fractal IT Dept. wrote: >> Hi everyone! >> >> We've noticed an increase in the number of spam sneaking through with >> scores "just under" our threshold. After looking through the headers for >> these messages, I've noticed that bayes seems to have "no opinion" on the >> majority of these (ie. no bayes entry). Am I missing something? I thought >> bayes would score every message? > > That's not entirely true, especially for the 2.6 series.. in 2.6x or 2.5x, > In those any "no matches" or other 50/50 chance does not get a BAYES_ rule > match. > > Can you tell us what version of SpamAssassin you are using? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Mon Feb 7 18:44:32 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:27 2006 Subject: You can't score AWL manually Message-ID: I do have the newest stable of SpamAssassin. Do I need to reload spamassassin in any way or just reload MailScanner? Thanks. >>> mkettler@EVI-INC.COM 2/7/2005 1:37:39 PM >>> At 01:26 PM 2/7/2005, David Curtis wrote: >I asked before about the AWL score. I was told I could not score it but >to tun off "use_auto_whitelist". I have searched high and low and can >not find this setting. I have found "SpamAssassin Auto Whitelist = " I >have changed it to no and reloaded (/etc/init.d/MailScanner reload). We >are still getting spam passed because the AWL score brings it down over >two points. If you are using SA 3.0.x you MUST use the "use_auto_whitelist" setting. This is a SpamAssassin setting, not a MailScanner setting, so put it in your /etc/mail/spamassassin/local.cf. The MailScanner.conf "SpamAssassin Auto Whitelist" setting only works for SpamAssassin versions prior to 3.0.0. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Feb 7 18:36:50 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:27 2006 Subject: You can't score AWL manually Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] David Curtis wrote: > I asked before about the AWL score. I was told I could not score it but > to tun off "use_auto_whitelist". I have searched high and low and can > not find this setting. I have found "SpamAssassin Auto Whitelist = " I > have changed it to no and reloaded (/etc/init.d/MailScanner reload). We > are still getting spam passed because the AWL score brings it down over > two points. Look in /etc/MailScanner/spam.assassin.prefs.conf use_auto_whitelist 0 ( or 1 to enable) -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Mon Feb 7 18:39:42 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:28:27 2006 Subject: sms.ac Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, My users (including me) are complaining about recieving bogus invitations from sms.ac . Anyone getting those? I blocked them at MTA level, but I'm not sure if that is the best move to handle them. Thanks, Ugo ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Mon Feb 7 18:52:07 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:27 2006 Subject: You can't score AWL manually Message-ID: At 01:44 PM 2/7/2005, David Curtis wrote: >I do have the newest stable of SpamAssassin. Do I need to reload >spamassassin in any way or just reload MailScanner? >Thanks. Just MailScanner... Since MailScanner loads SA directly at the perl API level, the running copy of SA is actually internal to MailScanner. MS has no dependency on the spamd tool that some other integration tools use. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Mon Feb 7 18:54:49 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:27 2006 Subject: You can't score AWL manually Message-ID: I have added the use_auto_whitelist 0 to MailScanner.conf and it did not like it. I added it to the Spamassassin local.conf. I will keep an eye on it and see if I get any more AWL. Thanks. >>> ssilva@SGVWATER.COM 2/7/2005 1:36:50 PM >>> David Curtis wrote: > I asked before about the AWL score. I was told I could not score it but > to tun off "use_auto_whitelist". I have searched high and low and can > not find this setting. I have found "SpamAssassin Auto Whitelist = " I > have changed it to no and reloaded (/etc/init.d/MailScanner reload). We > are still getting spam passed because the AWL score brings it down over > two points. Look in /etc/MailScanner/spam.assassin.prefs.conf use_auto_whitelist 0 ( or 1 to enable) -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Mon Feb 7 18:56:20 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:27 2006 Subject: You can't score AWL manually Message-ID: Thank you. >>> mkettler@EVI-INC.COM 2/7/2005 1:52:07 PM >>> At 01:44 PM 2/7/2005, David Curtis wrote: >I do have the newest stable of SpamAssassin. Do I need to reload >spamassassin in any way or just reload MailScanner? >Thanks. Just MailScanner... Since MailScanner loads SA directly at the perl API level, the running copy of SA is actually internal to MailScanner. MS has no dependency on the spamd tool that some other integration tools use. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Mon Feb 7 19:00:26 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:27 2006 Subject: see score for every e-mail. Message-ID: Is there a way to log the spamassassin score of every e-mail in the log? This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Mon Feb 7 19:07:10 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:28:27 2006 Subject: sms.ac Message-ID: Sure, I've been seeing a ton of them over the weekend -- all rejected by sbl-xbl.spamhaus.org at my MTA. Ho hum. Jeff Earickson Colby College On Mon, 7 Feb 2005, Ugo Bellavance wrote: > Date: Mon, 7 Feb 2005 13:39:42 -0500 > From: Ugo Bellavance > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: sms.ac > > Hi, > > My users (including me) are complaining about recieving bogus > invitations from sms.ac . Anyone getting those? I blocked them at MTA > level, but I'm not sure if that is the best move to handle them. > > Thanks, > > Ugo > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MHewryk at SYMCOR.COM Mon Feb 7 19:06:44 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:27 2006 Subject: Bayes and spam increase? Message-ID: Thanks! I'll do the same. Thanks, Magda "Jeff A. Earickson" MAILSCANNER@JISCMAIL.AC.UK Sent by: cc MailScanner mailing list Subject 02/07/2005 01:41 PM Please respond to MailScanner mailing list This sounds like the "bayes poisoning" issue that has been discussed numerous times on this list. I've kept the following in my spam.assassin.prefs.conf file: score BAYES_00 0 0 -0.05 -0.05 score BAYES_01 0 0 -0.04 -0.04 score BAYES_10 0 0 -0.03 -0.03 score BAYES_20 0 0 -0.02 -0.02 score BAYES_30 0 0 -0.01 -0.01 I don't trust Bayes enough to let it substantially lower a score -- only to increase a score. Jeff Earickson Colby College On Mon, 7 Feb 2005, Magda Hewryk wrote: > Date: Mon, 7 Feb 2005 13:22:41 -0500 > From: Magda Hewryk > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Bayes and spam increase? > > Yes, I've got a lot untagged spam email on the weekend. I found BAYES_00 > -2.60 attached to all of them. > > > Thanks, > > Magda > > > > Matt Kettler > .COM> To > Sent by: MAILSCANNER@JISCMAIL.AC.UK > MailScanner cc > mailing list > MAIL.AC.UK> Re: Bayes and spam increase? > > > 02/07/2005 11:23 > AM > > > Please respond to > MailScanner > mailing list > MAIL.AC.UK> > > > > > > > At 10:43 AM 2/7/2005, Fractal IT Dept. wrote: >> Hi everyone! >> >> We've noticed an increase in the number of spam sneaking through with >> scores "just under" our threshold. After looking through the headers for >> these messages, I've noticed that bayes seems to have "no opinion" on the >> majority of these (ie. no bayes entry). Am I missing something? I thought >> bayes would score every message? > > That's not entirely true, especially for the 2.6 series.. in 2.6x or 2.5 x, > In those any "no matches" or other 50/50 chance does not get a BAYES_ rule > match. > > Can you tell us what version of SpamAssassin you are using? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Mon Feb 7 19:12:29 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:28:27 2006 Subject: You can't score AWL manually Message-ID: David Curtis wrote: > I have added the use_auto_whitelist 0 to MailScanner.conf and it did > not like it. I added it to the Spamassassin local.conf. I will keep an > eye on it and see if I get any more AWL. > > Thanks. > >>>> ssilva@SGVWATER.COM 2/7/2005 1:36:50 PM >>> > David Curtis wrote: >> I asked before about the AWL score. I was told I could not score it >> but to tun off "use_auto_whitelist". I have searched high and low >> and can not find this setting. I have found "SpamAssassin Auto >> Whitelist = " I have changed it to no and reloaded >> (/etc/init.d/MailScanner reload). We are still getting spam passed >> because the AWL score brings it down over two points. > > Look in /etc/MailScanner/spam.assassin.prefs.conf > use_auto_whitelist 0 ( or 1 to enable) No, not MailScanner.conf, put it in /etc/MailScanner/spam.assassin.prefs.conf. May work fine in local.conf as well, never tried it there... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Mon Feb 7 19:13:25 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:27 2006 Subject: see score for every e-mail. Message-ID: At 02:00 PM 2/7/2005, David Curtis wrote: >Is there a way to log the spamassassin score of every e-mail in the >log? MailScanner.conf: # Do you want all non-spam to be logged? Useful if you want to see # all the SpamAssassin reports of mail that was marked as non-spam. # Note: It will generate a lot of log traffic. Log Non Spam = yes ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From magnus.moren at CITE.HH.SE Mon Feb 7 19:11:55 2005 From: magnus.moren at CITE.HH.SE (Magnus [ISO-8859-1] Morén) Date: Thu Jan 12 21:28:27 2006 Subject: see score for every e-mail. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Mon, 2005-02-07 at 14:00 -0500, David Curtis wrote: > Is there a way to log the spamassassin score of every e-mail in the > log? Try the first (or both of those): MailScanner.conf # Do you want all spam to be logged? Useful if you want to gather # spam statistics from your logs, but can increase the system load quite # a bit if you get a lot of spam. Log Spam = no # Do you want all non-spam to be logged? Useful if you want to see # all the SpamAssassin reports of mail that was marked as non-spam. # Note: It will generate a lot of log traffic. Log Non Spam = no -- Magnus Morén___________________________________________________________ Network and Computer Centre/CITE,Halmstad University, Tel:+46 35 167383 P.O Box 823, 301 18 Halmstad, SWEDEN email: magnus.moren@cite.hh.se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Mon Feb 7 19:38:54 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:27 2006 Subject: see score for every e-mail. Message-ID: Thanks. Don't know why I kept missing that. >>> mkettler@EVI-INC.COM 2/7/2005 2:13:25 PM >>> At 02:00 PM 2/7/2005, David Curtis wrote: >Is there a way to log the spamassassin score of every e-mail in the >log? MailScanner.conf: # Do you want all non-spam to be logged? Useful if you want to see # all the SpamAssassin reports of mail that was marked as non-spam. # Note: It will generate a lot of log traffic. Log Non Spam = yes ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From webalizer at NWCWEB.COM Mon Feb 7 19:53:33 2005 From: webalizer at NWCWEB.COM (Dave Duffner - NWCWEB.com) Date: Thu Jan 12 21:28:27 2006 Subject: Speaking of AWL... Message-ID: Greetings, Been following the AWL threads hoping there might be a clue for my problem, using MS 2.6.XX w/Ensim Pro so upgrading to 3.XX isn't an easy option as any Ensim upgrades will trash most of it: Randomly, without any plausible explanations we can find, I'll get e-mail tagged as SpamAssassin high scoring because of an AWL of like 80-90 range. We use a lower-scoring system than most, so any adjustment like this is way over the top. Strange part is that it's a positive adjustment of like 89 or 91? Not a negative? Still have no complete grip on the AWL and where it thinks it's getting it's information from. We have both the SA & MS packages running, we do have things whitelisted, but we're talking a random adjustment with no patterns. Sometimes not even on a valid whitelisted account (I think one time that way). Any clues on what to look for or adjust to change why that would be happening? Thanks! David J. Duffner VP Operations NWCWEB www.nwcweb.com -- Message scanned by MailScanner, and is believed to be clean. CONFIDENTIALITY NOTICE: This transmission intended for the specified destination and person. If this is not you, this e-mail must be deleted immediately. www.nwcweb.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jd at BENTECMED.COM Mon Feb 7 20:14:41 2005 From: jd at BENTECMED.COM (JD) Date: Thu Jan 12 21:28:27 2006 Subject: Mail not forwarding to mailserver after being scanned. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] After I installed the new sendmail 8.13 It seems to be ignoring the mailertable feature and not pushing the email to the correct ip. My maillog is telling me that it is trying to push the email to the domain again which just loops it back to itself. Maillog is showing the ip address of the domain instead of the mailserver specified in the mailertable. Any reason why this could be happening? mailertable reads bentecmed.com smtp:[192.168.1.4] Feb 7 11:42:48 localhost sendmail[1541]: j17JgHdS001528: SYSERR(root): mail.bentecmed.com. config error: mail loops back to me (MX problem?) Feb 7 11:42:48 localhost sendmail[1541]: j17JgHdS001528: to=jd@bentecmed.com, delay=00:00:11, xdelay=00:00:00, mailer=esmtp, pri=120003, relay=mail.bentecmed.com. [64.57.104.140], dsn=5.3.5, stat=Local configuration error Feb 7 11:42:48 localhost sendmail[1541]: j17JgHdS001528: SYSERR(root): hash map "Alias0": missing map file /etc/mail/aliases.db: No such file or directory I used the command makemap hash /etc/mail/mailertable < /etc/mail/mailertable to create the db which should be correct, so im not exactly sure what the problem is. -JD ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Mon Feb 7 20:18:12 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:27 2006 Subject: Speaking of AWL... Message-ID: At 02:53 PM 2/7/2005, Dave Duffner - NWCWEB.com wrote: > Randomly, without any plausible explanations we >can find, I'll get e-mail tagged as SpamAssassin high >scoring because of an AWL of like 80-90 range. We >use a lower-scoring system than most, so any adjustment >like this is way over the top. > > Strange part is that it's a positive adjustment >of like 89 or 91? High positive scores would tend to indicate GTUBE hangover, something which is fixed in SA 3.0, but 2.6 suffers from. > Not a negative? First, the AWL is *not* a whitelist. It's a score avenger, and has both black and white effects. People who have in the past sent low-scoring emails get any high-scoring emails pushed down. People who send lots of spam get any low-scoring emails pushed up. That said, there's no reason to expect negative only scores from the AWL. In fact, you may even see positive scores in nonspam, and negative scores in spam, and that's normal in many cases See: http://wiki.apache.org/spamassassin/AwlWrongWay > Still have no complete grip on the AWL and where >it thinks it's getting it's information from. Read the FAQ on the AWL for details of how it works: http://wiki.apache.org/spamassassin/AutoWhitelist ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From davidb at UNIQUEPHOTO.COM Mon Feb 7 20:35:34 2005 From: davidb at UNIQUEPHOTO.COM (David Ballengee) Date: Thu Jan 12 21:28:27 2006 Subject: Spam detection software, running on the system ", has Message-ID: I am reletively new to mail scanner and spamassassin. Anyway I am getting alot of message with Spam detection software, running on the system "", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. anyway is this normal? Is this just the system learning?? thanks Dave ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From webalizer at NWCWEB.COM Mon Feb 7 21:08:10 2005 From: webalizer at NWCWEB.COM (Dave Duffner - NWCWEB.com) Date: Thu Jan 12 21:28:27 2006 Subject: Speaking of AWL... Message-ID: Matt, So then I'll ask the obvious as I read those links you posted (thanks!)... Is it better to turn off the AWL feature of either MS or SA and just maintain our own white/black lists using 2.6? Is there any real benefit to AWL'ing if we have our own maintained list of what's kosher in our servers? We're not talking huge loads of clients here, so hands-on is not a problem. We'd upgrade, but any time Ensim tosses out a semi- related patch or upgrade that contains any element of MS or SA it likes to eat settings and generally foul things up resulting in massive reworks. Thanks! Dave > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Matt Kettler > Sent: Monday, February 07, 2005 3:18 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Speaking of AWL... > > > At 02:53 PM 2/7/2005, Dave Duffner - NWCWEB.com wrote: > > Randomly, without any plausible explanations we > >can find, I'll get e-mail tagged as SpamAssassin high > >scoring because of an AWL of like 80-90 range. We > >use a lower-scoring system than most, so any adjustment > >like this is way over the top. > > > > Strange part is that it's a positive adjustment > >of like 89 or 91? > > > High positive scores would tend to indicate GTUBE hangover, > something which is fixed in SA 3.0, but 2.6 suffers from. > > > > Not a negative? > > First, the AWL is *not* a whitelist. It's a score avenger, > and has both black and white effects. People who have in the > past sent low-scoring emails get any high-scoring emails > pushed down. People who send lots of spam get any low-scoring > emails pushed up. > > That said, there's no reason to expect negative only scores > from the AWL. In fact, you may even see positive scores in > nonspam, and negative scores in spam, and that's normal in many cases > > See: > http://wiki.apache.org/spamassassin/AwlWrongWay > > > > > Still have no complete grip on the AWL and where > >it thinks it's getting it's information from. > > > Read the FAQ on the AWL for details of how it works: > http://wiki.apache.org/spamassassin/AutoWhitelist > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' > in the body of the email. Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > Message scanned by MailScanner, and is believed to be clean. > CONFIDENTIALITY NOTICE: This transmission intended for the > specified destination and person. If this is not you, this > e-mail must be deleted immediately. www.nwcweb.com > -- Message scanned by MailScanner, and is believed to be clean. CONFIDENTIALITY NOTICE: This transmission intended for the specified destination and person. If this is not you, this e-mail must be deleted immediately. www.nwcweb.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raylund.lai at KANKANWOO.COM Mon Feb 7 21:13:41 2005 From: raylund.lai at KANKANWOO.COM (Raylund Lai) Date: Thu Jan 12 21:28:27 2006 Subject: MailScanner 4.37 can not find sa Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I've the regretting experience yesterday too. :( I've to pkg_deinstall -r perl and re-install all ports starting from perl again. But after I rescue the server, I read/found the information on /usr/ports/UPDATING with the following: --- 20050201: AFFECTS: users of lang/perl5 and lang/perl5.8 AUTHOR: tobez@FreeBSD.org lang/perl5 has been updated to 5.6.2, and lang/perl5.8 has been updated to 5.8.6. you should update everything depending on perl, that is: * first, upgrade your perl installation (use either lang/perl5 or lang/perl5.8, the latter being recommended); * for FreeBSD 4.X, run "use.perl port", so that the system knows you have 5.8.6 or 5.6.2; this step is not needed on FreeBSD 5.X and FreeBSD -CURRENT; * run some magic incantations to upgrade all ports depending on perl, that is run something like : portupgrade -f `(pkg_info -R perl-5\* |tail +4; \ find /usr/local/lib/perl5/site_perl/5.[68].[1245] -type f -print0 \ | xargs -0 pkg_which -fv | sed -e '/: ?/d' -e 's/.*: //')|sort -u` This is likely to fail for a few ports, you'll have to upgrade them afterwards by hand. --- I hope this will help you. (p.s. sorry I sent to your mailbox before, I should send it to the list. Anyway, someone on the list may help you more.) Cheers Raylund ----- Original Message ----- From: "dave" To: "Raylund Lai" Sent: Monday, February 07, 2005 3:56 PM Subject: Re: MailScanner 4.37 can not find sa > Hello, > Yah, as a matter of fact i did recently udate prl and i'm regretting > it. > I don't suppose you have a fast way of doing this, i used the command in > the > UPDATING file and that's when this started. > Thanks. > Dave. > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Mon Feb 7 21:25:55 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:28:27 2006 Subject: Mail not forwarding to mailserver after being scanned. Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of JD > Sent: Monday, February 07, 2005 3:15 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Mail not forwarding to mailserver after being scanned. > > After I installed the new sendmail 8.13 It seems to be ignoring the > mailertable feature and not pushing the email to the correct ip. My > maillog > is telling me that it is trying to push the email to the domain again > which > just loops it back to itself. Maillog is showing the ip address of the > domain instead of the mailserver specified in the mailertable. Any reason > why this could be happening? mailertable reads bentecmed.com > smtp:[192.168.1.4] This is a very common problem covered in the Sendmail FAQ: http://www.sendmail.org/faq/section4.html#4.5 > > Feb 7 11:42:48 localhost sendmail[1541]: j17JgHdS001528: SYSERR(root): > mail.bentecmed.com. config error: mail loops back to me (MX problem?) > Feb 7 11:42:48 localhost sendmail[1541]: j17JgHdS001528: > to=jd@bentecmed.com, delay=00:00:11, xdelay=00:00:00, mailer=esmtp, > pri=120003, relay=mail.bentecmed.com. [64.57.104.140], dsn=5.3.5, > stat=Local > configuration error > Feb 7 11:42:48 localhost sendmail[1541]: j17JgHdS001528: SYSERR(root): > hash > map "Alias0": missing map file /etc/mail/aliases.db: No such file or > directory > You didn't mention your operation system, but if it's Linux (or close to it) Edit /etc/aliases to add any aliases necessary for your configuration then run the command: newaliases or if that fails, try /usr/lib/sendmail -bi > I used the command makemap hash /etc/mail/mailertable < > /etc/mail/mailertable to create the db which should be correct, so im not > exactly sure what the problem is. > > -JD Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Mon Feb 7 21:30:36 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:27 2006 Subject: Speaking of AWL... Message-ID: At 04:08 PM 2/7/2005, Dave Duffner - NWCWEB.com wrote: > Is it better to turn off the AWL feature of either >MS or SA and just maintain our own white/black lists using >2.6? Well, Only SA has an AWL feature. It's just where you turn it off that differs between SA 2.6 and SA 3.0. (In 2.6 you use MailScanner.conf, in 3.0 you use the local.cf) > Is there any real benefit to AWL'ing if we have our >own maintained list of what's kosher in our servers? We're >not talking huge loads of clients here, so hands-on is not >a problem. Quite frankly, I'm not a big fan of either the AWL, nor static whitelists. IMO, the AWL may be useful, but really only in the single-user case. It's semi-OK in the multi-user case, but it's value is diluted greatly. It's also slightly subject to abuse by spammers (if they figure out how). Play with it, and use it if you like it, leave it if you don't. I myself don't care for it. For me static whitelists are really a "method of last resort" as they are just a way of covering up other problems with your SA setup that could be better fixed by configuration or rule adjustment. However, cooking up rule tweaks isn't exactly the simplest thing to do, so for many admins, whitelists are the way to go. However, no admin should need to create very many whitelist entries. If you find yourself creating lots of whitelists to avoid rampant FP problems, I'd strongly suggest stepping back and looking at why you're getting so many FP's in the first place. I personally run with only one whitelist command, plus SA's default set. In the past week no messages would have scored over +2.8 without the bonuses of the whitelists. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jd at BENTECMED.COM Mon Feb 7 22:51:37 2005 From: jd at BENTECMED.COM (JD) Date: Thu Jan 12 21:28:28 2006 Subject: Mail not forwarding to mailserver after being scanned. Message-ID: the sendmail Faq does address the issue but it states: There are a couple of additional cases where you don't actually want local delivery, and thus adding domain.net to class w is not the right fix: * When relay.domain.net should just be acting as a forwarder, e.g. a firewall/gateway box. The proper fix could be to set up a mailertable entry for domain.net. which I did but it doesn't seem to be using it. The interesting part is that once I went back to sendmail 8.12 everything worked okay. so maybe i'll just stay away from 8.13 -JD -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Stephen Swaney Sent: Monday, February 07, 2005 1:26 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Mail not forwarding to mailserver after being scanned. > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of JD > Sent: Monday, February 07, 2005 3:15 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Mail not forwarding to mailserver after being scanned. > > After I installed the new sendmail 8.13 It seems to be ignoring the > mailertable feature and not pushing the email to the correct ip. My > maillog > is telling me that it is trying to push the email to the domain again > which > just loops it back to itself. Maillog is showing the ip address of the > domain instead of the mailserver specified in the mailertable. Any reason > why this could be happening? mailertable reads bentecmed.com > smtp:[192.168.1.4] This is a very common problem covered in the Sendmail FAQ: http://www.sendmail.org/faq/section4.html#4.5 > > Feb 7 11:42:48 localhost sendmail[1541]: j17JgHdS001528: SYSERR(root): > mail.bentecmed.com. config error: mail loops back to me (MX problem?) > Feb 7 11:42:48 localhost sendmail[1541]: j17JgHdS001528: > to=jd@bentecmed.com, delay=00:00:11, xdelay=00:00:00, mailer=esmtp, > pri=120003, relay=mail.bentecmed.com. [64.57.104.140], dsn=5.3.5, > stat=Local > configuration error > Feb 7 11:42:48 localhost sendmail[1541]: j17JgHdS001528: SYSERR(root): > hash > map "Alias0": missing map file /etc/mail/aliases.db: No such file or > directory > You didn't mention your operation system, but if it's Linux (or close to it) Edit /etc/aliases to add any aliases necessary for your configuration then run the command: newaliases or if that fails, try /usr/lib/sendmail -bi > I used the command makemap hash /etc/mail/mailertable < > /etc/mail/mailertable to create the db which should be correct, so im not > exactly sure what the problem is. > > -JD Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From webalizer at NWCWEB.COM Mon Feb 7 23:14:20 2005 From: webalizer at NWCWEB.COM (Dave Duffner - NWCWEB.com) Date: Thu Jan 12 21:28:28 2006 Subject: Speaking of AWL... Message-ID: For some reason the List server didn't like this the way it was, so we'll try it again. Thought it saw some commands or something? > -----Original Message----- > From: Dave Duffner - NWCWEB.com [mailto:webalizer@nwcweb.com] > Sent: Monday, February 07, 2005 6:12 PM > To: 'MailScanner mailing list' > Subject: RE: Speaking of AWL... > > > Ok, > > This went from mediocre to way off base... > > Went into MailScanner.conf, found the setting to > disable SA's AWL feature. Explanation there is minimal but > it looks like a bad thing to turn it off. Going with the > sensible advice below, turned it off anyways. > > I'm monitoring the flow through MailWatch and I > note higher loads since doing so, can live with that as > it's spastic and not constant. > > BUT... I'm watching the flow Last 50 messages and > note the following: > > #1 - It starts Whitelisting things randomly? Mail > to/from the same people is W/L 50% of the time and others > not. What's with that, especially as the accounts and domain > in question aren't even in the WL we had created previously? > > #2 - Spammer sends 3 copies of the same junk to the > same client address on a particular box. The following > occurs: > > 1st Copy - MS says Clean, passed to allow SA to tag it. > > 2nd Copy - MS Whitelists the thing? > > 3rd Copy - MS Whitelists again? > > I note that the 1st copy only comes from the source > IP, but the other two have been received by our main IP as well > (double-relayed?) and I think that's why it's whitelisting > it. > > So either something misconfigured since taking SA AWL > out of the picture or I've developed a new problem. Only > confusing part is why taking SA's AWL out would suddenly > cause these effects since MailScanner's techincally getting > it to play with first? > > Dave > > > > > -----Original Message----- > > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > Behalf Of Matt Kettler > > Sent: Monday, February 07, 2005 4:31 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Speaking of AWL... > > > > > > At 04:08 PM 2/7/2005, Dave Duffner - NWCWEB.com wrote: > > > Is it better to turn off the AWL feature of > either MS or SA > > >and just maintain our own white/black lists using 2.6? > > > > Well, Only SA has an AWL feature. It's just where you turn > it off that > > differs between SA 2.6 and SA 3.0. (In 2.6 you use > MailScanner.conf, > > in 3.0 you use the local.cf) > > > > > > > > > Is there any real benefit to AWL'ing if we have our > > >own maintained list of what's kosher in our servers? We're > > not talking > > >huge loads of clients here, so hands-on is not a problem. > > > > > > Quite frankly, I'm not a big fan of either the AWL, nor static > > whitelists. > > > > IMO, the AWL may be useful, but really only in the > single-user case. > > It's semi-OK in the multi-user case, but it's value is diluted > > greatly. It's also slightly subject to abuse by spammers (if they > > figure out how). Play with it, and use it if you like it, > leave it if > > you don't. I myself don't care for it. > > > > For me static whitelists are really a "method of last > resort" as they > > are just a way of covering up other problems with your SA > setup that > > could be better fixed by configuration or rule adjustment. However, > > cooking up rule tweaks isn't exactly the simplest thing to > do, so for > > many admins, whitelists are the way to go. However, no admin should > > need to create very many whitelist entries. > > > > If you find yourself creating lots of whitelists to avoid > rampant FP > > problems, I'd strongly suggest stepping back and looking at > why you're > > getting so many FP's in the first place. > > > > I personally run with only one whitelist command, plus SA's default > > set. In the past week no messages would have scored over > +2.8 without > > the bonuses of the whitelists. > > > > ------------------------ MailScanner list > > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk > > with the words: 'leave mailscanner' in the body of the > email. Before > > posting, read the MAQ > > (http://www.mailscanner.biz/maq/) and the archives > > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > -- > > Message scanned by MailScanner, and is believed to be clean. > > CONFIDENTIALITY NOTICE: This transmission intended for the > specified > > destination and person. If this is not you, this > > e-mail must be deleted immediately. www.nwcweb.com > > > > > -- > Message scanned by MailScanner, and is believed to be clean. > CONFIDENTIALITY NOTICE: This transmission intended for the > specified destination and person. If this is not you, this > e-mail must be deleted immediately. www.nwcweb.com > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' > in the body of the email. Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Message scanned by MailScanner, and is believed to be clean. CONFIDENTIALITY NOTICE: This transmission intended for the specified destination and person. If this is not you, this e-mail must be deleted immediately. www.nwcweb.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cconn at ABACOM.COM Mon Feb 7 23:24:43 2005 From: cconn at ABACOM.COM (Chris Conn) Date: Thu Jan 12 21:28:28 2006 Subject: Missing BAYES??? Message-ID: Scott Silva wrote: > Chris Conn wrote: > >>> >>> not in my experiance. the bayes system should tag all emails. >>> >>> I'd make sure MS is doing the re-sync of the bayes DB itself and an >>> outside cron isn't trying to do this... >>> >>> In MainScanner.conf its the rebuild bayes options you need to set >>> correctly and make sure it's set to wait while this happens as well. >> >> >> >> Hello, >> >> This is what I have: >> >> Rebuild Bayes Every = 259200 >> >> Wait During Bayes Rebuild = yes >> >> Out of 4975 messages marked as possible spam today, only 4842 had >> BAYES_XXX scores attached, the rest having a bunch of spamassassin >> scores but no BAYES. >> >> Chris >> > That is a long Bayes rebuild interval. Maybe it is just taking a long > time to rebuild. Hello, According to my logs, the database rebuilds in about 120 seconds. Is that excessively long? Chris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john.crossan at valleypres.org Mon Feb 7 23:40:52 2005 From: john.crossan at valleypres.org (John Crossan) Date: Thu Jan 12 21:28:28 2006 Subject: Bayes and spam increase? Message-ID: I liked your Idea, I was getting too many false negatives due to bays. after running SpamAssassin lint I used the following because some of yours were not in my SpamAssassin version. score BAYES_00 0 0 -0.04 -0.04 score BAYES_05 0 0 -0.03 -0.03 score BAYES_20 0 0 -0.02 -0.02 score BAYES_40 0 0 -0.01 -0.01 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Jeff A. Earickson Sent: Monday, February 07, 2005 10:41 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Bayes and spam increase? This sounds like the "bayes poisoning" issue that has been discussed numerous times on this list. I've kept the following in my spam.assassin.prefs.conf file: score BAYES_00 0 0 -0.05 -0.05 score BAYES_01 0 0 -0.04 -0.04 score BAYES_10 0 0 -0.03 -0.03 score BAYES_20 0 0 -0.02 -0.02 score BAYES_30 0 0 -0.01 -0.01 I don't trust Bayes enough to let it substantially lower a score -- only to increase a score. Jeff Earickson Colby College On Mon, 7 Feb 2005, Magda Hewryk wrote: > Date: Mon, 7 Feb 2005 13:22:41 -0500 > From: Magda Hewryk > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Bayes and spam increase? > > Yes, I've got a lot untagged spam email on the weekend. I found BAYES_00 > -2.60 attached to all of them. > > > Thanks, > > Magda > > > > Matt Kettler > .COM> To > Sent by: MAILSCANNER@JISCMAIL.AC.UK > MailScanner cc > mailing list > MAIL.AC.UK> Re: Bayes and spam increase? > > > 02/07/2005 11:23 > AM > > > Please respond to > MailScanner > mailing list > MAIL.AC.UK> > > > > > > > At 10:43 AM 2/7/2005, Fractal IT Dept. wrote: >> Hi everyone! >> >> We've noticed an increase in the number of spam sneaking through with >> scores "just under" our threshold. After looking through the headers for >> these messages, I've noticed that bayes seems to have "no opinion" on the >> majority of these (ie. no bayes entry). Am I missing something? I thought >> bayes would score every message? > > That's not entirely true, especially for the 2.6 series.. in 2.6x or 2.5x, > In those any "no matches" or other 50/50 chance does not get a BAYES_ rule > match. > > Can you tell us what version of SpamAssassin you are using? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Feb 7 23:30:44 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:28 2006 Subject: Missing BAYES??? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Chris Conn wrote: > Scott Silva wrote: > >> Chris Conn wrote: >> >>>> >>>> not in my experiance. the bayes system should tag all emails. >>>> >>>> I'd make sure MS is doing the re-sync of the bayes DB itself and an >>>> outside cron isn't trying to do this... >>>> >>>> In MainScanner.conf its the rebuild bayes options you need to set >>>> correctly and make sure it's set to wait while this happens as well. >>> >>> >>> >>> >>> Hello, >>> >>> This is what I have: >>> >>> Rebuild Bayes Every = 259200 >>> >>> Wait During Bayes Rebuild = yes >>> >>> Out of 4975 messages marked as possible spam today, only 4842 had >>> BAYES_XXX scores attached, the rest having a bunch of spamassassin >>> scores but no BAYES. >>> >>> Chris >>> >> That is a long Bayes rebuild interval. Maybe it is just taking a long >> time to rebuild. > > > Hello, > > According to my logs, the database rebuilds in about 120 seconds. Is > that excessively long? > > Chris > It shouldn't be that bad, as long as MailScanner is waiting during that time. Maybe check the same area of the log and look for any MailScanner processing log entries during the time of the rebuild. Mine dakes an average of 30 seconds from the rebuild is due to the rebuild completed. But I also run a rebuild every 12 hours, just to keep it light. -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john.crossan at valleypres.org Tue Feb 8 00:19:27 2005 From: john.crossan at valleypres.org (John Crossan) Date: Thu Jan 12 21:28:28 2006 Subject: Problem with adding RBL's DNS timeouts Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Can some one please help me I can not seem to find the cause of the problem. We receive way too many spam and viruses from China and Korea. The rules below worked for making Korean and Chinese spam high scoring spam when they were first put in place. They are not working now. *** begin of RBL Rules here from /etc/MailScanner/spamassassin.prefs.conf header X_KOREAN_RELAY eval:check_rbl('relay','korea.services.net.') describe X_KOREAN_RELAY Received via a relay in Korea score X_KOREAN_RELAY 10 header X_CHINESE_RELAY eval:check_rbl('relay', 'cn.rbl.cluecentral.net.') describe X_CHINESE_RELAY Received via a relay in China score X_CHINESE_RELAY 10 *** end of RBL rules here is a message from 61.84.84.38 The address is in the korean services database http://korea.services.net/blocked.phtml?addr=61.35.194.108 It looks like I am getting a DNS timeout of 3 seconds, but I have set in /etc/MailScanner/spamassassin.prefs.conf rbl_timeout 20 When I try to debug SpamAssassin with the folioing command /usr/bin/spamassassin -x -D -p /etc/MailScanner/spam.assassin.prefs.conf 0.998560747663551 debug: bayes token 'H*u:3.2.2' => 0.998560747663551 debug: bayes token 'UD:casinonewsservice.com' => 0.998295202952029 debug: bayes token 'sk:casinon' => 0.998295202952029 debug: bayes token 'www.casinonewsservice.com' => 0.998295202952029 debug: bayes token 'wwwcasinonewsservicecom' => 0.998295202952029 debug: bayes token 'UD:www.casinonewsservice.com' => 0.998295202952029 debug: bayes token 'H*RT:127.0.0.1' => 0.012402038762634 debug: bayes token 'competitions' => 0.987150906733285 debug: bayes token 'Thanks' => 0.0173691346180195 debug: bayes token 'Sign' => 0.0209378459820981 debug: bayes token 'UD:bottom.gif' => 0.975148999801698 debug: bayes token 'bottomgif' => 0.975148999801698 debug: bayes token 'bottom.gif' => 0.975148999801698 debug: bayes token 'H*RT:sk:localho' => 0.02864952653931 debug: bayes token '24-48' => 0.965009087146444 debug: bayes token 'H*MI:108' => 0.958 debug: bayes token 'winner.gif' => 0.958 debug: bayes token 'H*MI:sk:1876981' => 0.958 debug: bayes token 'UD:b_join2.gif' => 0.958 debug: bayes token '1n.gif' => 0.958 debug: bayes token 'aff664.html' => 0.958 debug: bayes token 'blinkgif' => 0.958 debug: bayes token 'UD:1n.gif' => 0.958 debug: bayes token 'H*M:sk:1876981' => 0.958 debug: bayes token '$21,972.50' => 0.958 debug: bayes token 'Lightspeed' => 0.958 debug: bayes token 'happyjpg' => 0.958 debug: bayes token 'UD:winner2.gif' => 0.958 debug: bayes token '2197250' => 0.958 debug: bayes token 'slot!' => 0.958 debug: bayes token 'casino' => 0.958 debug: bayes token '$20,985' => 0.958 debug: bayes token 'winning!' => 0.958 debug: bayes token '1286163' => 0.958 debug: bayes token '$20,002.25' => 0.958 debug: bayes token 'blink.gif' => 0.958 debug: bayes token 'UD:blink.gif' => 0.958 debug: bayes token 'Slot!' => 0.958 debug: bayes token 'H*r:ip*61.132.103.175' => 0.958 debug: bayes token 'H*RU:61.132.103.175' => 0.958 debug: bayes token 'happy.jpg' => 0.958 debug: bayes token 'lightspeed' => 0.958 debug: bayes token 'blackjack' => 0.958 debug: bayes token 'Blackjack!' => 0.958 debug: bayes token 'WINNING' => 0.958 debug: bayes token '$12,861.63' => 0.958 debug: bayes token 'UD:prismcasino.com' => 0.958 debug: bayes token 'H*M:108' => 0.958 debug: bayes token 'prism!' => 0.958 debug: bayes token 'H*M:194' => 0.958 debug: bayes token 'shyles' => 0.958 debug: bayes token 'H*RT:sk:1Cxchw-' => 0.958 debug: bayes token 'Casino' => 0.958 debug: bayes token 'winner2gif' => 0.958 debug: bayes token 'UD:join.gif' => 0.958 debug: bayes token 'Blackjack' => 0.958 debug: bayes token 'UD:winner.gif' => 0.958 debug: bayes token '20985' => 0.958 debug: bayes token 'H*MI:194' => 0.958 debug: bayes token 'Slots!' => 0.958 debug: bayes token 'NEXT!!!' => 0.958 debug: bayes token 'slot' => 0.958 debug: bayes token 'HX-Originating-IP:61.132.103.175' => 0.958 debug: bayes token 'slots!' => 0.958 debug: bayes token 'H*r:ip*61.35.194.108' => 0.958 debug: bayes token 'Prism' => 0.958 debug: bayes token 'b_join2.gif' => 0.958 debug: bayes token '$24,500' => 0.958 debug: bayes token 'aff664html' => 0.958 debug: bayes token 'Poker!' => 0.958 debug: bayes token 'b_join2gif' => 0.958 debug: bayes token 'Slots' => 0.958 debug: bayes token 'join.gif' => 0.958 debug: bayes token 'UD:aff664.html' => 0.958 debug: bayes token 'H*r:61.35.194' => 0.958 debug: bayes token 'opted' => 0.958 debug: bayes token '24500' => 0.958 debug: bayes token 'H*F:D*themackintoshgroup.com' => 0.958 debug: bayes token 'H*RT:3733A17C3BC' => 0.958 debug: bayes token '$16,604.84' => 0.958 debug: bayes token 'prism' => 0.958 debug: bayes token 'wwwprismcasinocom' => 0.958 debug: bayes token 'UD:www.prismcasino.com' => 0.958 debug: bayes token '2000225' => 0.958 debug: bayes token 'stud' => 0.958 debug: bayes token 'likeawinner' => 0.958 debug: bayes token 'joingif' => 0.958 debug: bayes token 'Stud' => 0.958 debug: bayes token 'poker!' => 0.958 debug: bayes token 'Shyles' => 0.958 debug: bayes token 'Prism!' => 0.958 debug: bayes token 'H*F:U*mutiduldndk' => 0.958 debug: bayes token 'H*r:61.132.103' => 0.958 debug: bayes token 'blackjack!' => 0.958 debug: bayes token '1ngif' => 0.958 debug: bayes token 'H*RT:61.35.194.108' => 0.958 debug: bayes token '1660484' => 0.958 debug: bayes token 'winner2.gif' => 0.958 debug: bayes token 'Slot' => 0.958 debug: bayes token 'WINNING!' => 0.958 debug: bayes token 'winnergif' => 0.958 debug: bayes token 'next!!!' => 0.958 debug: bayes token 'UD:happy.jpg' => 0.958 debug: bayes token 'H*RU:61.35.194.108' => 0.958 debug: bayes token 'www.prismcasino.com' => 0.958 debug: bayes token 'lot' => 0.044895692042425 debug: bayes token '2448' => 0.95430405388566 debug: bayes token 'H*RT:localhost' => 0.0473872937162061 debug: bayes token 'sign' => 0.0474079192441118 debug: bayes token 'H*r:127.0.0' => 0.049130482849064 debug: bayes token 'H*r:ip*127.0.0.1' => 0.0491841151512138 debug: bayes token 'fred' => 0.0556372736522324 debug: bayes token 'Fred' => 0.060733334043679 debug: bayes token 'H*r:IMP' => 0.933586912131647 debug: bayes token 'received' => 0.0760562450550159 debug: bayes token 'H*r:localhost' => 0.0893318623310851 debug: bayes token 'UD:gif' => 0.901478831666989 debug: bayes token 'send' => 0.0995942422996249 debug: bayes token 'found' => 0.104122394600291 debug: bayes token 'thanks' => 0.106304648610173 debug: bayes token 'could' => 0.108010343053283 debug: bayes token 'H*u:IMP' => 0.891799885344535 debug: bayes token 'H*u:Messaging' => 0.891799885344535 debug: bayes token 'H*UA:Program' => 0.891799885344535 debug: bayes token 'H*UA:IMP' => 0.891799885344535 debug: bayes token 'H*u:Program' => 0.891799885344535 debug: bayes token 'H*UA:Messaging' => 0.891799885344535 debug: bayes token 'unsubscribe' => 0.110265209673694 debug: bayes token 'but' => 0.110585846533574 debug: bayes token 'growing' => 0.110616525759099 debug: bayes token 'immediately' => 0.114143395640858 debug: bayes token 'database' => 0.114667404363985 debug: bayes token 'join' => 0.114691627207864 debug: bayes token 'UD:jpg' => 0.884339732639795 debug: bayes token 'This' => 0.11692315371609 debug: bayes token 'about' => 0.117577720389553 debug: bayes token 'H*u:Internet' => 0.882360014009373 debug: bayes token 'players' => 0.119726772600525 debug: bayes token 'don't' => 0.120864025041217 debug: bayes token 'dont' => 0.121664665868965 debug: bayes token 'Antonio' => 0.127223696110676 debug: bayes token 'next' => 0.12998331962496 debug: bayes token 'list' => 0.135367080923577 debug: bayes token 'this' => 0.138983167668796 debug: bayes token 'those' => 0.139088974059656 debug: bayes token 'winners' => 0.140487093414031 debug: bayes token 'either' => 0.141241110170095 debug: bayes token 'Caribbean' => 0.142036851334444 debug: bayes token 'caribbean' => 0.142036851334444 debug: bayes token 'HTo:U*catherine.litten' => 0.853988921474622 debug: bayes: score = 0.99999978578356 debug: bayes: 31553 untie-ing debug: bayes: 31553 untie-ing db_toks debug: bayes: 31553 untie-ing db_seen debug: registering glue method for check_uridnsbl (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8498ff4)) debug: Razor2 is not available debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8498ff4) implements 'check_tick' debug: URIDNSBL: query for prismcasino.com took 1 seconds to look up (multi.surbl.org.:prismcasino.com) debug: URIDNSBL: domain "casinonewsservice.com" listed (URIBL_AB_SURBL): 127.0.0.96 debug: URIDNSBL: query for casinonewsservice.com took 2 seconds to look up (multi.surbl.org.:casinonewsservice.com) debug: URIDNSBL: queries completed: 4 started: 6 debug: URIDNSBL: queries active: at Mon Feb 7 16:12:29 2005 debug: running raw-body-text per-line regexp tests; score so far=5.733 debug: running full-text regexp tests; score so far=5.733 debug: Razor2 is not available debug: Current PATH is: /usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin: /usr/local/mysql/bin debug: Pyzor is not available: pyzor not found debug: DCCifd is not available: no r/w dccifd socket found. debug: DCC is not available: no executable dccproc found. debug: Running tests for priority: 500 debug: URIDNSBL: queries completed: 6 started: 6 debug: URIDNSBL: queries active: at Mon Feb 7 16:12:29 2005 debug: URIDNSBL: domain "casinonewsservice.com" listed (URIBL_SBL): "http://www.spamhaus.org/SBL/sbl.lasso?query=SBL18954" debug: URIDNSBL: domain "casinonewsservice.com" listed (URIBL_SBL): "http://www.spamhaus.org/SBL/sbl.lasso?query=SBL15331" debug: URIDNSBL: query for casinonewsservice.com took 3 seconds to look up (sbl.spamhaus.org.:61.9.53.66) debug: URIDNSBL: domain "casinonewsservice.com" listed (URIBL_SBL): "http://www.spamhaus.org/SBL/sbl.lasso?query=SBL13005" debug: URIDNSBL: query for casinonewsservice.com took 3 seconds to look up (sbl.spamhaus.org.:254.151.203.65) debug: URIDNSBL: domain "casinonewsservice.com" listed (URIBL_SBL): "http://www.spamhaus.org/SBL/sbl.lasso?query=SBL13005" debug: URIDNSBL: query for casinonewsservice.com took 3 seconds to look up (sbl.spamhaus.org.:245.151.203.65) debug: URIDNSBL: domain "prismcasino.com" listed (URIBL_SBL): "http://www.spamhaus.org/SBL/sbl.lasso?query=SBL19808" debug: URIDNSBL: query for prismcasino.com took 3 seconds to look up (sbl.spamhaus.org.:42.212.193.216) debug: URIDNSBL: domain "prismcasino.com" listed (URIBL_SBL): "http://www.spamhaus.org/SBL/sbl.lasso?query=SBL12500" debug: URIDNSBL: query for prismcasino.com took 3 seconds to look up (sbl.spamhaus.org.:8.228.163.66) debug: URIDNSBL: query for casinonewsservice.com took 3 seconds to look up (sbl.spamhaus.org.:236.251.5.221) debug: URIDNSBL: queries completed: 6 started: 0 debug: URIDNSBL: queries active: at Mon Feb 7 16:12:30 2005 debug: RBL: success for 17 of 18 queries debug: DNS: timeout for relay after 3 seconds debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8498ff4) implements 'check_post_dnsbl' debug: running meta tests; score so far=12.951 debug: running header regexp tests; score so far=12.951 debug: running body-text per-line regexp tests; score so far=12.951 debug: running uri tests; score so far=12.951 debug: running raw-body-text per-line regexp tests; score so far=12.951 debug: running full-text regexp tests; score so far=12.951 debug: Running tests for priority: 1000 debug: running meta tests; score so far=12.951 debug: running header regexp tests; score so far=12.951 debug: running body-text per-line regexp tests; score so far=12.951 debug: running uri tests; score so far=12.951 debug: running raw-body-text per-line regexp tests; score so far=12.951 debug: running full-text regexp tests; score so far=12.951 debug: auto-learn: currently using scoreset 3, recomputing score based on scoreset 1. debug: auto-learn: message score: 12.951, computed score for autolearn: 11.065 debug: auto-learn? ham=0.1, spam=12, body-points=9.51, head-points=6.32, learned-points=1.886 debug: auto-learn? no: inside auto-learn thresholds, not considered ham or spam debug: is spam? score=12.951 required=5 debug: tests=BAYES_99,HTML_80_90,HTML_EVENT_UNSAFE,HTML_FONT_BIG,HTML_IMAGE_RATIO_0 6,HTML_MESSAGE,HTML_SHOUTING3,MARKETING_PARTNERS,MIME_HTML_ONLY,RCVD_BY_IP,R CVD_IN_DSBL,RCVD_IN_XBL,RCVD_NUMERIC_HELO,URIBL_AB_SURBL,URIBL_SBL debug: subtests=__CT,__CTE,__CTYPE_CHARSET_QUOTED,__CTYPE_HTML,__HAS_MSGID,__HAS_SU BJECT,__MIME_HTML,__MIME_VERSION,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__MSGID_R ANDY,__RATWARE_0_TZ_DATE,__SANE_MSGID,__TAG_EXISTS_BODY,__TAG_EXISTS_CENTER, __TAG_EXISTS_HEAD,__TAG_EXISTS_HTML,__TAG_EXISTS_META,__USER_AGENT Received: from localhost by clamav.valleypres.org with SpamAssassin (version 3.0.1); Mon, 07 Feb 2005 16:12:30 -0800 From: "Emm" To: "Tina" Subject: find your fortune now! Date: Sun, 6 Feb 2005 03:14:15 +0000 Message-Id: <1876981107659655@61.35.194.108> X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on clamav.valleypres.org X-Spam-Level: ************ X-Spam-Status: Yes, score=13.0 required=5.0 tests=BAYES_99,HTML_80_90, HTML_EVENT_UNSAFE,HTML_FONT_BIG,HTML_IMAGE_RATIO_06,HTML_MESSAGE, HTML_SHOUTING3,MARKETING_PARTNERS,MIME_HTML_ONLY,RCVD_BY_IP, RCVD_IN_DSBL,RCVD_IN_XBL,RCVD_NUMERIC_HELO,URIBL_AB_SURBL,URIBL_SBL autolearn=no version=3.0.1 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----------=_420803EE.E191ABC4" This is a multi-part message in MIME format. ------------=_420803EE.E191ABC4 Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: 8bit Spam detection software, running on the system "clamav.valleypres.org", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see john.crossan@valleypres.org for details. Content preview: casinonewsservice Prism Casino is the place to be for players who are serious about WINNING! Sign up today and join the growing list of players who have found their fortune at Prism! WINNERS player won game Fred S. won $24,500 on Blackjack! Antonio A. won $21,972.50 on Video Poker! Irene B. won $20,985 on Slots! Shyles G. won $20,002.25 on Blackjack & Caribbean Stud Poker! Valerie T. won $16,604.84 on Slots! Bonnie M. won $12,861.63 on Lightspeed Slot! [...] Content analysis details: (13.0 points, 5.0 required) pts rule name description ---- ---------------------- ------------------------------------------------ -- 0.1 RCVD_BY_IP Received by mail server with no name 1.2 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO 1.4 MARKETING_PARTNERS BODY: Claims you registered with a partner 0.1 HTML_IMAGE_RATIO_06 BODY: HTML has a low ratio of text to image area 0.1 HTML_80_90 BODY: Message is 80% to 90% HTML 0.0 HTML_SHOUTING3 BODY: HTML has very strong "shouting" markup 0.0 HTML_MESSAGE BODY: HTML included in message 0.1 HTML_FONT_BIG BODY: HTML tag for a big font size 1.9 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.0000] 0.2 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 0.5 HTML_EVENT_UNSAFE BODY: HTML contains unsafe auto-executing code 3.8 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org [] 2.0 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL [61.35.194.108 listed in sbl-xbl.spamhaus.org] 1.0 URIBL_SBL Contains an URL listed in the SBL blocklist [URIs: prismcasino.com casinonewsservice.com] 0.4 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist [URIs: casinonewsservice.com] The original message was not completely plain text, and may be unsafe to open with some email clients; in particular, it may contain a virus, or confirm that your address can receive spam. If you wish to view it, it may be safer to save it to a file and open it with an editor. ------------=_420803EE.E191ABC4 Content-Type: message/rfc822; x-spam-type=original Content-Description: original message before SpamAssassin Content-Disposition: attachment Content-Transfer-Encoding: 8bit Received: from mail.valleypres.org (firewall.valleypres.org [192.6.1.253]) by clamav.valleypres.org (Postfix) with ESMTP id 3733A17C3BC for ; Sat, 5 Feb 2005 19:03:33 -0800 (PST) Received: from [61.35.194.108] (helo=61.35.194.108) by mail.valleypres.org with esmtp (Exim 3.13 #5) id 1Cxchw-0008OQ-00 for catherine.litten@valleypres.org; Sat, 05 Feb 2005 19:03:32 -0800 Received: from unknown (HELO localhost) (127.0.0.1) by localhost.csirlyd.com with SMTP; Sun, 6 Feb 2005 03:14:15 +0000 Received: from 61.132.103.175 (61.132.103.175[61.132.103.175]) by 61.35.194.108 (IMP) with HTTP for ;Sun, 6 Feb 2005 03:14:15 +0000 Message-ID: <1876981107659655@61.35.194.108> From: "Emm" To: "Tina" Subject: find your fortune now! Date: Sun, 6 Feb 2005 03:14:15 +0000 MIME-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: 8bit User-Agent: Internet Messaging Program (IMP) 3.2.2 X-Originating-IP: 61.132.103.175 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Tue Feb 8 00:51:49 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:28:28 2006 Subject: Which OS? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I am moving my server to a hosted service. They offer many different distributions on the server. As all you guys have much more experience with MS than I do I was wondering if you would offer some advice. Of this list which would be the easiest to maintain and run? CentOS 3.1 (RHEL) Debian 3.0r1 Fedora Core 2 Fedore Core 1 Gentoo Linux 2004.2 (09-14) Mandrake 9.1 Mandrake 9.1 Red Hat 8.0 Red Hat 9.0 Red Hat 9.0 Slackware 10 Slackware 9.0 Ubuntu 4.10 Thanks Lance ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From b.addis at TIMESMEDIA.CO.NZ Tue Feb 8 00:49:27 2005 From: b.addis at TIMESMEDIA.CO.NZ (Brent Addis) Date: Thu Jan 12 21:28:28 2006 Subject: Which OS? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] At the risk of starting a flamewar, Debian 3.01! :) Regards, Brent Addis Group Systems Administrator Times Media Group "He who knows, does not speak. He who speaks, does not know". -- Lao Tsu Lance Haig wrote: > Hi, > > I am moving my server to a hosted service. They offer many different > distributions on the server. > > As all you guys have much more experience with MS than I do I was > wondering if you would offer some advice. > Of this list which would be the easiest to maintain and run? > > CentOS 3.1 (RHEL) > Debian 3.0r1 > Fedora Core 2 > Fedore Core 1 > Gentoo Linux 2004.2 (09-14) > Mandrake 9.1 > Mandrake 9.1 > Red Hat 8.0 > Red Hat 9.0 > Red Hat 9.0 > Slackware 10 > Slackware 9.0 > Ubuntu 4.10 > > Thanks > > Lance > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From eneal at dfi-intl.com Tue Feb 8 00:00:00 2005 From: eneal at dfi-intl.com (Errol Uriel Neal Jr.) Date: Thu Jan 12 21:28:28 2006 Subject: Which OS? Message-ID: Or if you are feeling really bold... Debian sarge... Yummy Errol -----Original Message----- From: Brent Addis Date: Tue, 8 Feb 2005 13:49:27 To:MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Which OS? At the risk of starting a flamewar, Debian 3.01! :) Regards, Brent Addis Group Systems Administrator Times Media Group "He who knows, does not speak. He who speaks, does not know". -- Lao Tsu Lance Haig wrote: > Hi, > > I am moving my server to a hosted service. They offer many different > distributions on the server. > > As all you guys have much more experience with MS than I do I was > wondering if you would offer some advice. > Of this list which would be the easiest to maintain and run? > > CentOS 3.1 (RHEL) > Debian 3.0r1 > Fedora Core 2 > Fedore Core 1 > Gentoo Linux 2004.2 (09-14) > Mandrake 9.1 > Mandrake 9.1 > Red Hat 8.0 > Red Hat 9.0 > Red Hat 9.0 > Slackware 10 > Slackware 9.0 > Ubuntu 4.10 > > Thanks > > Lance > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! __________________________________________ Errol Uriel Neal Jr. Network Administrator DFI International, Inc. 1717 Pennsylvania Ave NW, Suite 1300 Washington, DC 20006 Tel (202)452-6955 Fax (202)452-6910 eneal@dfi-intl.com www.dfi-intl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Tue Feb 8 01:34:46 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:28:28 2006 Subject: Which OS? Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Lance Haig > Sent: Monday, February 07, 2005 7:52 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Which OS? > > Hi, > > I am moving my server to a hosted service. They offer many different > distributions on the server. > > As all you guys have much more experience with MS than I do I was > wondering if you would offer some advice. > Of this list which would be the easiest to maintain and run? > Lance, You caught me at the end o a long day and in a philosophical mood so here goes. What's the easiest to run and support depends on what OS you're most comfortable with. Solaris people should run MS on Solaris; Folks who are comfortable with Linux should use Linux and my friend who runs MailScanner on a Alpha cluster is laughing at all of us. You didn't say what level of service want to provide; home, experimental, commercial service, etc. That does make a difference. If it's a home system that you want to use to learn bleeding edge stuff and don't mind rebuilding every six months, the latest Fedora might be appropriate. Hopefully I won't start a religious war with the following comments. It's certainly not my intent and it's wonderful to have all these choices - not just MS and MS-lite ;) > CentOS 3.1 (RHEL) Actually it's 3.4 now. 3.4 came out very, very shortly after the equivalent Red Hat 3.4 release. This is my personal pick among the RH clones. I use it on production systems and have never had a glitch. I feel the yum updater has been more reliable than RH up2date. This would be my choice for productions systems where Red Hat is unaffordable and RH support is not essential. One Caveat, Whitebox Linux has better support for older and slower hardware. > Debian 3.0r1 Debian has a deserved reputation for being a steady and dependable OS. I've used it for systems that you just want to turn on and forget (can you spell router). Only drawback for MailScanner Gateways is that it takes a while for the latest complimentary applications to filter down. For example SpamAssassin 3.0x was just recently released for Debian testing. This is not necessarily bad where stability is important. > Fedora Core 2 I think its Fedora 3 now and I don't think that Fedora 2 and 1 are supported any more. This should tell you that you don't want to run this OS on high availability systems (and Red Hat will tell you the same thing) > Fedore Core 1 See above > Gentoo Linux 2004.2 (09-14) No experience > Mandrake 9.1 No experience > Red Hat 8.0 End of life - stay away > Red Hat 9.0 End of life - stay away > Slackware 9.0 No experience > Ubuntu 4.10 What ??? - I've got to look this one up :) You left out Red Hat ES and AS 3.x; If you can afford it and want or need the support, this is a very good choice and one you will never be fired for making. You left out SuSE Enterprise Linux 9.0; Also if you can afford it and want or need the support, this is a very good choice and one you will never be fired for making. It's my personal choice among the commercial versions of Linux. It's well packaged and yast2 updates are the best; but maybe that's because I still like Novell. > > Thanks > > Lance I just know this will garner a few comments. Regards, Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raylund.lai at KANKANWOO.COM Tue Feb 8 02:15:30 2005 From: raylund.lai at KANKANWOO.COM (Raylund Lai) Date: Thu Jan 12 21:28:28 2006 Subject: Which OS? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ubuntu is another variation of Debian with more up-to-date packages. Suggest a link for you to look at is http://distrowatch.com/ Also try to look at FreeBSD if you're not going to install other special packages. Anyany, FreeBSD gets a lot of ports. Cheers Raylund ----- Original Message ----- From: "Stephen Swaney" To: Sent: Monday, February 07, 2005 8:34 PM Subject: Re: Which OS? >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> Behalf Of Lance Haig >> Sent: Monday, February 07, 2005 7:52 PM >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Which OS? >> >> Hi, >> >> I am moving my server to a hosted service. They offer many different >> distributions on the server. >> >> As all you guys have much more experience with MS than I do I was >> wondering if you would offer some advice. >> Of this list which would be the easiest to maintain and run? >> > Lance, > > You caught me at the end o a long day and in a philosophical mood so here > goes. > > What's the easiest to run and support depends on what OS you're most > comfortable with. Solaris people should run MS on Solaris; Folks who are > comfortable with Linux should use Linux and my friend who runs MailScanner > on a Alpha cluster is laughing at all of us. > > You didn't say what level of service want to provide; home, experimental, > commercial service, etc. That does make a difference. If it's a home > system > that you want to use to learn bleeding edge stuff and don't mind > rebuilding > every six months, the latest Fedora might be appropriate. > > Hopefully I won't start a religious war with the following comments. It's > certainly not my intent and it's wonderful to have all these choices - not > just MS and MS-lite ;) > > >> CentOS 3.1 (RHEL) > > Actually it's 3.4 now. 3.4 came out very, very shortly after the > equivalent > Red Hat 3.4 release. This is my personal pick among the RH clones. I use > it > on production systems and have never had a glitch. I feel the yum updater > has been more reliable than RH up2date. This would be my choice for > productions systems where Red Hat is unaffordable and RH support is not > essential. > > One Caveat, Whitebox Linux has better support for older and slower > hardware. > >> Debian 3.0r1 > Debian has a deserved reputation for being a steady and dependable OS. > I've > used it for systems that you just want to turn on and forget (can you > spell > router). Only drawback for MailScanner Gateways is that it takes a while > for > the latest complimentary applications to filter down. For example > SpamAssassin 3.0x was just recently released for Debian testing. This is > not > necessarily bad where stability is important. > >> Fedora Core 2 > I think its Fedora 3 now and I don't think that Fedora 2 and 1 are > supported > any more. This should tell you that you don't want to run this OS on high > availability systems (and Red Hat will tell you the same thing) > >> Fedore Core 1 > See above > >> Gentoo Linux 2004.2 (09-14) > No experience > >> Mandrake 9.1 > No experience > >> Red Hat 8.0 > End of life - stay away > >> Red Hat 9.0 > End of life - stay away > >> Slackware 9.0 > No experience > >> Ubuntu 4.10 > What ??? - I've got to look this one up :) > > You left out Red Hat ES and AS 3.x; > If you can afford it and want or need the support, this is a very good > choice and one you will never be fired for making. > > You left out SuSE Enterprise Linux 9.0; > Also if you can afford it and want or need the support, this is a very > good > choice and one you will never be fired for making. It's my personal choice > among the commercial versions of Linux. It's well packaged and yast2 > updates > are the best; but maybe that's because I still like Novell. > >> >> Thanks >> >> Lance > > I just know this will garner a few comments. > > Regards, > > Steve > > Steve Swaney > President > Fortress Systems Ltd. > Phone: 202 338-1670 > Cell: 202 352-3262 > www.fsl.com > steve.swaney@fsl.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MHewryk at SYMCOR.COM Tue Feb 8 03:01:10 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:28 2006 Subject: Missing BAYES??? Message-ID: What command should I run to get the following? Rebuild Bayes Every = 259200 >>> >>> Wait During Bayes Rebuild = yes What is the bayes rebuild option in MailScanner? Thanks, Magda Hewryk -------------------------------- Mid-Range Systems 905-273-1637 (Office) 416-554-0743 (Cell) Scott Silva To Sent by: MAILSCANNER@JISCMAIL.AC.UK MailScanner cc mailing list Re: Missing BAYES??? 02/07/2005 06:30 PM Please respond to MailScanner mailing list Chris Conn wrote: > Scott Silva wrote: > >> Chris Conn wrote: >> >>>> >>>> not in my experiance. the bayes system should tag all emails. >>>> >>>> I'd make sure MS is doing the re-sync of the bayes DB itself and an >>>> outside cron isn't trying to do this... >>>> >>>> In MainScanner.conf its the rebuild bayes options you need to set >>>> correctly and make sure it's set to wait while this happens as well. >>> >>> >>> >>> >>> Hello, >>> >>> This is what I have: >>> >>> Rebuild Bayes Every = 259200 >>> >>> Wait During Bayes Rebuild = yes >>> >>> Out of 4975 messages marked as possible spam today, only 4842 had >>> BAYES_XXX scores attached, the rest having a bunch of spamassassin >>> scores but no BAYES. >>> >>> Chris >>> >> That is a long Bayes rebuild interval. Maybe it is just taking a long >> time to rebuild. > > > Hello, > > According to my logs, the database rebuilds in about 120 seconds. Is > that excessively long? > > Chris > It shouldn't be that bad, as long as MailScanner is waiting during that time. Maybe check the same area of the log and look for any MailScanner processing log entries during the time of the rebuild. Mine dakes an average of 30 seconds from the rebuild is due to the rebuild completed. But I also run a rebuild every 12 hours, just to keep it light. -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Tue Feb 8 04:47:18 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:28:28 2006 Subject: Which OS? Message-ID: -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Lance Haig Sent: Monday, February 07, 2005 6:52 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Which OS? Hi, I am moving my server to a hosted service. They offer many different distributions on the server. As all you guys have much more experience with MS than I do I was wondering if you would offer some advice. Of this list which would be the easiest to maintain and run? CentOS 3.1 (RHEL) Debian 3.0r1 Fedora Core 2 Fedore Core 1 Gentoo Linux 2004.2 (09-14) Mandrake 9.1 Mandrake 9.1 Red Hat 8.0 Red Hat 9.0 Red Hat 9.0 Slackware 10 Slackware 9.0 Ubuntu 4.10 Thanks Lance I run either RHEL3 or Centos-3.4 on all of my boxen and am quite happy with it. I think it all boils down to which distro YOU are more comfortable working with. Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MHewryk at SYMCOR.COM Tue Feb 8 05:35:52 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:28 2006 Subject: Email whitelisted by MS - is it still checked for viruses? Message-ID: Hi, I just want to make sure that even the mail is whitelisted by MS it is still checked by anti-virus. The control " Ignore Spam Whitelist If Recipients Exceed = 20" didn't work because the spoofed sender sent out one email at a time. I just need to know if "Virus and Content Scanning" runs against whitelisted email? Would you confirm. Feb 7 23:47:40 MailScanner[31876]: Message j184iivk031331 from 142.245.251.90 ( )is whitelisted Feb 7 23:47:42 MailScanner[31876]: Message j184iRvn031300 from 142.245.251.90 ( ) is whitelisted Feb 7 23:47:43 MailScanner[31842]: Message j184iBvk031259 from 142.245.251.90 ( ) is whitelisted Feb 7 23:47:44 MailScanner[31876]: Message j184ijvi031332 from 142.245.251.90 ( ) is whitelisted Feb 7 23:47:46 MailScanner[31842]: Message j184i9vk031256 from 142.245.251.90 ( ) is whitelisted Feb 7 23:47:46 MailScanner[31876]: Message j184iivi031330 from 142.245.251.90 ( ) is whitelisted Feb 7 23:47:49 MailScanner[31876]: Message j184iRvq031300 from 142.245.251.90 ( ) is whitelisted Feb 7 23:47:49 MailScanner[31842]: Message j184iBvi031259 from 142.245.251.90 ( ) is whitelisted Thanks, Magda ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MHewryk at SYMCOR.COM Tue Feb 8 06:47:07 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:28 2006 Subject: Scores for the URIBL_AB within SpamAssassin Message-ID: http://www.surbl.org/lists.html#ab Hi, I just wonder why URIBL_AB is scored so low with BAYES? Usually the last row is higher then the second (network check). Is this an error? Anybody has something similar to the list below? Should I re-write the rules in the spam.assassin.prefs.conf file and change the score? What is the best practice? # URIDNSBL ifplugin Mail::SpamAssassin::Plugin::URIDNSBL score URIBL_AB_SURBL 0 2.007 0 0.417 score URIBL_OB_SURBL 0 1.996 0 3.213 score URIBL_PH_SURBL 0 0.839 0 2.000 score URIBL_SBL 0 0.629 0 0.996 score URIBL_SC_SURBL 0 3.897 0 4.263 score URIBL_WS_SURBL 0 0.539 0 1.462 endif # Mail::SpamAssassin::Plugin::URIDNSBL plus: score URIBL_JP_SURBL 4.0 Thanks, Magda ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Tue Feb 8 08:35:34 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:28 2006 Subject: Which OS? Message-ID: Hi! > As all you guys have much more experience with MS than I do I was > wondering if you would offer some advice. > Of this list which would be the easiest to maintain and run? > Red Hat 8.0 > Red Hat 9.0 > Red Hat 9.0 At least those 3 are end of life, sounds pretty weird to start with those. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Tue Feb 8 10:38:18 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:28 2006 Subject: Which OS? Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Lance Haig > Sent: den 8 februari 2005 01:52 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Which OS? > > > Hi, > > I am moving my server to a hosted service. They offer many different > distributions on the server. > > As all you guys have much more experience with MS than I do I was > wondering if you would offer some advice. > Of this list which would be the easiest to maintain and run? > > CentOS 3.1 (RHEL) > Debian 3.0r1 > Fedora Core 2 > Fedore Core 1 > Gentoo Linux 2004.2 (09-14) > Mandrake 9.1 > Mandrake 9.1 Although Mandrake (10.1) is really OK, these are eol'd since a while back. Don't use them. > Red Hat 8.0 > Red Hat 9.0 > Red Hat 9.0 > Slackware 10 > Slackware 9.0 > Ubuntu 4.10 > > Thanks > > Lance Generally, the list seems to have some rather "moss-endowed" versions... Talk to them about getting something a bit more uptodate. -- Glenn > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Howard at HARPER-ADAMS.AC.UK Tue Feb 8 11:40:10 2005 From: Howard at HARPER-ADAMS.AC.UK (Howard Robinson) Date: Thu Jan 12 21:28:28 2006 Subject: Bayes and spam increase? Message-ID: Dear list members I am in the same situation re bayes scoring. All the emailS I have looked at so far have BAYES_00 -2.60 In my spam.assassin.prefs.conf I have remmed out lines eg. # score BAYES_00 -15.0 # score BAYES_10 -5.0 # score BAYES_90 5.0 # score BAYES_99 15.0 But the lines recommended have an extra column, what does the extra column do. Should I un-rem BAYES_90 & 99? Also do I need to stop and restart mailscanner > score BAYES_00 0 0 -0.05 -0.05 > score BAYES_01 0 0 -0.04 -0.04 > score BAYES_10 0 0 -0.03 -0.03 > score BAYES_20 0 0 -0.02 -0.02 > score BAYES_30 0 0 -0.01 -0.01 > Thanks Regards Howard Robinson (Senior Technical Development Officer) Harper Adams University College Edgmond Newport Shropshire TF10 8NB UK E-mail: hrobinson@harper-adams.ac.uk Tel. : +44(0)1952 820280 Via switchboard : +44(0)1952 815253 Direct line Fax. : +44(0)1952 814783 College Web site http://www.harper-adams.ac.uk ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Tue Feb 8 12:18:45 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:28:28 2006 Subject: Which OS? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Well Guys, Thanks for all the help. It looks like I need to look at finding a hosting solution with SUSE as an option. Thanks for all the sugegstions Lance ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Tue Feb 8 12:26:40 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:28 2006 Subject: Which OS? Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Lance Haig > Sent: den 8 februari 2005 13:19 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Which OS? > > > Well Guys, > > Thanks for all the help. It looks like I need to look at finding a > hosting solution with SUSE as an option. Not a bad choice... Actually, none of the distros would be terribly bad (after all: What one distro can do another distro...:-). What we've been saying mostly is that they seem to be slightly (and in the case of Mandrake not-so-slightly... or rather Very) out-of-date, in regards to the versions they offer. Anyway, Good luck. -- Glenn > > Thanks for all the sugegstions > > Lance > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dfilchak at SYMPATICO.CA Tue Feb 8 12:30:20 2005 From: dfilchak at SYMPATICO.CA (Dave Filchak) Date: Thu Jan 12 21:28:28 2006 Subject: Curious Message-ID: I have been seeing the following off and on in my logs (relatively consistent though). I am curious about them and was wondering if anyone else has been seeing these and if they have any comments on them. Unresolved sender domains: .3..@p: 1 Time(s) 1gx3.@j: 1 Time(s) 2@kya22: 1 Time(s) 4i.@ra: 1 Time(s) 5s@422.c: 1 Time(s) 6644k446664...4.5.4@d: 1 Time(s) 988868@64.-: 1 Time(s) 99.....@9: 1 Time(s) ccat@1.a: 1 Time(s) d1@ubwdbgsls.1.11: 1 Time(s) d@68hte4.80a: 1 Time(s) d@mdiq.ki: 1 Time(s) gs..@g.g: 1 Time(s) jjjx@vj.h.l: 1 Time(s) krickey@aimco.local: 1 Time(s) m.o.@]n: 1 Time(s) of_summers_45@kayla.com.au: 1 Time(s) onnnhohn8.@n: 1 Time(s) qphbf@lexgroup-ltd.com: 1 Time(s) s5@jwwcwqys.yi: 1 Time(s) w@2: 1 Time(s) ww@0.mj-: 1 Time(s) zpyo-.@d: 1 Time(s) Dave ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kte at NEXIS.BE Tue Feb 8 12:37:37 2005 From: kte at NEXIS.BE (Koen Teugels) Date: Thu Jan 12 21:28:28 2006 Subject: Which OS? Message-ID: only RH EL clones Tao Linux Centos Linux or Whitebox Linux I'm looking for a distro as close as possible to RH EL and fast updates + clustering possibilities. thanks Koen ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Tue Feb 8 12:58:55 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:28:28 2006 Subject: Curious Message-ID: I get them all the time. They are bogus domains that spammers try to forge their crap from: Unresolved sender domains: adv@imelvin.com: 7 Time(s) 911B9BF8CE8771CAE0E5E9@ohowexc8.naoxy.com: 6 Time(s) collinlottuj@chch.co.uk: 3 Time(s) lclifton_bu@chemeng.chmt.wits.ac.za: 3 Time(s) loans@creditbank.uk: 2 Time(s) miranda_fw@arborviewinn.ns.ca: 2 Time(s) reneesingleton_pf@arborviewinn.ns.ca: 2 Time(s) wkkuwgu@[203.234.244.164]: 2 Time(s) 03140@rxinet01.walgreens.com: 1 Time(s) EQTIVSLBCJWABS@eR45lucvvmPD6roLq82.tv: 1 Time(s) NDIUWVMATRXYZX@smashinpumpikiner.com: 1 Time(s) agigdde@7.0: 1 Time(s) akgul@ritp.ye: 1 Time(s) alarson_ys@afloat.demon.co.uk: 1 Time(s) antacrp@hotmail.com.au: 1 Time(s) apache@server.tinati.net: 1 Time(s) aygcqb@[203.248.130.173]: 1 Time(s) battery@kfpw.com.au: 1 Time(s) bettie_bergeron_yj@modern-home.co.uk: 1 Time(s) billie.n.meza_rp@squires.co.uk: 1 Time(s) bipjak@[216.63.22.224]: 1 Time(s) bounce-wddwtfwtmcqq@zffpaspa.strenga1.com: 1 Time(s) bounce-yqqbwvbwxmfw@xzzwrcwr.strenga1.com: 1 Time(s) courtesy.114310.145292015@LD1.ntcnnxn.com: 1 Time(s) courtesy.114397.145292015@LD1.ntcnxn.com: 1 Time(s) cwilliamsonmn@star-no-star.fsworld.co.uk: 1 Time(s) deanna_bfield_eq@cantillon.demon.co.uk: 1 Time(s) dharris@somewhere.someplace: 1 Time(s) Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Dave Filchak Sent: Tuesday, February 08, 2005 6:30 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Curious I have been seeing the following off and on in my logs (relatively consistent though). I am curious about them and was wondering if anyone else has been seeing these and if they have any comments on them. Unresolved sender domains: .3..@p: 1 Time(s) 1gx3.@j: 1 Time(s) 2@kya22: 1 Time(s) 4i.@ra: 1 Time(s) 5s@422.c: 1 Time(s) 6644k446664...4.5.4@d: 1 Time(s) 988868@64.-: 1 Time(s) 99.....@9: 1 Time(s) ccat@1.a: 1 Time(s) d1@ubwdbgsls.1.11: 1 Time(s) d@68hte4.80a: 1 Time(s) d@mdiq.ki: 1 Time(s) gs..@g.g: 1 Time(s) jjjx@vj.h.l: 1 Time(s) krickey@aimco.local: 1 Time(s) m.o.@]n: 1 Time(s) of_summers_45@kayla.com.au: 1 Time(s) onnnhohn8.@n: 1 Time(s) qphbf@lexgroup-ltd.com: 1 Time(s) s5@jwwcwqys.yi: 1 Time(s) w@2: 1 Time(s) ww@0.mj-: 1 Time(s) zpyo-.@d: 1 Time(s) Dave ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Tue Feb 8 13:30:51 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:28 2006 Subject: Curious Message-ID: Same here. Many seem to be SomeFool.*/Netsky-related. -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mike Kercher > Sent: den 8 februari 2005 13:59 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Curious > > > I get them all the time. They are bogus domains that > spammers try to forge > their crap from: > > Unresolved sender domains: > adv@imelvin.com: 7 Time(s) > 911B9BF8CE8771CAE0E5E9@ohowexc8.naoxy.com: 6 Time(s) > collinlottuj@chch.co.uk: 3 Time(s) > lclifton_bu@chemeng.chmt.wits.ac.za: 3 Time(s) > loans@creditbank.uk: 2 Time(s) > miranda_fw@arborviewinn.ns.ca: 2 Time(s) > reneesingleton_pf@arborviewinn.ns.ca: 2 Time(s) > wkkuwgu@[203.234.244.164]: 2 Time(s) > 03140@rxinet01.walgreens.com: 1 Time(s) > EQTIVSLBCJWABS@eR45lucvvmPD6roLq82.tv: 1 Time(s) > NDIUWVMATRXYZX@smashinpumpikiner.com: 1 Time(s) > agigdde@7.0: 1 Time(s) > akgul@ritp.ye: 1 Time(s) > alarson_ys@afloat.demon.co.uk: 1 Time(s) > antacrp@hotmail.com.au: 1 Time(s) > apache@server.tinati.net: 1 Time(s) > aygcqb@[203.248.130.173]: 1 Time(s) > battery@kfpw.com.au: 1 Time(s) > bettie_bergeron_yj@modern-home.co.uk: 1 Time(s) > billie.n.meza_rp@squires.co.uk: 1 Time(s) > bipjak@[216.63.22.224]: 1 Time(s) > bounce-wddwtfwtmcqq@zffpaspa.strenga1.com: 1 Time(s) > bounce-yqqbwvbwxmfw@xzzwrcwr.strenga1.com: 1 Time(s) > courtesy.114310.145292015@LD1.ntcnnxn.com: 1 Time(s) > courtesy.114397.145292015@LD1.ntcnxn.com: 1 Time(s) > cwilliamsonmn@star-no-star.fsworld.co.uk: 1 Time(s) > deanna_bfield_eq@cantillon.demon.co.uk: 1 Time(s) > dharris@somewhere.someplace: 1 Time(s) > > Mike > > > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf > Of Dave Filchak > Sent: Tuesday, February 08, 2005 6:30 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Curious > > I have been seeing the following off and on in my logs (relatively > consistent though). I am curious about them and was wondering > if anyone else > has been seeing these and if they have any comments on them. > > Unresolved sender domains: > .3..@p: 1 Time(s) > 1gx3.@j: 1 Time(s) > 2@kya22: 1 Time(s) > 4i.@ra: 1 Time(s) > 5s@422.c: 1 Time(s) > 6644k446664...4.5.4@d: 1 Time(s) > 988868@64.-: 1 Time(s) > 99.....@9: 1 Time(s) > ccat@1.a: 1 Time(s) > d1@ubwdbgsls.1.11: 1 Time(s) > d@68hte4.80a: 1 Time(s) > d@mdiq.ki: 1 Time(s) > gs..@g.g: 1 Time(s) > jjjx@vj.h.l: 1 Time(s) > krickey@aimco.local: 1 Time(s) > m.o.@]n: 1 Time(s) > of_summers_45@kayla.com.au: 1 Time(s) > onnnhohn8.@n: 1 Time(s) > qphbf@lexgroup-ltd.com: 1 Time(s) > s5@jwwcwqys.yi: 1 Time(s) > w@2: 1 Time(s) > ww@0.mj-: 1 Time(s) > zpyo-.@d: 1 Time(s) > > Dave > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Tue Feb 8 13:39:41 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:28 2006 Subject: I don't fully understand how to change the way MailScanner handles spam. How can I change MailScanne Message-ID: I don't fully understand how to change the way MailScanner handles spam. How can I change MailScanner to not filter mail like the scoring it uses for Spamassassin? Below is an example of a header from a newsletter that is being filtered out but not because of Spamassassin scoring. I could always add a whitelist entry but I would rather figure out how to change this. Thanks. Subject: [SPAM] - {Spam as detected by MailScanner} Invitation to Esther Dyson's PC Forum, March 20 to 22: Hello (new) World - Found word(s) to be removed register today in the HTML body MIME-Version: 1.0 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit X-Mailer-Version: 3.5.5 build 727 X-Mailer: Accucast X-Accutrak: CNET_Networks_#3.139973.3432373335333234@newsletters.online.com X-MailScanner-From: cnet_networks_#3.139973.3432373335333234.b@newsletters.online.com Return-Path: X-OriginalArrivalTime: 07 Feb 2005 16:52:12.0103 (UTC) FILETIME=[5E92BD70:01C50D35] This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Tue Feb 8 14:01:04 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:28 2006 Subject: Fw: Virus Detected Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I having trouble with the new version of Clamav (0.82) and some CorelDraw attachments. Any of you have the same problem? Reporte: ClamAV: 22700060-ingles.cdr contains Exploit.W32.MS05-002 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Tue Feb 8 14:05:04 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:28 2006 Subject: I keep getting this error when I reload MailScanner. I can't seem to find any where that points to t Message-ID: I keep getting this error when I reload MailScanner. I can't seem to find any where that points to this spot. Have I missed something? Reloading MailScanner workers: MailScanner: [ OK ] Incoming postfix: postfix: fatal: open /etc/postfix.in/main.cf: No such file or directory [ OK ] Outgoing postfix: postfix/postfix-script: refreshing the Postfix mail system [ OK ] This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Tue Feb 8 14:06:43 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:28 2006 Subject: AWL Still Message-ID: I hate to keep beating a dead horse but I still get e-mails that have AWL scores in them. I have included "use_auto_whitelist 0" in the spam.assassin.prefs.conf. Help. This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at ELIQUID.COM Tue Feb 8 14:11:38 2005 From: mailscanner at ELIQUID.COM (Wess Bechard) Date: Thu Jan 12 21:28:28 2006 Subject: I keep getting this error when I reload MailScanner. I can't seem to find any where that points to t Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Did you make a copy of /etc/postfix as /etc/postfix.in? This must be a Gentoo install :) On Tue, 2005-02-08 at 09:05, David Curtis wrote: I keep getting this error when I reload MailScanner. I can't seem to find any where that points to this spot. Have I missed something? Reloading MailScanner workers: MailScanner: [ OK ] Incoming postfix: postfix: fatal: open /etc/postfix.in/main.cf: No such file or directory [ OK ] Outgoing postfix: postfix/postfix-script: refreshing the Postfix mail system [ OK ] This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! Wess Bechard System Administrator eliquidMEDIA International www.eliquid.com MailScanner on IRC Community Support irc.freenode.net #mailscanner ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nmeverde at NP.K12.MN.US Tue Feb 8 14:30:42 2005 From: nmeverde at NP.K12.MN.US (Nick Meverden) Date: Thu Jan 12 21:28:28 2006 Subject: AWL Still Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > I hate to keep beating a dead horse but I still get e-mails that have > AWL scores in them. I have included "use_auto_whitelist 0" in the > spam.assassin.prefs.conf. make sure that MailScanner.conf has "SpamAssassin Prefs File =" your spam.assassin.prefs.conf file run spamassassin -D on using your prefs file and see if SA finds syntax errors in your spam.assassin.prefs.conf file, also check to see if SA is still trying to score using awl remove the awl database when you reload mailscanner to see if its being recreated. make sure you dont have anything in local.cf overridding your settings. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rzewnickie at RFA.ORG Tue Feb 8 14:24:24 2005 From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki) Date: Thu Jan 12 21:28:28 2006 Subject: check_MailScanner.cron Message-ID: Hi Julian, Hope you're having a good vacation. I noticed that check_MailScanner.cron is trying to call /opt/MailScanner/bin/check_MailScanner which has been renamed to check_mailscanner (no caps). -- Eric Dantan Rzewnicki | Systems Engineer I Technical Operations Division | Radio Free Asia 2025 M Street, NW | Washington, DC 20036 | 202-530-4900 CONFIDENTIAL COMMUNICATION This e-mail message is intended only for the use of the addressee and may contain information that is privileged and confidential. Any unauthorized dissemination, distribution, or copying is strictly prohibited. If you receive this transmission in error, please contact network@rfa.org. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From prandal at HEREFORDSHIRE.GOV.UK Tue Feb 8 14:27:27 2005 From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil) Date: Thu Jan 12 21:28:28 2006 Subject: Virus Detected Message-ID: Yes, and it's been reported on the ClamAV Users mailing list too. Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Roger Jochem > Sent: 08 February 2005 14:01 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Fw: Virus Detected > > I having trouble with the new version of Clamav (0.82) and > some CorelDraw attachments. Any of you have the same problem? > > Reporte: ClamAV: 22700060-ingles.cdr contains Exploit.W32.MS05-002 > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john at TRADOC.FR Tue Feb 8 14:29:14 2005 From: john at TRADOC.FR (John Wilcock) Date: Thu Jan 12 21:28:28 2006 Subject: I keep getting this error when I reload MailScanner. I can't seem to find any where that points to t Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] David Curtis wrote: > I keep getting this error when I reload MailScanner. I can't seem to > find any where that points to this spot. Have I missed something? > Reloading MailScanner workers: > MailScanner: [ OK ] > Incoming postfix: postfix: fatal: open > /etc/postfix.in/main.cf: No such file or directory > [ OK ] > Outgoing postfix: postfix/postfix-script: refreshing the > Postfix mail system > [ OK ] Yes, that happens on the newer single-postfix MailScanner setup, where you don't actually have a separate incoming postfix instance. The Incoming Postfix section of the init script is conditional for start, stop and restart, but not for reload. Just add an appropriate if statement, as per the attached patch. [Julian - it might be good to add this to the distributed version when you get back from your hols] John. -- -- Over 2500 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2: "Attached Text" ] --- /etc/init.d/MailScanner.old 2004-06-01 17:15:16.000000000 +0200 +++ /etc/init.d/MailScanner 2004-06-18 10:32:10.000000000 +0200 @@ -350,7 +350,9 @@ echo if [ $MTA = "postfix" ]; then echo -n ' Incoming postfix: ' - $POSTFIX -c $POSTFIXINCF reload >/dev/null + if [ -f $POSTFIXINCF/main.cf ]; then + $POSTFIX -c $POSTFIXINCF reload >/dev/null + fi success echo echo -n ' Outgoing postfix: ' ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Tue Feb 8 14:55:22 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:28 2006 Subject: I keep getting this error when I reload MailScanner. I can't seem to find any where that points Message-ID: No I did not make any copies. I am running Fedora Core 2. I have no /etc/postfix.in. >>> mailscanner@ELIQUID.COM 2/8/2005 9:11:38 AM >>> Did you make a copy of /etc/postfix as /etc/postfix.in? This must be a Gentoo install :) On Tue, 2005-02-08 at 09:05, David Curtis wrote: > I keep getting this error when I reload MailScanner. I can't seem to > find any where that points to this spot. Have I missed something? > Reloading MailScanner workers: > MailScanner: [ OK ] > Incoming postfix: postfix: fatal: open > /etc/postfix.in/main.cf: No such file or directory > [ OK ] > Outgoing postfix: postfix/postfix-script: refreshing the > Postfix mail system > [ OK ] > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! Wess Bechard System Administrator eliquidMEDIA International www.eliquid.com MailScanner on IRC Community Support irc.freenode.net #mailscanner ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From webalizer at NWCWEB.COM Tue Feb 8 14:29:06 2005 From: webalizer at NWCWEB.COM (Dave Duffner - NWCWEB.com) Date: Thu Jan 12 21:28:28 2006 Subject: AWL Still Message-ID: David, Look in the MailScanner conf file way down low for the 'Use SpamAssassin Whitelist (or Auto something) and that's the setting to ensure it stops. You may see a small weird patch of messages while it clears out as you restart MailScanner after the adjustment, but that cleared it for us. Forces MS to use any whitelists you enter, if you have them. The other conf file entry may work, but the way MS/SA is set up on our Ensim boxes the MS conf file settings change was the key. David J. Duffner VP Operations NWC Corporation www.nwcxpress.com > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of David Curtis > Sent: Tuesday, February 08, 2005 9:07 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: AWL Still > > > I hate to keep beating a dead horse but I still get e-mails > that have AWL scores in them. I have included > "use_auto_whitelist 0" in the spam.assassin.prefs.conf. > > Help. -- Message scanned by MailScanner, and is believed to be clean. CONFIDENTIALITY NOTICE: This transmission intended for the specified destination and person. If this is not you, this e-mail must be deleted immediately. www.nwcweb.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Tue Feb 8 15:05:09 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:28 2006 Subject: AWL Still Message-ID: MailScanner.conf has the setting o.k. Ran spamassassin -D and did not see any errors. I removed the autowhitelist file in /root/.spamassassin/. Thanks. >>> nmeverde@NP.K12.MN.US 2/8/2005 9:30:42 AM >>> > I hate to keep beating a dead horse but I still get e-mails that have > AWL scores in them. I have included "use_auto_whitelist 0" in the > spam.assassin.prefs.conf. make sure that MailScanner.conf has "SpamAssassin Prefs File =" your spam.assassin.prefs.conf file run spamassassin -D on using your prefs file and see if SA finds syntax errors in your spam.assassin.prefs.conf file, also check to see if SA is still trying to score using awl remove the awl database when you reload mailscanner to see if its being recreated. make sure you dont have anything in local.cf overridding your settings. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Tue Feb 8 15:06:27 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:28:28 2006 Subject: check_MailScanner.cron Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I had a similiar problem. I've botched up the MS install here so when I "upgraded" to 4.38.10 I still had an old copy of check_MailScanner and the new check_mailscanner. So the old copy was being called, plus some other scripts that pointed to my old install directories instead of /opt/MailScanner. Took me a couple of days to get all this resolved. Last was getting the correct clamav-autoupdate :-[ Eric Dantan Rzewnicki wrote: >Hi Julian, > >Hope you're having a good vacation. > >I noticed that check_MailScanner.cron is trying to call >/opt/MailScanner/bin/check_MailScanner which has been renamed to >check_mailscanner (no caps). >-- >Eric Dantan Rzewnicki | Systems Engineer I >Technical Operations Division | Radio Free Asia >2025 M Street, NW | Washington, DC 20036 | 202-530-4900 >CONFIDENTIAL COMMUNICATION >This e-mail message is intended only for the use of the addressee and >may contain information that is privileged and confidential. Any >unauthorized dissemination, distribution, or copying is strictly >prohibited. If you receive this transmission in error, please contact >network@rfa.org. > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Ed Bruce Health Plan of Michigan Senior Programmer Phone: 248.226.1512 FAX: 248.204.6569 -- This message has been scanned for viruses and dangerous content by Secure Resource, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Tue Feb 8 15:14:31 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:28 2006 Subject: I keep getting this error when I reload MailScanner. I can't seem to find any where that points Message-ID: Thanks for the input. I am still fairly new to linux. Were do I put this info or is there a command to install the patch? Thanks. >>> john@TRADOC.FR 2/8/2005 9:29:14 AM >>> David Curtis wrote: > I keep getting this error when I reload MailScanner. I can't seem to > find any where that points to this spot. Have I missed something? > Reloading MailScanner workers: > MailScanner: [ OK ] > Incoming postfix: postfix: fatal: open > /etc/postfix.in/main.cf: No such file or directory > [ OK ] > Outgoing postfix: postfix/postfix-script: refreshing the > Postfix mail system > [ OK ] Yes, that happens on the newer single-postfix MailScanner setup, where you don't actually have a separate incoming postfix instance. The Incoming Postfix section of the init script is conditional for start, stop and restart, but not for reload. Just add an appropriate if statement, as per the attached patch. [Julian - it might be good to add this to the distributed version when you get back from your hols] John. -- -- Over 2500 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Tue Feb 8 15:19:13 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:28 2006 Subject: AWL Still Message-ID: I have "SpamAssassin Auto Whitelist = no". This is the only setting I can find in the conf file. >>> webalizer@NWCWEB.COM 2/8/2005 9:29:06 AM >>> David, Look in the MailScanner conf file way down low for the 'Use SpamAssassin Whitelist (or Auto something) and that's the setting to ensure it stops. You may see a small weird patch of messages while it clears out as you restart MailScanner after the adjustment, but that cleared it for us. Forces MS to use any whitelists you enter, if you have them. The other conf file entry may work, but the way MS/SA is set up on our Ensim boxes the MS conf file settings change was the key. David J. Duffner VP Operations NWC Corporation www.nwcxpress.com > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of David Curtis > Sent: Tuesday, February 08, 2005 9:07 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: AWL Still > > > I hate to keep beating a dead horse but I still get e-mails > that have AWL scores in them. I have included > "use_auto_whitelist 0" in the spam.assassin.prefs.conf. > > Help. -- Message scanned by MailScanner, and is believed to be clean. CONFIDENTIALITY NOTICE: This transmission intended for the specified destination and person. If this is not you, this e-mail must be deleted immediately. www.nwcweb.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MHewryk at SYMCOR.COM Tue Feb 8 15:27:13 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:28 2006 Subject: Scores for the URIBL_AB within SpamAssassin Message-ID: Any thoughts on this? Thanks, Magda Magda Hewryk To Sent by: MAILSCANNER@JISCMAIL.AC.UK MailScanner cc mailing list Scores for the URIBL_AB within SpamAssassin 02/08/2005 01:47 AM Please respond to MailScanner mailing list http://www.surbl.org/lists.html#ab Hi, I just wonder why URIBL_AB is scored so low with BAYES? Usually the last row is higher then the second (network check). Is this an error? Anybody has something similar to the list below? Should I re-write the rules in the spam.assassin.prefs.conf file and change the score? What is the best practice? # URIDNSBL ifplugin Mail::SpamAssassin::Plugin::URIDNSBL score URIBL_AB_SURBL 0 2.007 0 0.417 score URIBL_OB_SURBL 0 1.996 0 3.213 score URIBL_PH_SURBL 0 0.839 0 2.000 score URIBL_SBL 0 0.629 0 0.996 score URIBL_SC_SURBL 0 3.897 0 4.263 score URIBL_WS_SURBL 0 0.539 0 1.462 endif # Mail::SpamAssassin::Plugin::URIDNSBL plus: score URIBL_JP_SURBL 4.0 Thanks, Magda ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MHewryk at SYMCOR.COM Tue Feb 8 15:27:35 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:28 2006 Subject: Email whitelisted by MS - is it still checked for viruses? Message-ID: Any news on this? Thanks, Magda Magda Hewryk To Sent by: MAILSCANNER@JISCMAIL.AC.UK MailScanner cc mailing list Email whitelisted by MS - is it still checked for viruses? 02/08/2005 12:35 AM Please respond to MailScanner mailing list Hi, I just want to make sure that even the mail is whitelisted by MS it is still checked by anti-virus. The control " Ignore Spam Whitelist If Recipients Exceed = 20" didn't work because the spoofed sender sent out one email at a time. I just need to know if "Virus and Content Scanning" runs against whitelisted email? Would you confirm. Feb 7 23:47:40 MailScanner[31876]: Message j184iivk031331 from 142.245.251.90 ( )is whitelisted Feb 7 23:47:42 MailScanner[31876]: Message j184iRvn031300 from 142.245.251.90 ( ) is whitelisted Feb 7 23:47:43 MailScanner[31842]: Message j184iBvk031259 from 142.245.251.90 ( ) is whitelisted Feb 7 23:47:44 MailScanner[31876]: Message j184ijvi031332 from 142.245.251.90 ( ) is whitelisted Feb 7 23:47:46 MailScanner[31842]: Message j184i9vk031256 from 142.245.251.90 ( ) is whitelisted Feb 7 23:47:46 MailScanner[31876]: Message j184iivi031330 from 142.245.251.90 ( ) is whitelisted Feb 7 23:47:49 MailScanner[31876]: Message j184iRvq031300 from 142.245.251.90 ( ) is whitelisted Feb 7 23:47:49 MailScanner[31842]: Message j184iBvi031259 from 142.245.251.90 ( ) is whitelisted Thanks, Magda ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Feb 8 15:33:59 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:28 2006 Subject: AWL Still Message-ID: At 09:30 AM 2/8/2005, Nick Meverden wrote: > > I hate to keep beating a dead horse but I still get e-mails that have > > AWL scores in them. I have included "use_auto_whitelist 0" in the > > spam.assassin.prefs.conf. > >make sure that MailScanner.conf has "SpamAssassin Prefs File =" your >spam.assassin.prefs.conf file Nick, that setting only works for SA 2.6. It does not work for SA 3.x ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Feb 8 15:34:32 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:28 2006 Subject: AWL Still Message-ID: At 09:06 AM 2/8/2005, David Curtis wrote: >I hate to keep beating a dead horse but I still get e-mails that have >AWL scores in them. I have included "use_auto_whitelist 0" in the >spam.assassin.prefs.conf. I also hate to beat a dead horse but you did not listen to my advice exactly. With SA 3.0 you MUST set use_auto_whitelist 0 in your /etc/mail/spamassassin/local.cf. use_auto_whitelist is a privileged setting. It cannot be set in spam.assassin.prefs.conf. See man Mail::SpamAssasin::Conf if you don't belive me that it's privileged. See also Message-ID: <6.2.1.2.0.20050207133603.03ae0550@192.168.50.2> ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Tue Feb 8 15:38:42 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:28 2006 Subject: AWL Still Message-ID: I have it in the /etc/mail.spamassassin/local.conf and I have it in the /etc/MailScanner/spam.assassin.prefs.conf. I still had many e-mails that had the AWL score in them. I did listen and I appreciate the advice. Thanks. >>> mkettler@EVI-INC.COM 2/8/2005 10:34:32 AM >>> At 09:06 AM 2/8/2005, David Curtis wrote: >I hate to keep beating a dead horse but I still get e-mails that have >AWL scores in them. I have included "use_auto_whitelist 0" in the >spam.assassin.prefs.conf. I also hate to beat a dead horse but you did not listen to my advice exactly. With SA 3.0 you MUST set use_auto_whitelist 0 in your /etc/mail/spamassassin/local.cf. use_auto_whitelist is a privileged setting. It cannot be set in spam.assassin.prefs.conf. See man Mail::SpamAssasin::Conf if you don't belive me that it's privileged. See also Message-ID: <6.2.1.2.0.20050207133603.03ae0550@192.168.50.2> ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Feb 8 15:45:13 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:28 2006 Subject: Curious Message-ID: At 07:30 AM 2/8/2005, Dave Filchak wrote: >I have been seeing the following off and on in my logs (relatively >consistent though). I am curious about them and was wondering if anyone >else has been seeing these and if they have any comments on them. It's probably viruses. They forge the sender based on addresses they find, and often their "foraging" algorithms pick up things which are not email addresses. I haven't seen a lot of that form recently, but I have seen it plenty before. I also see quite a few viruses trying to use message-id's, and even IE cookie file names as email addresses. A cookie file name extracted from Internet Explorer: @hg1.hitbox[2].txt A message ID: 69.1106270997@mail-app-2001.iad2.amazon.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Tue Feb 8 15:56:47 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:28 2006 Subject: I keep getting this error when I reload MailScanner. I can't seem to find any where that points Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of David Curtis > Sent: den 8 februari 2005 16:15 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: I keep getting this error when I reload > MailScanner. I can't seem to find any where that points > > > Thanks for the input. I am still fairly new to linux. Were do > I put this > info or is there a command to install the patch? Mmm, yes... the "patch" command ("man patch" will tell you more;). You could well just ignore the error for now (it's really not a big deal, and it doesn't harm you in any way), and let Julain do the patching:-). -- Glenn > Thanks. > > >>> john@TRADOC.FR 2/8/2005 9:29:14 AM >>> > David Curtis wrote: > > I keep getting this error when I reload MailScanner. I can't seem to > > find any where that points to this spot. Have I missed something? > > Reloading MailScanner workers: > > MailScanner: [ OK ] > > Incoming postfix: postfix: fatal: open > > /etc/postfix.in/main.cf: No such file or directory > > [ OK ] > > Outgoing postfix: postfix/postfix-script: refreshing the > > Postfix mail system > > [ OK ] > > Yes, that happens on the newer single-postfix MailScanner setup, where > you don't actually have a separate incoming postfix instance. > The Incoming Postfix section of the init script is conditional for > start, stop and restart, but not for reload. > > Just add an appropriate if statement, as per the attached patch. > > [Julian - it might be good to add this to the distributed version when > you get back from your hols] > > John. > > -- > -- Over 2500 webcams from ski resorts around the world - > www.snoweye.com > -- Translate your technical documents and web pages - www.tradoc.fr > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Tue Feb 8 15:57:12 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:28:28 2006 Subject: Email whitelisted by MS - is it still checked for viruses? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Magda Hewryk wrote: >Hi, > >I just want to make sure that even the mail is whitelisted by MS it is >still checked by anti-virus. > > Magda, It is. Don't worry about this. Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From DCurtis at SBSCHOOLS.NET Tue Feb 8 16:02:09 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:28 2006 Subject: I keep getting this error when I reload MailScanner. I can't seem to find any where that points Message-ID: Thanks, I am trying to do every thing at every level so I can learn. One reason I am using Linux. It is just a test server being thrown in the line of fire for testing. We are going to switch over to Exchange this summer and this solution will be in production. So I am doing as much learning as possible now. Thanks. >>> Glenn.Steen@AP1.SE 2/8/2005 10:56:47 AM >>> > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of David Curtis > Sent: den 8 februari 2005 16:15 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: I keep getting this error when I reload > MailScanner. I can't seem to find any where that points > > > Thanks for the input. I am still fairly new to linux. Were do > I put this > info or is there a command to install the patch? Mmm, yes... the "patch" command ("man patch" will tell you more;). You could well just ignore the error for now (it's really not a big deal, and it doesn't harm you in any way), and let Julain do the patching:-). -- Glenn > Thanks. > > >>> john@TRADOC.FR 2/8/2005 9:29:14 AM >>> > David Curtis wrote: > > I keep getting this error when I reload MailScanner. I can't seem to > > find any where that points to this spot. Have I missed something? > > Reloading MailScanner workers: > > MailScanner: [ OK ] > > Incoming postfix: postfix: fatal: open > > /etc/postfix.in/main.cf: No such file or directory > > [ OK ] > > Outgoing postfix: postfix/postfix-script: refreshing the > > Postfix mail system > > [ OK ] > > Yes, that happens on the newer single-postfix MailScanner setup, where > you don't actually have a separate incoming postfix instance. > The Incoming Postfix section of the init script is conditional for > start, stop and restart, but not for reload. > > Just add an appropriate if statement, as per the attached patch. > > [Julian - it might be good to add this to the distributed version when > you get back from your hols] > > John. > > -- > -- Over 2500 webcams from ski resorts around the world - > www.snoweye.com > -- Translate your technical documents and web pages - www.tradoc.fr > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Feb 8 16:04:59 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:28 2006 Subject: AWL Still Message-ID: At 10:38 AM 2/8/2005, David Curtis wrote: >I have it in the /etc/mail.spamassassin/local.conf and I have it in the >/etc/MailScanner/spam.assassin.prefs.conf. I still had many e-mails that >had the AWL score in them. I did listen and I appreciate the advice. Fair enough, you had not mentioned it previously. One question, is local.conf a typo, or is that the real filename? If so, rename it to local.cf. SA only opens /etc/mail/spamassassin/*.cf. It will not open any .conf files. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Tue Feb 8 16:08:15 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:28:28 2006 Subject: I don't fully understand how to change the way MailScanner handles spam. How can I change MailScanne Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] David Curtis wrote: >I don't fully understand how to change the way MailScanner handles spam. >How can I change MailScanner to not filter mail like the scoring it uses >for Spamassassin? Below is an example of a header from a newsletter that >is being filtered out but not because of Spamassassin scoring. I could >always add a whitelist entry but I would rather figure out how to change >this. > >Thanks. > > >Subject: [SPAM] - {Spam as detected by MailScanner} Invitation to >Esther Dyson's PC Forum, March 20 to 22: Hello (new) World - Found >word(s) to be removed register today in the HTML body >MIME-Version: 1.0 >Content-Type: text/html; > charset="ISO-8859-1" >Content-Transfer-Encoding: 7bit >X-Mailer-Version: 3.5.5 build 727 >X-Mailer: Accucast >X-Accutrak: >CNET_Networks_#3.139973.3432373335333234@newsletters.online.com >X-MailScanner-From: >cnet_networks_#3.139973.3432373335333234.b@newsletters.online.com >Return-Path: > >X-OriginalArrivalTime: 07 Feb 2005 16:52:12.0103 (UTC) >FILETIME=[5E92BD70:01C50D35] > > > David, What do you mean by "filtered out"? Do you mean it was quarantined or deleted? What is in your maillog? What are your values for: Spam Actions = High Scoring Spam Actions = Non Spam Actions = How about adding some verbosity to your MS setup? Detailed Spam Report = yes Include Scores In SpamAssassin Report = yes Always Include SpamAssassin Report = yes Log Spam = yes Log Non Spam = yes (beware it can produce a lot a output) Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From DCurtis at SBSCHOOLS.NET Tue Feb 8 16:14:32 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:28 2006 Subject: AWL Still Message-ID: Just a typo. Been dealing with MailScanner conf files so much lately. >>> mkettler@EVI-INC.COM 2/8/2005 11:04:59 AM >>> At 10:38 AM 2/8/2005, David Curtis wrote: >I have it in the /etc/mail.spamassassin/local.conf and I have it in the >/etc/MailScanner/spam.assassin.prefs.conf. I still had many e-mails that >had the AWL score in them. I did listen and I appreciate the advice. Fair enough, you had not mentioned it previously. One question, is local.conf a typo, or is that the real filename? If so, rename it to local.cf. SA only opens /etc/mail/spamassassin/*.cf. It will not open any .conf files. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Tue Feb 8 16:16:44 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:28 2006 Subject: I don't fully understand how to change the way MailScanner handles spam. How can I change MailSc Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] It is being quarantined. This is the whole header from the e-mail. There are no spamassassin scores in it. It looks like MailScanner tags it as spam and does not even rely on spamassassin. >>> Denis.Beauchemin@USHERBROOKE.CA 2/8/2005 11:08:15 AM >>> David Curtis wrote: >I don't fully understand how to change the way MailScanner handles spam. >How can I change MailScanner to not filter mail like the scoring it uses >for Spamassassin? Below is an example of a header from a newsletter that >is being filtered out but not because of Spamassassin scoring. I could >always add a whitelist entry but I would rather figure out how to change >this. > >Thanks. > > >Subject: [SPAM] - {Spam as detected by MailScanner} Invitation to >Esther Dyson's PC Forum, March 20 to 22: Hello (new) World - Found >word(s) to be removed register today in the HTML body >MIME-Version: 1.0 >Content-Type: text/html; > charset="ISO-8859-1" >Content-Transfer-Encoding: 7bit >X-Mailer-Version: 3.5.5 build 727 >X-Mailer: Accucast >X-Accutrak: >CNET_Networks_#3.139973.3432373335333234@newsletters.online.com >X-MailScanner-From: >cnet_networks_#3.139973.3432373335333234.b@newsletters.online.com >Return-Path: > >X-OriginalArrivalTime: 07 Feb 2005 16:52:12.0103 (UTC) >FILETIME=[5E92BD70:01C50D35] > > > David, What do you mean by "filtered out"? Do you mean it was quarantined or deleted? What is in your maillog? What are your values for: Spam Actions = High Scoring Spam Actions = Non Spam Actions = How about adding some verbosity to your MS setup? Detailed Spam Report = yes Include Scores In SpamAssassin Report = yes Always Include SpamAssassin Report = yes Log Spam = yes Log Non Spam = yes (beware it can produce a lot a output) Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kurt at NETDIRECT.CA Tue Feb 8 16:17:28 2005 From: kurt at NETDIRECT.CA (Kurt Bishop) Date: Thu Jan 12 21:28:28 2006 Subject: Blank Email Messages Message-ID: Hi, Recently we have been getting reports of blank or mostly blank messages being sent & received through our server. We have tried to narrow dow the problem and believe that MailScanner (or something related) is altering the HTML message and the mail client cannot display it properly. For example, I received a message the was blank except for the last line of the sender's signature. When doing a View Source on the message, I could see that the HTML version of the message had been reduced to only include what I could see on screen. However, the plain text version of the message was completely intact as the sender had written it. Similarly, my text-based mail client received a copy of this message which contained the entire message body as expected. The mail server logs showed the following entry when the message passed through: Feb 6 05:27:26 mail MailScanner[26382]: Content Checks: Detected and will disarm HTML message in j16ARH09027988 Here's a quick summary of our environment: OS: Fedora Core 3 Kernel: 2.6.9-1.681_FC3 MailScanner: 4.36.4-1 Sendmail: 8.13.1-2 SpamAssassin: 3.0.1-0.FC3 These are the only MailScanner.conf entries I could find mentioning "disarm": Allow Script Tags = disarm Allow WebBugs = disarm Here are some other MailScanner.conf entries that may be informational: Dangerous Content Scanning = yes Allow Partial Messages = no Allow External Message Bodies = no Find Phishing Fraud = yes Allow IFrame Tags = no Log IFrame Tags = no Allow Form Tags = yes Allow Object Codebase Tags = no Convert Dangerous HTML To Text = no Convert HTML To Text = no Any suggestions would be greatly appreicated. Thanks. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Tue Feb 8 16:27:44 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:28:28 2006 Subject: I don't fully understand how to change the way MailScanner handles spam. How can I change MailSc Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] David Curtis wrote: >It is being quarantined. This is the whole header from the e-mail. There are no spamassassin scores in it. It looks like MailScanner tags it as spam and does not even rely on spamassassin. > > David, What's in your maillog for this email? The key lies probably there... Denis > > >>>>Denis.Beauchemin@USHERBROOKE.CA 2/8/2005 11:08:15 AM >>> >>>> >>>> >David Curtis wrote: > > > >>I don't fully understand how to change the way MailScanner handles spam. >>How can I change MailScanner to not filter mail like the scoring it uses >>for Spamassassin? Below is an example of a header from a newsletter that >>is being filtered out but not because of Spamassassin scoring. I could >>always add a whitelist entry but I would rather figure out how to change >>this. >> >>Thanks. >> >> >>Subject: [SPAM] - {Spam as detected by MailScanner} Invitation to >>Esther Dyson's PC Forum, March 20 to 22: Hello (new) World - Found >>word(s) to be removed register today in the HTML body >>MIME-Version: 1.0 >>Content-Type: text/html; >> charset="ISO-8859-1" >>Content-Transfer-Encoding: 7bit >>X-Mailer-Version: 3.5.5 build 727 >>X-Mailer: Accucast >>X-Accutrak: >>CNET_Networks_#3.139973.3432373335333234@newsletters.online.com >>X-MailScanner-From: >>cnet_networks_#3.139973.3432373335333234.b@newsletters.online.com >>Return-Path: >> >>X-OriginalArrivalTime: 07 Feb 2005 16:52:12.0103 (UTC) >>FILETIME=[5E92BD70:01C50D35] >> >> >> >> >> > >David, > >What do you mean by "filtered out"? Do you mean it was quarantined or >deleted? What is in your maillog? > >What are your values for: >Spam Actions = >High Scoring Spam Actions = >Non Spam Actions = > >How about adding some verbosity to your MS setup? >Detailed Spam Report = yes >Include Scores In SpamAssassin Report = yes >Always Include SpamAssassin Report = yes >Log Spam = yes >Log Non Spam = yes (beware it can produce a lot a output) > >Denis > > > -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From DCurtis at SBSCHOOLS.NET Tue Feb 8 16:35:02 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:28 2006 Subject: I don't fully understand how to change the way MailScanner handles spam. How can I change MailSc Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Here is what I found in the log. Again I don't see MailScanner doing a spamassassin check on this message. Feb 7 17:34:20 spamfilter postfix/smtpd[32477]: connect from alias-2.c10-ave-mta3.cnet.com[206.16.1.191] Feb 7 17:34:20 spamfilter postfix/smtpd[32477]: 5538716F5CD: client=alias-2.c10-ave-mta3.cnet.com[206.16.1.191] Feb 7 17:34:21 spamfilter postfix/cleanup[32039]: 5538716F5CD: hold: header Received: from alias-2.c10-ave-mta3.cnet.com (alias-2. Feb 7 17:34:21 spamfilter postfix/cleanup[32039]: 5538716F5CD: message-id=<13092019.1107815659270.JavaMail.accucast@206.16.1.189> Feb 7 17:34:22 spamfilter MailScanner[28181]: New Batch: Scanning 1 messages, 5541 bytes Feb 7 17:34:22 spamfilter MailScanner[28181]: MCP Checks: Starting Feb 7 17:34:22 spamfilter MailScanner[28181]: MCP Checks completed at 5541 bytes per second Feb 7 17:34:22 spamfilter MailScanner[28181]: Spam Checks: Starting Feb 7 17:34:26 spamfilter postfix/smtpd[32477]: disconnect from alias-2.c10-ave-mta3.cnet.com[206.16.1.191] Feb 7 17:34:40 spamfilter MailScanner[28181]: Message 5538716F5CD.EF267 from 206.16.1.191 (cnet_networks_#3.140018.34363630353131. Feb 7 17:34:40 spamfilter MailScanner[28181]: Spam Checks: Found 1 spam messages Feb 7 17:34:40 spamfilter MailScanner[28181]: Spam Actions: message 5538716F5CD.EF267 actions are forward,spam@test.com Feb 7 17:34:40 spamfilter MailScanner[28181]: Spam Checks completed at 307 bytes per second Feb 7 17:34:41 spamfilter MailScanner[28181]: Virus and Content Scanning: Starting Feb 7 17:34:42 spamfilter MailScanner[28181]: Filename Checks: Allowing 5538716F5CD.EF267 msg-28181-86.txt Feb 7 17:34:42 spamfilter MailScanner[28181]: Virus Scanning completed at 2770 bytes per second Feb 7 17:34:42 spamfilter MailScanner[28181]: Requeue: 5538716F5CD.EF267 to F2CDC16F6B8 Feb 7 17:34:42 spamfilter postfix/nqmgr[28160]: F2CDC16F6B8: from=, orig_to=, relay= >>> Denis.Beauchemin@USHERBROOKE.CA 2/8/2005 11:27:44 AM >>> David Curtis wrote: >It is being quarantined. This is the whole header from the e-mail. There are no spamassassin scores in it. It looks like MailScanner tags it as spam and does not even rely on spamassassin. > > David, What's in your maillog for this email? The key lies probably there... Denis > > >>>>Denis.Beauchemin@USHERBROOKE.CA 2/8/2005 11:08:15 AM >>> >>>> >>>> >David Curtis wrote: > > > >>I don't fully understand how to change the way MailScanner handles spam. >>How can I change MailScanner to not filter mail like the scoring it uses >>for Spamassassin? Below is an example of a header from a newsletter that >>is being filtered out but not because of Spamassassin scoring. I could >>always add a whitelist entry but I would rather figure out how to change >>this. >> >>Thanks. >> >> >>Subject: [SPAM] - {Spam as detected by MailScanner} Invitation to >>Esther Dyson's PC Forum, March 20 to 22: Hello (new) World - Found >>word(s) to be removed register today in the HTML body >>MIME-Version: 1.0 >>Content-Type: text/html; >> charset="ISO-8859-1" >>Content-Transfer-Encoding: 7bit >>X-Mailer-Version: 3.5.5 build 727 >>X-Mailer: Accucast >>X-Accutrak: >>CNET_Networks_#3.139973.3432373335333234@newsletters.online.com >>X-MailScanner-From: >>cnet_networks_#3.139973.3432373335333234.b@newsletters.online.com >>Return-Path: >> >>X-OriginalArrivalTime: 07 Feb 2005 16:52:12.0103 (UTC) >>FILETIME=[5E92BD70:01C50D35] >> >> >> >> >> > >David, > >What do you mean by "filtered out"? Do you mean it was quarantined or >deleted? What is in your maillog? > >What are your values for: >Spam Actions = >High Scoring Spam Actions = >Non Spam Actions = > >How about adding some verbosity to your MS setup? >Detailed Spam Report = yes >Include Scores In SpamAssassin Report = yes >Always Include SpamAssassin Report = yes >Log Spam = yes >Log Non Spam = yes (beware it can produce a lot a output) > >Denis > > > -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From greg at BLASTZONE.COM Tue Feb 8 16:47:14 2005 From: greg at BLASTZONE.COM (Greg Deputy) Date: Thu Jan 12 21:28:28 2006 Subject: Blank Email Messages Message-ID: This appears to be the same issue I reported on yesterday > For example, I received a message the was blank except for > the last line of the sender's signature. When doing a View > Source on the message, I could see that the HTML version of > the message had been reduced to only include what I could see > on screen. However, the plain text version of the message > was completely intact as the sender had written it. > Similarly, my text-based mail client received a copy of this > message which contained the entire message body as expected. > > The mail server logs showed the following entry when the > message passed through: > > Feb 6 05:27:26 mail MailScanner[26382]: Content Checks: > Detected and will disarm HTML message in j16ARH09027988 > Just dug through the logs on one of the reported blank emails from a customer, found the same thing: Feb 5 11:35:08 mx MailScanner[28376]: Content Checks: Detected and will disarm HTML message in 3FB3416F679 > Here's a quick summary of our environment: > > OS: Fedora Core 3 > Kernel: 2.6.9-1.681_FC3 > MailScanner: 4.36.4-1 > Sendmail: 8.13.1-2 > SpamAssassin: 3.0.1-0.FC3 > I'm running similar, FC 2, postfix 2.1.5 instead of sendmail, etc > These are the only MailScanner.conf entries I could find > mentioning "disarm": > Hmm, I might try turning off some of those settings to see if it eliminates the problem. Hopefully Julian will have some input once he's back online. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Feb 8 16:57:10 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:28 2006 Subject: AWL Still Message-ID: At 11:14 AM 2/8/2005, David Curtis wrote: >Just a typo. Been dealing with MailScanner conf files so much lately. Hmm... Does spamassassin --lint run quietly, or does it complain? (I'm wondering if SA is choking on your local.cf and just ignoring the whole thing as a result). Does the "site rules dir" in the debug output spamassassin --lint -D match up with the one containing local.cf? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Tue Feb 8 16:58:05 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:28 2006 Subject: autolearn Message-ID: Maybe a real stupid question. Is the autolearn feature something that most people find useful or should it be turned off? Or turned off after so many days or a certain amount of messages pass through the system? This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Feb 8 16:37:49 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:28 2006 Subject: Missing BAYES??? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Magda Hewryk wrote: > What command should I run to get the following? > > Rebuild Bayes Every = 259200 > >>>>Wait During Bayes Rebuild = yes > > > What is the bayes rebuild option in MailScanner? > > > Thanks, > > Magda Hewryk > -------------------------------- > Mid-Range Systems > 905-273-1637 (Office) > 416-554-0743 (Cell) > If you look at the comments in this area you will see that the "Rebuild Bayes Every = xxx" is the number of seconds between rebuilds. 259200 is 3 days, the default in the file is 86400 which is 1 day or 24 hours. If you turn this on, make sure you set "Wait During Bayes Rebuild = yes" so MailScanner doesn't try to process mail during this rebuild, or you will get spamassasssin timeouts, and spam might get through. If you rebuild daily, it shouldn't take more than a minute on a fairly modern processor. I get times near 30 seconds on a dual pIII 1.0 Ghz server. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From krice at SERVERSANDSOLUTIONS.COM Tue Feb 8 17:02:26 2005 From: krice at SERVERSANDSOLUTIONS.COM (Ken Rice) Date: Thu Jan 12 21:28:28 2006 Subject: AWL Still Message-ID: On Tue, 8 Feb 2005 10:34:32 -0500 Matt Kettler wrote: > At 09:06 AM 2/8/2005, David Curtis wrote: > >I hate to keep beating a dead horse but I still get e-mails that have > >AWL scores in them. I have included "use_auto_whitelist 0" in the > >spam.assassin.prefs.conf. > > I also hate to beat a dead horse but you did not listen to my advice exactly. > > With SA 3.0 you MUST set use_auto_whitelist 0 in your > /etc/mail/spamassassin/local.cf. > > use_auto_whitelist is a privileged setting. It cannot be set in > spam.assassin.prefs.conf. > > See man Mail::SpamAssasin::Conf if you don't belive me that it's privileged. I've a symlink from /etc/mail/spamassassin/local.cf to /etc/MailScanner/spam.assassin.prefs.conf, so I'm only editing one file. Is this still ok to do? Not the same as above, but, I'm gun-shy now... > See also > Message-ID: <6.2.1.2.0.20050207133603.03ae0550@192.168.50.2> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Feb 8 17:03:36 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:28 2006 Subject: autolearn Message-ID: At 11:58 AM 2/8/2005, David Curtis wrote: >Maybe a real stupid question. Is the autolearn feature something that >most people find useful or should it be turned off? Or turned off after >so many days or a certain amount of messages pass through the system? I find it useful, but I also find it useful to lower the default ham threshold. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Tue Feb 8 17:34:43 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:28 2006 Subject: AWL Still Message-ID: Here is the entire output. I have a clean copy of Spamassassin i.e I never modified any rules. Thanks. spamassassin --lint --prefs-file=/etc/MailScanner/spam.assassin.prefs.conf -D debug: SpamAssassin version 3.0.2 debug: Score set 0 chosen. debug: running in taint mode? yes debug: Running in taint mode, removing unsafe env vars, and resetting PATH debug: PATH included '/usr/kerberos/sbin', keeping. debug: PATH included '/usr/kerberos/bin', keeping. debug: PATH included '/usr/local/sbin', keeping. debug: PATH included '/usr/local/bin', keeping. debug: PATH included '/sbin', keeping. debug: PATH included '/bin', keeping. debug: PATH included '/usr/sbin', keeping. debug: PATH included '/usr/bin', keeping. debug: PATH included '/usr/X11R6/bin', keeping. debug: PATH included '/root/bin', which doesn't exist, dropping. debug: Final PATH set to: /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin debug: diag: module not installed: DBI ('require' failed) debug: diag: module installed: DB_File, version 1.808 debug: diag: module installed: Digest::SHA1, version 2.10 debug: diag: module installed: IO::Socket::UNIX, version 1.21 debug: diag: module installed: MIME::Base64, version 2.12 debug: diag: module installed: Net::DNS, version 0.48 debug: diag: module not installed: Net::LDAP ('require' failed) debug: diag: module installed: Razor2::Client::Agent, version 2.67 debug: diag: module installed: Storable, version 2.09 debug: diag: module installed: URI, version 1.19 debug: ignore: using a test message to lint rules debug: using "/etc/mail/spamassassin/init.pre" for site rules init.pre debug: config: read file /etc/mail/spamassassin/init.pre debug: using "/usr/share/spamassassin" for default rules dir debug: config: read file /usr/share/spamassassin/10_misc.cf debug: config: read file /usr/share/spamassassin/20_anti_ratware.cf debug: config: read file /usr/share/spamassassin/20_body_tests.cf debug: config: read file /usr/share/spamassassin/20_compensate.cf debug: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf debug: config: read file /usr/share/spamassassin/20_drugs.cf debug: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf debug: config: read file /usr/share/spamassassin/20_head_tests.cf debug: config: read file /usr/share/spamassassin/20_html_tests.cf debug: config: read file /usr/share/spamassassin/20_meta_tests.cf debug: config: read file /usr/share/spamassassin/20_phrases.cf debug: config: read file /usr/share/spamassassin/20_porn.cf debug: config: read file /usr/share/spamassassin/20_ratware.cf debug: config: read file /usr/share/spamassassin/20_uri_tests.cf debug: config: read file /usr/share/spamassassin/23_bayes.cf debug: config: read file /usr/share/spamassassin/25_body_tests_es.cf debug: config: read file /usr/share/spamassassin/25_hashcash.cf debug: config: read file /usr/share/spamassassin/25_spf.cf debug: config: read file /usr/share/spamassassin/25_uribl.cf debug: config: read file /usr/share/spamassassin/30_text_de.cf debug: config: read file /usr/share/spamassassin/30_text_fr.cf debug: config: read file /usr/share/spamassassin/30_text_nl.cf debug: config: read file /usr/share/spamassassin/30_text_pl.cf debug: config: read file /usr/share/spamassassin/50_scores.cf debug: config: read file /usr/share/spamassassin/60_whitelist.cf debug: using "/etc/mail/spamassassin" for site rules dir debug: config: read file /etc/mail/spamassassin/local.cf debug: using "/root/.spamassassin" for user state dir debug: using "/etc/MailScanner/spam.assassin.prefs.conf" for user prefs file debug: config: read file /etc/MailScanner/spam.assassin.prefs.conf debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x963f594) debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0x9fd80e8) debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x9fb9eec) debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x963f594) implements 'parse_config' debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0x9fd80e8) implements 'parse_config' Argument "1.7[B66" isn't numeric in addition (+) at /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/Conf.pm line 244. warning: score set for non-existent rule URIBIL_SBL debug: using "/root/.spamassassin" for user state dir debug: bayes: no dbs present, cannot tie DB R/O: /root/.spamassassin/bayes_toks debug: Score set 1 chosen. debug: ---- MIME PARSER START ---- debug: main message type: text/plain debug: parsing normal part debug: added part, type: text/plain debug: ---- MIME PARSER END ---- debug: bayes: no dbs present, cannot tie DB R/O: /root/.spamassassin/bayes_toks debug: metadata: X-Spam-Relays-Trusted: debug: metadata: X-Spam-Relays-Untrusted: debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x963f594) implements 'parsed_metadata' debug: is Net::DNS::Resolver available? yes debug: Net::DNS version: 0.48 debug: trying (3) doubleclick.com... debug: looking up NS for 'doubleclick.com' debug: NS lookup of doubleclick.com succeeded => Dns available (set dns_available to hardcode) debug: is DNS available? 1 debug: decoding: no encoding detected debug: URIDNSBL: domains to query: debug: all '*From' addrs: ignore@compiling.spamassassin.taint.org debug: Running tests for priority: 0 debug: running header regexp tests; score so far=0 debug: registering glue method for check_hashcash_double_spend (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x9fd80e8)) debug: registering glue method for check_for_spf_helo_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x9fb9eec)) debug: SPF: message was delivered entirely via trusted relays, not required debug: registering glue method for check_hashcash_value (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x9fd80e8)) debug: all '*To' addrs: debug: registering glue method for check_for_spf_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x9fb9eec)) debug: SPF: message was delivered entirely via trusted relays, not required debug: registering glue method for check_for_spf_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x9fb9eec)) debug: registering glue method for check_for_spf_helo_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x9fb9eec)) debug: registering glue method for check_for_spf_helo_fail (Mail::SpamAssassin::Plugin::SPF=HASH(0x9fb9eec)) debug: running body-text per-line regexp tests; score so far=-1.623 debug: running uri tests; score so far=-1.623 debug: registering glue method for check_uridnsbl (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x963f594)) debug: Razor2 is available debug: entering helper-app run mode Razor-Log: Computed razorhome from env: /root/.razor Razor-Log: Found razorhome: /root/.razor Razor-Log: No /root/.razor/razor-agent.conf found, skipping. Razor-Log: No razor-agent.conf found, using defaults. Feb 08 12:22:08.891208 check[23514]: [ 2] [bootup] Logging initiated LogDebugLevel=9 to stdout Feb 08 12:22:08.891981 check[23514]: [ 5] computed razorhome=/root/.razor, conf=, ident=/root/.razor/identity Feb 08 12:22:08.892522 check[23514]: [ 8] Client supported_engines: 4 8 Feb 08 12:22:08.893357 check[23514]: [ 8] prep_mail done: mail 1 headers=93, mime0=1376 Feb 08 12:22:08.894296 check[23514]: [ 5] Can't read file /root/.razor/servers.discovery.lst: No such file or directory Feb 08 12:22:08.894757 check[23514]: [ 5] Can't read file /root/.razor/servers.nomination.lst: No such file or directory Feb 08 12:22:08.895017 check[23514]: [ 5] Can't read file /root/.razor/servers.catalogue.lst: No such file or directory Feb 08 12:22:08.895656 check[23514]: [ 5] no listfile: /root/.razor/servers.catalogue.lst Feb 08 12:22:08.896228 check[23514]: [ 6] no discovery listfile: /root/.razor/servers.discovery.lst Feb 08 12:22:08.896460 check[23514]: [ 5] Finding Discovery Servers via DNS in the razor2.cloudmark.com zone Feb 08 12:22:10.007495 check[23514]: [ 6] Found 1 Discovery Servers via DNS in the razor2.cloudmark.com zone Feb 08 12:22:10.007849 check[23514]: [ 8] Checking with Razor Discovery Server 66.151.150.12 Feb 08 12:22:10.008053 check[23514]: [ 6] No port specified, using 2703 Feb 08 12:22:10.008164 check[23514]: [ 5] Connecting to 66.151.150.12 ... debug: razor2 check timed out after 10 secs. debug: leaving helper-app run mode debug: Razor2 results: spam? 0 highest cf score: 0 debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x963f594) implements 'check_tick' debug: running raw-body-text per-line regexp tests; score so far=-1.623 debug: running full-text regexp tests; score so far=-1.623 debug: Razor2 is available debug: Current PATH is: /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin debug: executable for pyzor was found at /usr/bin/pyzor debug: Pyzor is available: /usr/bin/pyzor debug: entering helper-app run mode debug: setuid: helper proc 23524: ruid=0 euid=0 debug: Pyzor: got response: 217.160.253.84:24441 TimeoutError: debug: leaving helper-app run mode debug: Pyzor: couldn't grok response "217.160.253.84:24441 TimeoutError: " debug: DCCifd is not available: no r/w dccifd socket found. debug: DCC is not available: no executable dccproc found. debug: Running tests for priority: 500 debug: RBL: success for 1 of 1 queries debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x963f594) implements 'check_post_dnsbl' debug: running meta tests; score so far=-1.623 debug: running header regexp tests; score so far=-0.0529999999999999 debug: running body-text per-line regexp tests; score so far=-0.0529999999999999 debug: running uri tests; score so far=-0.0529999999999999 debug: running raw-body-text per-line regexp tests; score so far=-0.0529999999999999 debug: running full-text regexp tests; score so far=-0.0529999999999999 debug: Running tests for priority: 1000 debug: running meta tests; score so far=-0.0529999999999999 debug: running header regexp tests; score so far=-0.0529999999999999 debug: running body-text per-line regexp tests; score so far=-0.0529999999999999 debug: running uri tests; score so far=-0.0529999999999999 debug: running raw-body-text per-line regexp tests; score so far=-0.0529999999999999 debug: running full-text regexp tests; score so far=-0.0529999999999999 debug: is spam? score=-0.053 required=5 debug: tests=ALL_TRUSTED,MISSING_DATE,MISSING_SUBJECT,NO_REAL_NAME debug: subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__SANE_MSGID,__UNUSABLE_MSGID lint: 1 issues detected. please rerun with debug enabled for more information. >>> mkettler@EVI-INC.COM 2/8/2005 11:57:10 AM >>> At 11:14 AM 2/8/2005, David Curtis wrote: >Just a typo. Been dealing with MailScanner conf files so much lately. Hmm... Does spamassassin --lint run quietly, or does it complain? (I'm wondering if SA is choking on your local.cf and just ignoring the whole thing as a result). Does the "site rules dir" in the debug output spamassassin --lint -D match up with the one containing local.cf? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From PHachey at CITY.CORNWALL.ON.CA Tue Feb 8 17:50:53 2005 From: PHachey at CITY.CORNWALL.ON.CA (Philip Hachey) Date: Thu Jan 12 21:28:28 2006 Subject: check_MailScanner.cron Message-ID: My install is in a slightly different location. However, /usr/sbin/check_mailscanner is just a symlink to /usr/sbin/check_MailScanner. Eric Dantan Rzewnicki Sent by: MailScanner mailing list 2005-02-08 09:24 Please respond to MailScanner mailing list To: MAILSCANNER@JISCMAIL.AC.UK cc: Subject: check_MailScanner.cron Hi Julian, Hope you're having a good vacation. I noticed that check_MailScanner.cron is trying to call /opt/MailScanner/bin/check_MailScanner which has been renamed to check_mailscanner (no caps). -- Eric Dantan Rzewnicki | Systems Engineer I Technical Operations Division | Radio Free Asia 2025 M Street, NW | Washington, DC 20036 | 202-530-4900 CONFIDENTIAL COMMUNICATION This e-mail message is intended only for the use of the addressee and may contain information that is privileged and confidential. Any unauthorized dissemination, distribution, or copying is strictly prohibited. If you receive this transmission in error, please contact network@rfa.org. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lenc at ruralcomm.com Tue Feb 8 17:49:51 2005 From: lenc at ruralcomm.com (Leonard Chatagnier) Date: Thu Jan 12 21:28:29 2006 Subject: Mailscanner Installation Problem-Wont Install Message-ID: I have a long standing problem getting Mailscanner to install on my Dell Dimension XPS T450 running Debian GNU/Linux 3.0, kernel 2.4.18-bf2.4. An old Mailscaner version was uninstalled(with difficulty) because it wouldn't update and now it wont install. Request for help with the Debian user list, Google searches, searching your list and reading manuals yielded no success. I hope that someone on the Mailscanner list can help me correct this problem. I'm a newbie to Linux and totally unknowlegable about networks. I have a single PC connecting to Internet using a 56K dialup modem. The terminal output from the install command is below: ChatagnierL-Home:/tmp# dpkg -i mailscanner_4.38.10-1_all.deb (Reading database ... 140708 files and directories currently installed.) Unpacking mailscanner (from mailscanner_4.38.10-1_all.deb) ... /var/lib/dpkg/tmp.ci/preinst: line 22: db_get: command not found dpkg: error processing mailscanner_4.38.10-1_all.deb (--install): subprocess pre-installation script returned error exit status 127 Errors were encountered while processing: mailscanner_4.38.10-1_all.deb ChatagnierL-Home:/tmp# Note: the /tmp.ci/preinst part of the file path doesn't exist so I couldn't investigate it. Mailscanner has never been functional although I setup Exim, spamassassin and f-prot as I thought it should be based on the documentation. Thanks for any help you might provide, Leonard Chatagnier ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From sailer at BNL.GOV Tue Feb 8 17:50:25 2005 From: sailer at BNL.GOV (Tim Sailer) Date: Thu Jan 12 21:28:29 2006 Subject: AWL Still Message-ID: On Tue, Feb 08, 2005 at 12:34:43PM -0500, David Curtis wrote: > Argument "1.7[B66" isn't numeric in addition (+) at This line looks junk from using cursor keys during an edit, and the escape sequences inserted into the file... Tim -- Tim Sailer Information and Special Technologies Program Office of CounterIntelligence Brookhaven National Laboratory (631) 344-3001 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lenc at RURALCOMM.COM Tue Feb 8 17:58:35 2005 From: lenc at RURALCOMM.COM (Leonard Chatagnier) Date: Thu Jan 12 21:28:29 2006 Subject: Mailscanner Installation Problem-Wont Install Message-ID: Leonard Chatagnier wrote: I have a long standing problem getting Mailscanner to install on my Dell Dimension XPS T450 running Debian GNU/Linux 3.0, kernel 2.4.18-bf2.4. An old Mailscaner version was uninstalled(with difficulty) because it wouldn't update and now it wont install. Request for help with the Debian user list, Google searches, searching your list and reading manuals yielded no success. I hope that someone on the Mailscanner list can help me correct this problem. I'm a newbie to Linux and totally unknowlegable about networks. I have a single PC connecting to Internet using a 56K dialup modem. The terminal output from the install command is below: ChatagnierL-Home:/tmp# dpkg -i mailscanner_4.38.10-1_all.deb (Reading database ... 140708 files and directories currently installed.) Unpacking mailscanner (from mailscanner_4.38.10-1_all.deb) ... /var/lib/dpkg/tmp.ci/preinst: line 22: db_get: command not found dpkg: error processing mailscanner_4.38.10-1_all.deb (--install): subprocess pre-installation script returned error exit status 127 Errors were encountered while processing: mailscanner_4.38.10-1_all.deb ChatagnierL-Home:/tmp# Note: the /tmp.ci/preinst part of the file path doesn't exist so I couldn't investigate it. Mailscanner has never been functional although I setup Exim, spamassassin and f-prot as I thought it should be based on the documentation. Thanks for any help you might provide, Leonard Chatagnier Sorry, my Perl version is v5.8.4 built for i386-linux-thread-multi. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MHewryk at SYMCOR.COM Tue Feb 8 18:08:05 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:29 2006 Subject: Missing BAYES??? Message-ID: Thanks! My Bayes options were turned off. But I'm not missing BAYES in the score ..almost every spam has BAYES ... Rebuild Bayes Every = 0 Wait During Bayes Rebuild = no Thanks, Magda Scott Silva To Sent by: MAILSCANNER@JISCMAIL.AC.UK MailScanner cc mailing list Re: Missing BAYES??? 02/08/2005 11:37 AM Please respond to MailScanner mailing list Magda Hewryk wrote: > What command should I run to get the following? > > Rebuild Bayes Every = 259200 > >>>>Wait During Bayes Rebuild = yes > > > What is the bayes rebuild option in MailScanner? > > > Thanks, > > Magda Hewryk > -------------------------------- > Mid-Range Systems > 905-273-1637 (Office) > 416-554-0743 (Cell) > If you look at the comments in this area you will see that the "Rebuild Bayes Every = xxx" is the number of seconds between rebuilds. 259200 is 3 days, the default in the file is 86400 which is 1 day or 24 hours. If you turn this on, make sure you set "Wait During Bayes Rebuild = yes" so MailScanner doesn't try to process mail during this rebuild, or you will get spamassasssin timeouts, and spam might get through. If you rebuild daily, it shouldn't take more than a minute on a fairly modern processor. I get times near 30 seconds on a dual pIII 1.0 Ghz server. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Feb 8 18:18:20 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:29 2006 Subject: AWL Still Message-ID: At 12:02 PM 2/8/2005, Ken Rice wrote: >I've a symlink from /etc/mail/spamassassin/local.cf >to /etc/MailScanner/spam.assassin.prefs.conf, >so I'm only editing one file. > >Is this still ok to do? Not the same as above, but, I'm gun-shy now... I'd recommend not doing that. All you're doing by creating the symlink is forcing SA to parse those options twice. Most SA config options over-write themselves and are fine with this, so you're only wasting CPU time. However, if you wind up doing anything that depends on parse order this might wind up screwing things up. Let's face it, the entire point of using spam.assassin.prefs.conf in the first place is so you can have customized mailscanner-only settings that won't be used when you call SA on the command line. If you want the settings site-wide.. just put them in local.cf and be done with it. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Feb 8 18:22:59 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:29 2006 Subject: AWL Still Message-ID: At 12:34 PM 2/8/2005, David Curtis wrote: >Argument "1.7[B66" isn't numeric in addition (+) at >/usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/Conf.pm line 244. >warning: score set for non-existent rule URIBIL_SBL Ouch.. Looks like at least one of your files has a severely mangled score statement that's got some escape character garbage in it. That would be enough to confuse the parser. grep "+1.7" /etc/mail/spamassassin/local.cf >warning: score set for non-existent rule URIBIL_SBL Non-severe, but you've got a typo there too.. One too many I's. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MHewryk at SYMCOR.COM Tue Feb 8 18:24:09 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:29 2006 Subject: How can I rebuild BAYES manually? Message-ID: Hi, Can I rebuild BAYES manually? Thanks, Magda Magda Hewryk To Sent by: MAILSCANNER@JISCMAIL.AC.UK MailScanner cc mailing list Re: Missing BAYES??? 02/08/2005 01:08 PM Please respond to MailScanner mailing list Thanks! My Bayes options were turned off. But I'm not missing BAYES in the score ..almost every spam has BAYES ... Rebuild Bayes Every = 0 Wait During Bayes Rebuild = no Thanks, Magda Scott Silva To Sent by: MAILSCANNER@JISCMAIL.AC.UK MailScanner cc mailing list Re: Missing BAYES??? 02/08/2005 11:37 AM Please respond to MailScanner mailing list Magda Hewryk wrote: > What command should I run to get the following? > > Rebuild Bayes Every = 259200 > >>>>Wait During Bayes Rebuild = yes > > > What is the bayes rebuild option in MailScanner? > > > Thanks, > > Magda Hewryk > -------------------------------- > Mid-Range Systems > 905-273-1637 (Office) > 416-554-0743 (Cell) > If you look at the comments in this area you will see that the "Rebuild Bayes Every = xxx" is the number of seconds between rebuilds. 259200 is 3 days, the default in the file is 86400 which is 1 day or 24 hours. If you turn this on, make sure you set "Wait During Bayes Rebuild = yes" so MailScanner doesn't try to process mail during this rebuild, or you will get spamassasssin timeouts, and spam might get through. If you rebuild daily, it shouldn't take more than a minute on a fairly modern processor. I get times near 30 seconds on a dual pIII 1.0 Ghz server. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Feb 8 18:28:01 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:29 2006 Subject: How can I rebuild BAYES manually? Message-ID: At 01:24 PM 2/8/2005, Magda Hewryk wrote: >Can I rebuild BAYES manually? sa-learn --rebuild Or: sa-learn --force-expire The latter will do a rebuild and force an expiry run. The former does a rebuild and only runs expiry if it has been long enough since the last rebuild. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kurt at NETDIRECT.CA Tue Feb 8 00:00:00 2005 From: kurt at NETDIRECT.CA (Kurt Bishop) Date: Thu Jan 12 21:28:29 2006 Subject: Blank Email Messages Message-ID: I have tried changing the webbugs and script entries below to yes with no success. -----Original Message----- From: Greg Deputy Date: Tue, 8 Feb 2005 08:47:14 To:MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Blank Email Messages This appears to be the same issue I reported on yesterday > For example, I received a message the was blank except for > the last line of the sender's signature. When doing a View > Source on the message, I could see that the HTML version of > the message had been reduced to only include what I could see > on screen. However, the plain text version of the message > was completely intact as the sender had written it. > Similarly, my text-based mail client received a copy of this > message which contained the entire message body as expected. > > The mail server logs showed the following entry when the > message passed through: > > Feb 6 05:27:26 mail MailScanner[26382]: Content Checks: > Detected and will disarm HTML message in j16ARH09027988 > Just dug through the logs on one of the reported blank emails from a customer, found the same thing: Feb 5 11:35:08 mx MailScanner[28376]: Content Checks: Detected and will disarm HTML message in 3FB3416F679 > Here's a quick summary of our environment: > > OS: Fedora Core 3 > Kernel: 2.6.9-1.681_FC3 > MailScanner: 4.36.4-1 > Sendmail: 8.13.1-2 > SpamAssassin: 3.0.1-0.FC3 > I'm running similar, FC 2, postfix 2.1.5 instead of sendmail, etc > These are the only MailScanner.conf entries I could find > mentioning "disarm": > Hmm, I might try turning off some of those settings to see if it eliminates the problem. Hopefully Julian will have some input once he's back online. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------------- Kurt Bishop Systems Analyst/Consultant Net Direct Inc. 12-564 Weber Street North Waterloo, ON N2L 5C6 Ph: 519-883-1172 x104 Fx: 519-883-8533 http://www.netdirect.ca ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Feb 8 18:25:19 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:29 2006 Subject: Missing BAYES??? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Magda Hewryk wrote: > Thanks! > My Bayes options were turned off. But I'm not missing BAYES in the score > ..almost every spam has BAYES ... > > Rebuild Bayes Every = 0 > Wait During Bayes Rebuild = no > > > Thanks, > > Magda You do need to run a bayes rebuild (expiry) every so often or the bayes database gets rather large and ineffective. If you do not want MailScanner to do it, you can run it from a cron entry. Search the forum for it, I don't want to quote from memory and mess it up. -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Feb 8 18:44:24 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:29 2006 Subject: Blank Email Messages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kurt Bishop wrote: > I have tried changing the webbugs and script entries below to yes with no success. > > -----Original Message----- > From: Greg Deputy > Date: Tue, 8 Feb 2005 08:47:14 > To:MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Blank Email Messages > > This appears to be the same issue I reported on yesterday > > > >>For example, I received a message the was blank except for >>the last line of the sender's signature. When doing a View >>Source on the message, I could see that the HTML version of >>the message had been reduced to only include what I could see >>on screen. However, the plain text version of the message >>was completely intact as the sender had written it. >>Similarly, my text-based mail client received a copy of this >>message which contained the entire message body as expected. >> >>The mail server logs showed the following entry when the >>message passed through: >> >>Feb 6 05:27:26 mail MailScanner[26382]: Content Checks: >>Detected and will disarm HTML message in j16ARH09027988 >> > > > Just dug through the logs on one of the reported blank emails from a > customer, found the same thing: > > Feb 5 11:35:08 mx MailScanner[28376]: Content Checks: Detected and will > disarm HTML message in 3FB3416F679 > > >>Here's a quick summary of our environment: >> >>OS: Fedora Core 3 >>Kernel: 2.6.9-1.681_FC3 >>MailScanner: 4.36.4-1 >>Sendmail: 8.13.1-2 >>SpamAssassin: 3.0.1-0.FC3 >> > > > I'm running similar, FC 2, postfix 2.1.5 instead of sendmail, etc > > >>These are the only MailScanner.conf entries I could find >>mentioning "disarm": >> > > > Hmm, I might try turning off some of those settings to see if it > eliminates the problem. Hopefully Julian will have some input once he's > back online. > Try turning off Phishing for a while. I seem to remember something about that in the last few days. -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dfilchak at SYMPATICO.CA Tue Feb 8 19:00:08 2005 From: dfilchak at SYMPATICO.CA (Dave Filchak) Date: Thu Jan 12 21:28:29 2006 Subject: Curious Message-ID: Yeah that's what I thought. They were just in a format I had not seen before and so I was curious. Thanks Dave Mike Kercher wrote: >I get them all the time. They are bogus domains that spammers try to forge >their crap from: > >Unresolved sender domains: > adv@imelvin.com: 7 Time(s) > 911B9BF8CE8771CAE0E5E9@ohowexc8.naoxy.com: 6 Time(s) > collinlottuj@chch.co.uk: 3 Time(s) > lclifton_bu@chemeng.chmt.wits.ac.za: 3 Time(s) > loans@creditbank.uk: 2 Time(s) > miranda_fw@arborviewinn.ns.ca: 2 Time(s) > reneesingleton_pf@arborviewinn.ns.ca: 2 Time(s) > wkkuwgu@[203.234.244.164]: 2 Time(s) > 03140@rxinet01.walgreens.com: 1 Time(s) > EQTIVSLBCJWABS@eR45lucvvmPD6roLq82.tv: 1 Time(s) > NDIUWVMATRXYZX@smashinpumpikiner.com: 1 Time(s) > agigdde@7.0: 1 Time(s) > akgul@ritp.ye: 1 Time(s) > alarson_ys@afloat.demon.co.uk: 1 Time(s) > antacrp@hotmail.com.au: 1 Time(s) > apache@server.tinati.net: 1 Time(s) > aygcqb@[203.248.130.173]: 1 Time(s) > battery@kfpw.com.au: 1 Time(s) > bettie_bergeron_yj@modern-home.co.uk: 1 Time(s) > billie.n.meza_rp@squires.co.uk: 1 Time(s) > bipjak@[216.63.22.224]: 1 Time(s) > bounce-wddwtfwtmcqq@zffpaspa.strenga1.com: 1 Time(s) > bounce-yqqbwvbwxmfw@xzzwrcwr.strenga1.com: 1 Time(s) > courtesy.114310.145292015@LD1.ntcnnxn.com: 1 Time(s) > courtesy.114397.145292015@LD1.ntcnxn.com: 1 Time(s) > cwilliamsonmn@star-no-star.fsworld.co.uk: 1 Time(s) > deanna_bfield_eq@cantillon.demon.co.uk: 1 Time(s) > dharris@somewhere.someplace: 1 Time(s) > >Mike > > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of Dave Filchak >Sent: Tuesday, February 08, 2005 6:30 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Curious > >I have been seeing the following off and on in my logs (relatively >consistent though). I am curious about them and was wondering if anyone else >has been seeing these and if they have any comments on them. > >Unresolved sender domains: > .3..@p: 1 Time(s) > 1gx3.@j: 1 Time(s) > 2@kya22: 1 Time(s) > 4i.@ra: 1 Time(s) > 5s@422.c: 1 Time(s) > 6644k446664...4.5.4@d: 1 Time(s) > 988868@64.-: 1 Time(s) > 99.....@9: 1 Time(s) > ccat@1.a: 1 Time(s) > d1@ubwdbgsls.1.11: 1 Time(s) > d@68hte4.80a: 1 Time(s) > d@mdiq.ki: 1 Time(s) > gs..@g.g: 1 Time(s) > jjjx@vj.h.l: 1 Time(s) > krickey@aimco.local: 1 Time(s) > m.o.@]n: 1 Time(s) > of_summers_45@kayla.com.au: 1 Time(s) > onnnhohn8.@n: 1 Time(s) > qphbf@lexgroup-ltd.com: 1 Time(s) > s5@jwwcwqys.yi: 1 Time(s) > w@2: 1 Time(s) > ww@0.mj-: 1 Time(s) > zpyo-.@d: 1 Time(s) > >Dave > >------------------------ MailScanner list ------------------------ To >unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the >archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kurt at NETDIRECT.CA Tue Feb 8 00:00:00 2005 From: kurt at NETDIRECT.CA (Kurt Bishop) Date: Thu Jan 12 21:28:29 2006 Subject: Blank Email Messages Message-ID: Thanks for the suggestion. I've disabled phishing for a subset of recipients and will monitor the results. -----Original Message----- From: Scott Silva Date: Tue, 8 Feb 2005 10:44:24 To:MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Blank Email Messages Kurt Bishop wrote: > I have tried changing the webbugs and script entries below to yes with no success. > > -----Original Message----- > From: Greg Deputy > Date: Tue, 8 Feb 2005 08:47:14 > To:MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Blank Email Messages > > This appears to be the same issue I reported on yesterday > > > >>For example, I received a message the was blank except for >>the last line of the sender's signature. When doing a View >>Source on the message, I could see that the HTML version of >>the message had been reduced to only include what I could see >>on screen. However, the plain text version of the message >>was completely intact as the sender had written it. >>Similarly, my text-based mail client received a copy of this >>message which contained the entire message body as expected. >> >>The mail server logs showed the following entry when the >>message passed through: >> >>Feb 6 05:27:26 mail MailScanner[26382]: Content Checks: >>Detected and will disarm HTML message in j16ARH09027988 >> > > > Just dug through the logs on one of the reported blank emails from a > customer, found the same thing: > > Feb 5 11:35:08 mx MailScanner[28376]: Content Checks: Detected and will > disarm HTML message in 3FB3416F679 > > >>Here's a quick summary of our environment: >> >>OS: Fedora Core 3 >>Kernel: 2.6.9-1.681_FC3 >>MailScanner: 4.36.4-1 >>Sendmail: 8.13.1-2 >>SpamAssassin: 3.0.1-0.FC3 >> > > > I'm running similar, FC 2, postfix 2.1.5 instead of sendmail, etc > > >>These are the only MailScanner.conf entries I could find >>mentioning "disarm": >> > > > Hmm, I might try turning off some of those settings to see if it > eliminates the problem. Hopefully Julian will have some input once he's > back online. > Try turning off Phishing for a while. I seem to remember something about that in the last few days. -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------------- Kurt Bishop Systems Analyst/Consultant Net Direct Inc. 12-564 Weber Street North Waterloo, ON N2L 5C6 Ph: 519-883-1172 x104 Fx: 519-883-8533 http://www.netdirect.ca ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Tue Feb 8 19:19:30 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:28:29 2006 Subject: I don't fully understand how to change the way MailScanner handles spam. How can I change MailSc Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] David Curtis wrote: >Here is what I found in the log. Again I don't see MailScanner doing a spamassassin check on this message. >Feb 7 17:34:20 spamfilter postfix/smtpd[32477]: connect from alias-2.c10-ave-mta3.cnet.com[206.16.1.191] >Feb 7 17:34:20 spamfilter postfix/smtpd[32477]: 5538716F5CD: client=alias-2.c10-ave-mta3.cnet.com[206.16.1.191] >Feb 7 17:34:21 spamfilter postfix/cleanup[32039]: 5538716F5CD: hold: header Received: from alias-2.c10-ave-mta3.cnet.com (alias-2. >Feb 7 17:34:21 spamfilter postfix/cleanup[32039]: 5538716F5CD: message-id=<13092019.1107815659270.JavaMail.accucast@206.16.1.189> >Feb 7 17:34:22 spamfilter MailScanner[28181]: New Batch: Scanning 1 messages, 5541 bytes >Feb 7 17:34:22 spamfilter MailScanner[28181]: MCP Checks: Starting >Feb 7 17:34:22 spamfilter MailScanner[28181]: MCP Checks completed at 5541 bytes per second >Feb 7 17:34:22 spamfilter MailScanner[28181]: Spam Checks: Starting >Feb 7 17:34:26 spamfilter postfix/smtpd[32477]: disconnect from alias-2.c10-ave-mta3.cnet.com[206.16.1.191] >Feb 7 17:34:40 spamfilter MailScanner[28181]: Message 5538716F5CD.EF267 from 206.16.1.191 (cnet_networks_#3.140018.34363630353131. >Feb 7 17:34:40 spamfilter MailScanner[28181]: Spam Checks: Found 1 spam messages >Feb 7 17:34:40 spamfilter MailScanner[28181]: Spam Actions: message 5538716F5CD.EF267 actions are forward,spam@test.com > > Looks like MS decided it was SPAM and forwarded the message to spam@test.com... Now, could you answer the following questions: >>What are your values for: >>Spam Actions = >>High Scoring Spam Actions = >>Non Spam Actions = >> >> >> And could you modify your MS config this way? >>How about adding some verbosity to your MS setup? >>Detailed Spam Report = yes >>Include Scores In SpamAssassin Report = yes >>Always Include SpamAssassin Report = yes >>Log Spam = yes >>Log Non Spam = yes (beware it can produce a lot a output) >> >> >> You could also run MS in debug mode (look for Debug = near the end of MailScanner.conf) to get a trace of what's going on. Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From webalizer at NWCWEB.COM Tue Feb 8 19:32:29 2005 From: webalizer at NWCWEB.COM (Dave Duffner - NWCWEB.com) Date: Thu Jan 12 21:28:29 2006 Subject: AWL Still Message-ID: Ok, now here it gets confusing again... Noticed that someone on this List posted and it tagged it with a SA spam tag (we have different tags for MS and SA so we know which one decided to do what). Here's the result of the header portion: X-Spam-Report: * 0.7 BIZ_TLD URI: Contains a URL in the BIZ top-level domain * 43 AWL AWL: Auto-whitelist adjustment X-Spam-Status: Yes, hits=43.5 required=4.0 tests=AWL,BIZ_TLD autolearn=no version=2.60 I note that any .biz traffic seems to have this issue, this time it came up with a 43 AWL adjustment out of the blue? We changed all settings for AWL and it shouldn't even be a factor here. I'll check the local.cf and make sure it's not a factor in this, otherwise I'm lost as to why AWL's still functioning. David J. Duffner VP Operations NWC Corporation www.nwcxpress.com > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Matt Kettler > Sent: Tuesday, February 08, 2005 1:23 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: AWL Still > > > At 12:34 PM 2/8/2005, David Curtis wrote: > >Argument "1.7[B66" isn't numeric in addition (+) at > >/usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/Conf.pm line 244. > >warning: score set for non-existent rule URIBIL_SBL > > Ouch.. Looks like at least one of your files has a severely > mangled score statement that's got some escape character > garbage in it. > > That would be enough to confuse the parser. > > grep "+1.7" /etc/mail/spamassassin/local.cf > > >warning: score set for non-existent rule URIBIL_SBL > > Non-severe, but you've got a typo there too.. One too many I's. > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' > in the body of the email. Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > Message scanned by MailScanner, and is believed to be clean. > CONFIDENTIALITY NOTICE: This transmission intended for the > specified destination and person. If this is not you, this > e-mail must be deleted immediately. www.nwcweb.com > -- Message scanned by MailScanner, and is believed to be clean. CONFIDENTIALITY NOTICE: This transmission intended for the specified destination and person. If this is not you, this e-mail must be deleted immediately. www.nwcweb.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Tue Feb 8 19:37:43 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:29 2006 Subject: I don't fully understand how to change the way MailScanner handles spam. How can I change MailSc Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I think MS is classifying these as spam. I just don't understand how to customize how MS determines spam I know how to customize the spamassassin part but it never uses spamassassin when it determines that the mail is spam. Thanks. >>Spam Actions = forward spam@test.com >>High Scoring Spam Actions = 10 >>Non Spam Actions = deliver Already had these. Have had these since I started with this server. >>Detailed Spam Report = yes >>Include Scores In SpamAssassin Report = yes >>Always Include SpamAssassin Report = yes >>Log Spam = yes >>Log Non Spam = yes >>> Denis.Beauchemin@USHERBROOKE.CA 2/8/2005 2:19:30 PM >>> David Curtis wrote: >Here is what I found in the log. Again I don't see MailScanner doing a spamassassin check on this message. >Feb 7 17:34:20 spamfilter postfix/smtpd[32477]: connect from alias-2.c10-ave-mta3.cnet.com[206.16.1.191] >Feb 7 17:34:20 spamfilter postfix/smtpd[32477]: 5538716F5CD: client=alias-2.c10-ave-mta3.cnet.com[206.16.1.191] >Feb 7 17:34:21 spamfilter postfix/cleanup[32039]: 5538716F5CD: hold: header Received: from alias-2.c10-ave-mta3.cnet.com (alias-2. >Feb 7 17:34:21 spamfilter postfix/cleanup[32039]: 5538716F5CD: message-id=<13092019.1107815659270.JavaMail.accucast@206.16.1.189> >Feb 7 17:34:22 spamfilter MailScanner[28181]: New Batch: Scanning 1 messages, 5541 bytes >Feb 7 17:34:22 spamfilter MailScanner[28181]: MCP Checks: Starting >Feb 7 17:34:22 spamfilter MailScanner[28181]: MCP Checks completed at 5541 bytes per second >Feb 7 17:34:22 spamfilter MailScanner[28181]: Spam Checks: Starting >Feb 7 17:34:26 spamfilter postfix/smtpd[32477]: disconnect from alias-2.c10-ave-mta3.cnet.com[206.16.1.191] >Feb 7 17:34:40 spamfilter MailScanner[28181]: Message 5538716F5CD.EF267 from 206.16.1.191 (cnet_networks_#3.140018.34363630353131. >Feb 7 17:34:40 spamfilter MailScanner[28181]: Spam Checks: Found 1 spam messages >Feb 7 17:34:40 spamfilter MailScanner[28181]: Spam Actions: message 5538716F5CD.EF267 actions are forward,spam@test.com > > Looks like MS decided it was SPAM and forwarded the message to spam@test.com... Now, could you answer the following questions: >>What are your values for: >>Spam Actions = >>High Scoring Spam Actions = >>Non Spam Actions = >> >> >> And could you modify your MS config this way? >>How about adding some verbosity to your MS setup? >>Detailed Spam Report = yes >>Include Scores In SpamAssassin Report = yes >>Always Include SpamAssassin Report = yes >>Log Spam = yes >>Log Non Spam = yes (beware it can produce a lot a output) >> >> >> You could also run MS in debug mode (look for Debug = near the end of MailScanner.conf) to get a trace of what's going on. Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Tue Feb 8 21:22:20 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:29 2006 Subject: nrcpt=1 (queue active) Message-ID: I have started to see a lot of these items in the log. I am not sure what this is. Any ideas? Feb 8 16:09:18 spamfilter MailScanner[31449]: Spam Checks: Starting Feb 8 16:09:20 spamfilter postfix/nqmgr[18998]: C616F16F576: from=<>, size=51780, nrcpt=1 (queue active) Feb 8 16:09:20 spamfilter postfix/nqmgr[18998]: 195AA16F5DA: from=<>, size=3165, nrcpt=1 (queue active) Feb 8 16:09:20 spamfilter postfix/nqmgr[18998]: 16B3616F66C: from=<>, size=38019, nrcpt=1 (queue active) Feb 8 16:09:20 spamfilter postfix/nqmgr[18998]: 2121416F665: from=<>, size=10498, nrcpt=1 (queue active) This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jd at BENTECMED.COM Tue Feb 8 22:57:28 2005 From: jd at BENTECMED.COM (JD) Date: Thu Jan 12 21:28:29 2006 Subject: Mailscanner reports issues. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Does anyone know if there are any issues with mailscanner reporting? I just installed a new version of MailScanner on a fresh RH8 server and reports don't seem to be coming through with infected messages etc. but it looks like they are enabled in the MailScanner.conf -JD ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Tue Feb 8 22:39:16 2005 From: pete at ENITECH.COM.AU (Enitech IT (Peter Russell)) Date: Thu Jan 12 21:28:29 2006 Subject: DNSBL Teasting Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi there. Well after having our mailscanner box decommed in favour of the 10k license for CA our new parent company wanted to use, they have asked me to figure out why all outbound mail takes 4 hours to leave the scanner. It appears as though having a whole of redundant RBLs with 4 hour time outs set can cause your outboun d email queue to clog up. SO! How does one test a whole bunch of RBL addresses quickly? I have some i know dont work anymore, eg monkeys.com but how do i work out all of the others? dynablock.wiredhub.net tt.bl.reynolds.net.au i have a list of 30 or so. regards and thanks Pete ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at REDRED.COM Tue Feb 8 22:53:06 2005 From: itdept at REDRED.COM (RedRed!com IT Department) Date: Thu Jan 12 21:28:29 2006 Subject: DNSBL Teasting Message-ID: go to www.dnstuff.com and run a spam database lookup (top center table). This will give you a pretty comprehensive list of the Lists out there including their response times. Enitech IT (Peter Russell) wrote: > Hi there. Well after having our mailscanner box decommed in favour of > the 10k license for CA our new parent company wanted to use, they have > asked me to figure out why all outbound mail takes 4 hours to leave the > scanner. It appears as though having a whole of redundant RBLs with 4 > hour time outs set can cause your outboun d email queue to clog up. > > SO! How does one test a whole bunch of RBL addresses quickly? > > I have some i know dont work anymore, eg monkeys.com > > but how do i work out all of the others? > > dynablock.wiredhub.net > tt.bl.reynolds.net.au > i have a list of 30 or so. > > regards and thanks > Pete > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Tue Feb 8 23:17:17 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:29 2006 Subject: DNSBL Teasting Message-ID: Hi! > asked me to figure out why all outbound mail takes 4 hours to leave the > scanner. It appears as though having a whole of redundant RBLs with 4 > hour time outs set can cause your outboun d email queue to clog up. > > SO! How does one test a whole bunch of RBL addresses quickly? > > I have some i know dont work anymore, eg monkeys.com > > but how do i work out all of the others? > > dynablock.wiredhub.net > tt.bl.reynolds.net.au > i have a list of 30 or so. Do you run them locally ? (RBLDNSD mirrors) or all remotely. If remotely, its insain. 5-6 are plenty. Just pick the right ones. You are way better off using MailScanner with SA and let SURBL do the work. The multilookups there are much cheaper. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Feb 8 23:45:53 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:29 2006 Subject: AWL Still Message-ID: At 02:32 PM 2/8/2005, Dave Duffner - NWCWEB.com wrote: >X-Spam-Report: > * 0.7 BIZ_TLD URI: Contains a URL in the BIZ top-level domain > * 43 AWL AWL: Auto-whitelist adjustment >X-Spam-Status: Yes, hits=43.5 required=4.0 tests=AWL,BIZ_TLD autolearn=no > version=2.60 > > I note that any .biz traffic seems to have this issue, >this time it came up with a 43 AWL adjustment out of the blue? The two rules are 100% unrelated... BIZ_TLD looks for URL's containing .biz as the TLD of their link. The AWL has nothing to do with URLs at all, so the match between the two is not significant. Looks like you might want to run check-whitelist (from the SA tarball, tools directory) and see what the AWL entries look like... Sounds like GTUBE hangover, something that 2.6 is subject to, but 3.0 is not. >I'll check the local.cf and make sure it's not >a factor in this, otherwise I'm lost as to why AWL's still >functioning. Since you're talking 2.6, don't look at local.cf.. use_auto_whitelist is a SA 3.0 thing.. Also, don't you use MailScanner? Those headers look like they were generated by a direct call to SA, not one made via MailScanner. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Carl.Andrews at CRACKERBARREL.COM Wed Feb 9 02:05:39 2005 From: Carl.Andrews at CRACKERBARREL.COM (Andrews Carl 448) Date: Thu Jan 12 21:28:29 2006 Subject: Mailscanner reports issues. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of JD Sent: Tuesday, February 08, 2005 4:57 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Mailscanner reports issues. Does anyone know if there are any issues with mailscanner reporting? I just installed a new version of MailScanner on a fresh RH8 server and reports don't seem to be coming through with infected messages etc. but it looks like they are enabled in the MailScanner.conf -JD ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Feb 9 09:28:14 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:29 2006 Subject: Bayes and spam increase? Message-ID: Magda bayes was convinced this was ham...hence the bayes_00 score (0% spam). You need to feed these into the bayes DB in order for it to learn these as spam. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Magda Hewryk wrote: > Yes, I've got a lot untagged spam email on the weekend. I found BAYES_00 > -2.60 attached to all of them. > > > Thanks, > > Magda > > > > Matt Kettler > .COM> To > Sent by: MAILSCANNER@JISCMAIL.AC.UK > MailScanner cc > mailing list > MAIL.AC.UK> Re: Bayes and spam increase? > > > 02/07/2005 11:23 > AM > > > Please respond to > MailScanner > mailing list > MAIL.AC.UK> > > > > > > > At 10:43 AM 2/7/2005, Fractal IT Dept. wrote: > >>Hi everyone! >> >>We've noticed an increase in the number of spam sneaking through with >>scores "just under" our threshold. After looking through the headers for >>these messages, I've noticed that bayes seems to have "no opinion" on the >>majority of these (ie. no bayes entry). Am I missing something? I thought >>bayes would score every message? > > > That's not entirely true, especially for the 2.6 series.. in 2.6x or 2.5x, > In those any "no matches" or other 50/50 chance does not get a BAYES_ rule > match. > > Can you tell us what version of SpamAssassin you are using? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Feb 9 09:33:49 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:29 2006 Subject: Bayes and spam increase? Message-ID: Jeff there's some good rules on www.rulesemporium.com than deal with bayes posoining attacks... I also use the following in my local.cf ## look for strings of randoms words with no punctuation.. rawbody CP_RANDOMWORD_10 /(?:\b(?!(?:from|even|more|were|with)\b)[a-z]{4,12}\s+){10}/ describe CP_RANDOMWORD_10 string of 10+ random words score CP_RANDOMWORD_10 0.5 rawbody CP_RANDOMWORD_15 /(?:\b(?!(?:from|even|more|were|with)\b)[a-z]{4,12}\s+){15}/ describe CP_RANDOMWORD_15 string of 15+ random words score CP_RANDOMWORD_15 2.5 uri BAYES_BUSTER /rx359|2004hosting|530000X|openseed|er5hdh|quickforms/i describe BAYES_BUSTER Trying to bypass BAYES score BAYES_BUSTER 10.0 -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Jeff A. Earickson wrote: > This sounds like the "bayes poisoning" issue that has been discussed > numerous times on this list. I've kept the following in my > spam.assassin.prefs.conf file: > > score BAYES_00 0 0 -0.05 -0.05 > score BAYES_01 0 0 -0.04 -0.04 > score BAYES_10 0 0 -0.03 -0.03 > score BAYES_20 0 0 -0.02 -0.02 > score BAYES_30 0 0 -0.01 -0.01 > > I don't trust Bayes enough to let it substantially lower a score -- > only to increase a score. > > Jeff Earickson > Colby College > > On Mon, 7 Feb 2005, Magda Hewryk wrote: > >> Date: Mon, 7 Feb 2005 13:22:41 -0500 >> From: Magda Hewryk >> Reply-To: MailScanner mailing list >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: Bayes and spam increase? >> >> Yes, I've got a lot untagged spam email on the weekend. I found >> BAYES_00 >> -2.60 attached to all of them. >> >> >> Thanks, >> >> Magda >> >> >> >> Matt Kettler >> > .COM> To >> Sent by: MAILSCANNER@JISCMAIL.AC.UK >> MailScanner cc >> mailing list >> > MAIL.AC.UK> Re: Bayes and spam increase? >> >> >> 02/07/2005 11:23 >> AM >> >> >> Please respond to >> MailScanner >> mailing list >> > MAIL.AC.UK> >> >> >> >> >> >> >> At 10:43 AM 2/7/2005, Fractal IT Dept. wrote: >> >>> Hi everyone! >>> >>> We've noticed an increase in the number of spam sneaking through with >>> scores "just under" our threshold. After looking through the headers for >>> these messages, I've noticed that bayes seems to have "no opinion" on >>> the >>> majority of these (ie. no bayes entry). Am I missing something? I >>> thought >>> bayes would score every message? >> >> >> That's not entirely true, especially for the 2.6 series.. in 2.6x or >> 2.5x, >> In those any "no matches" or other 50/50 chance does not get a BAYES_ >> rule >> match. >> >> Can you tell us what version of SpamAssassin you are using? >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Feb 9 09:40:46 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:29 2006 Subject: AWL Still Message-ID: Dave have you restarted MailScanner after you made the change Als oif you are using SA 2.6x then you can get MS to do this as well..in MailScanner.conf set "SpamAssassin Auto Whitelist = no" -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 David Curtis wrote: > I hate to keep beating a dead horse but I still get e-mails that have > AWL scores in them. I have included "use_auto_whitelist 0" in the > spam.assassin.prefs.conf. > > Help. > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Feb 9 09:43:50 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:29 2006 Subject: Scores for the URIBL_AB within SpamAssassin Message-ID: Madga I've adjusted the scores for bayes in my spam.assassin.prefs.conf as the bayes-99 was too low in my view when running net+bayes tests. There was alot of grumbling on the SA-users lists about how the default scores changed radically in the SA3.0 upgrade esp for net+bayes scores. The solution is to manually adjust the scores yourself. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Magda Hewryk wrote: > http://www.surbl.org/lists.html#ab > > Hi, > I just wonder why URIBL_AB is scored so low with BAYES? Usually the last > row is higher then the second (network check). > Is this an error? > Anybody has something similar to the list below? Should I re-write the > rules in the spam.assassin.prefs.conf file and change the score? > What is the best practice? > > # URIDNSBL > ifplugin Mail::SpamAssassin::Plugin::URIDNSBL > score URIBL_AB_SURBL 0 2.007 0 0.417 > score URIBL_OB_SURBL 0 1.996 0 3.213 > score URIBL_PH_SURBL 0 0.839 0 2.000 > score URIBL_SBL 0 0.629 0 0.996 > score URIBL_SC_SURBL 0 3.897 0 4.263 > score URIBL_WS_SURBL 0 0.539 0 1.462 > endif # Mail::SpamAssassin::Plugin::URIDNSBL > > plus: > score URIBL_JP_SURBL 4.0 > > Thanks, > > Magda > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Feb 9 09:46:04 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:29 2006 Subject: Email whitelisted by MS - is it still checked for viruses? Message-ID: Madga AFAIK the setting for spam/virus checking are independant and will not be affected by any spam whitelisting... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Magda Hewryk wrote: > Any news on this? > > Thanks, > > Magda > > > > Magda Hewryk > OM> To > Sent by: MAILSCANNER@JISCMAIL.AC.UK > MailScanner cc > mailing list > MAIL.AC.UK> Email whitelisted by MS - is it > still checked for viruses? > > 02/08/2005 12:35 > AM > > > Please respond to > MailScanner > mailing list > MAIL.AC.UK> > > > > > > > Hi, > > I just want to make sure that even the mail is whitelisted by MS it is > still checked by anti-virus. > The control " Ignore Spam Whitelist If Recipients Exceed = 20" didn't work > because the spoofed sender sent out one email at a time. > > I just need to know if "Virus and Content Scanning" runs against > whitelisted email? > > Would you confirm. > > > Feb 7 23:47:40 MailScanner[31876]: Message j184iivk031331 from > 142.245.251.90 ( )is whitelisted > Feb 7 23:47:42 MailScanner[31876]: Message j184iRvn031300 from > 142.245.251.90 ( ) is whitelisted > Feb 7 23:47:43 MailScanner[31842]: Message j184iBvk031259 from > 142.245.251.90 ( ) is whitelisted > Feb 7 23:47:44 MailScanner[31876]: Message j184ijvi031332 from > 142.245.251.90 ( ) is whitelisted > Feb 7 23:47:46 MailScanner[31842]: Message j184i9vk031256 from > 142.245.251.90 ( ) is whitelisted > Feb 7 23:47:46 MailScanner[31876]: Message j184iivi031330 from > 142.245.251.90 ( ) is whitelisted > Feb 7 23:47:49 MailScanner[31876]: Message j184iRvq031300 from > 142.245.251.90 ( ) is whitelisted > Feb 7 23:47:49 MailScanner[31842]: Message j184iBvi031259 from > 142.245.251.90 ( ) is whitelisted > > Thanks, > > Magda > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Feb 9 09:49:32 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:29 2006 Subject: I don't fully understand how to change the way MailScanner handles spam. How can I change MailSc Message-ID: david are you doing RBL checks within MailScanner? If you are then I suggest you use SA to do them as doing it in MS make the RBL act as a blacklist. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 David Curtis wrote: > It is being quarantined. This is the whole header from the e-mail. There are no spamassassin scores in it. It looks like MailScanner tags it as spam and does not even rely on spamassassin. > > >>>>Denis.Beauchemin@USHERBROOKE.CA 2/8/2005 11:08:15 AM >>> > > David Curtis wrote: > > >>I don't fully understand how to change the way MailScanner handles spam. >>How can I change MailScanner to not filter mail like the scoring it uses >>for Spamassassin? Below is an example of a header from a newsletter that >>is being filtered out but not because of Spamassassin scoring. I could >>always add a whitelist entry but I would rather figure out how to change >>this. >> >>Thanks. >> >> >>Subject: [SPAM] - {Spam as detected by MailScanner} Invitation to >>Esther Dyson's PC Forum, March 20 to 22: Hello (new) World - Found >>word(s) to be removed register today in the HTML body >>MIME-Version: 1.0 >>Content-Type: text/html; >> charset="ISO-8859-1" >>Content-Transfer-Encoding: 7bit >>X-Mailer-Version: 3.5.5 build 727 >>X-Mailer: Accucast >>X-Accutrak: >>CNET_Networks_#3.139973.3432373335333234@newsletters.online.com >>X-MailScanner-From: >>cnet_networks_#3.139973.3432373335333234.b@newsletters.online.com >>Return-Path: >> >>X-OriginalArrivalTime: 07 Feb 2005 16:52:12.0103 (UTC) >>FILETIME=[5E92BD70:01C50D35] >> >> >> > > > David, > > What do you mean by "filtered out"? Do you mean it was quarantined or > deleted? What is in your maillog? > > What are your values for: > Spam Actions = > High Scoring Spam Actions = > Non Spam Actions = > > How about adding some verbosity to your MS setup? > Detailed Spam Report = yes > Include Scores In SpamAssassin Report = yes > Always Include SpamAssassin Report = yes > Log Spam = yes > Log Non Spam = yes (beware it can produce a lot a output) > > Denis > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Feb 9 09:52:42 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:29 2006 Subject: autolearn Message-ID: David yes mine is on...good for continued learning as the spam/ham changes constantly. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 David Curtis wrote: > Maybe a real stupid question. Is the autolearn feature something that > most people find useful or should it be turned off? Or turned off after > so many days or a certain amount of messages pass through the system? > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dcurtis at SBSCHOOLS.NET Wed Feb 9 11:31:16 2005 From: dcurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:29 2006 Subject: autolearn Message-ID: Thanks. Thanks, David Curtis dcurtis@sbschools.net (802) 652-7254 South Burlington School District 550 Dorset Street South Burlington, Vt 05403 >>> martinh@SOLID-STATE-LOGIC.COM 02/09/05 4:52 AM >>> David yes mine is on...good for continued learning as the spam/ham changes constantly. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 David Curtis wrote: > Maybe a real stupid question. Is the autolearn feature something that > most people find useful or should it be turned off? Or turned off after > so many days or a certain amount of messages pass through the system? > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dcurtis at SBSCHOOLS.NET Wed Feb 9 11:30:34 2005 From: dcurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:29 2006 Subject: I don't fully understand how to change the way MailScanner handles spam. How can I change MailSc Message-ID: Yes, MS is doing rbl's. Every thing I have read told me to not have spamassassin do them as it was to much load. Thanks. Thanks, David Curtis dcurtis@sbschools.net (802) 652-7254 South Burlington School District 550 Dorset Street South Burlington, Vt 05403 >>> martinh@SOLID-STATE-LOGIC.COM 02/09/05 4:49 AM >>> david are you doing RBL checks within MailScanner? If you are then I suggest you use SA to do them as doing it in MS make the RBL act as a blacklist. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 David Curtis wrote: > It is being quarantined. This is the whole header from the e-mail. There are no spamassassin scores in it. It looks like MailScanner tags it as spam and does not even rely on spamassassin. > > >>>>Denis.Beauchemin@USHERBROOKE.CA 2/8/2005 11:08:15 AM >>> > > David Curtis wrote: > > >>I don't fully understand how to change the way MailScanner handles spam. >>How can I change MailScanner to not filter mail like the scoring it uses >>for Spamassassin? Below is an example of a header from a newsletter that >>is being filtered out but not because of Spamassassin scoring. I could >>always add a whitelist entry but I would rather figure out how to change >>this. >> >>Thanks. >> >> >>Subject: [SPAM] - {Spam as detected by MailScanner} Invitation to >>Esther Dyson's PC Forum, March 20 to 22: Hello (new) World - Found >>word(s) to be removed register today in the HTML body >>MIME-Version: 1.0 >>Content-Type: text/html; >> charset="ISO-8859-1" >>Content-Transfer-Encoding: 7bit >>X-Mailer-Version: 3.5.5 build 727 >>X-Mailer: Accucast >>X-Accutrak: >>CNET_Networks_#3.139973.3432373335333234@newsletters.online.com >>X-MailScanner-From: >>cnet_networks_#3.139973.3432373335333234.b@newsletters.online.com >>Return-Path: >> >>X-OriginalArrivalTime: 07 Feb 2005 16:52:12.0103 (UTC) >>FILETIME=[5E92BD70:01C50D35] >> >> >> > > > David, > > What do you mean by "filtered out"? Do you mean it was quarantined or > deleted? What is in your maillog? > > What are your values for: > Spam Actions = > High Scoring Spam Actions = > Non Spam Actions = > > How about adding some verbosity to your MS setup? > Detailed Spam Report = yes > Include Scores In SpamAssassin Report = yes > Always Include SpamAssassin Report = yes > Log Spam = yes > Log Non Spam = yes (beware it can produce a lot a output) > > Denis > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Feb 9 11:40:18 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:29 2006 Subject: I don't fully understand how to change the way MailScanner handles spam. How can I change MailSc Message-ID: David I suggest to most people that they do it from SA. If you do it from MS than the RBL acts as a complete blacklist and you've not idea which RBL fired either. If you do it from SA then it only adds to the score and doesn't tend to trigger false positives. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 David Curtis wrote: > Yes, MS is doing rbl's. Every thing I have read told me to not have > spamassassin do them as it was to much load. > > Thanks. > > Thanks, > David Curtis > dcurtis@sbschools.net > (802) 652-7254 > South Burlington School District > 550 Dorset Street > South Burlington, Vt 05403 > >>>>martinh@SOLID-STATE-LOGIC.COM 02/09/05 4:49 AM >>> > > david > > are you doing RBL checks within MailScanner? If you are then I suggest > you use SA to do them as doing it in MS make the RBL act as a > blacklist. > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > David Curtis wrote: > >>It is being quarantined. This is the whole header from the e-mail. > > There are no spamassassin scores in it. It looks like MailScanner tags > it as spam and does not even rely on spamassassin. > >> >>>>>Denis.Beauchemin@USHERBROOKE.CA 2/8/2005 11:08:15 AM >>> >> >>David Curtis wrote: >> >> >> >>>I don't fully understand how to change the way MailScanner handles > > spam. > >>>How can I change MailScanner to not filter mail like the scoring it > > uses > >>>for Spamassassin? Below is an example of a header from a newsletter > > that > >>>is being filtered out but not because of Spamassassin scoring. I could >>>always add a whitelist entry but I would rather figure out how to > > change > >>>this. >>> >>>Thanks. >>> >>> >>>Subject: [SPAM] - {Spam as detected by MailScanner} Invitation to >>>Esther Dyson's PC Forum, March 20 to 22: Hello (new) World - Found >>>word(s) to be removed register today in the HTML body >>>MIME-Version: 1.0 >>>Content-Type: text/html; >>> charset="ISO-8859-1" >>>Content-Transfer-Encoding: 7bit >>>X-Mailer-Version: 3.5.5 build 727 >>>X-Mailer: Accucast >>>X-Accutrak: >>>CNET_Networks_#3.139973.3432373335333234@newsletters.online.com >>>X-MailScanner-From: >>>cnet_networks_#3.139973.3432373335333234.b@newsletters.online.com >>>Return-Path: >>> >>>X-OriginalArrivalTime: 07 Feb 2005 16:52:12.0103 (UTC) >>>FILETIME=[5E92BD70:01C50D35] >>> >>> >>> >> >> >>David, >> >>What do you mean by "filtered out"? Do you mean it was quarantined or >>deleted? What is in your maillog? >> >>What are your values for: >>Spam Actions = >>High Scoring Spam Actions = >>Non Spam Actions = >> >>How about adding some verbosity to your MS setup? >>Detailed Spam Report = yes >>Include Scores In SpamAssassin Report = yes >>Always Include SpamAssassin Report = yes >>Log Spam = yes >>Log Non Spam = yes (beware it can produce a lot a output) >> >>Denis >> > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From m.sapsed at BANGOR.AC.UK Wed Feb 9 12:06:07 2005 From: m.sapsed at BANGOR.AC.UK (M.Sapsed) Date: Thu Jan 12 21:28:29 2006 Subject: Speaking of AWL... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dave Duffner - NWCWEB.com wrote: > For some reason the List server didn't like this the > way it was, so we'll try it again. Thought it saw some > commands or something? > > >>-----Original Message----- >>From: Dave Duffner - NWCWEB.com [mailto:webalizer@nwcweb.com] >>Sent: Monday, February 07, 2005 6:12 PM >>To: 'MailScanner mailing list' >>Subject: RE: Speaking of AWL... >> >> >>Ok, >> [...] The OK was the problem. The Listserv software at JISCMail tries to spot messages to lists which should have gone to the listserv management address instead. OK on a line by itself is one of the things it looks for! This mainly catches unsubscribes going to the list but unfortunately it picks up on this too. Cheers, Martin (list co-owner with Julian) -- Martin Sapsed Information Services "Who do you say I am?" University of Wales, Bangor Jesus of Nazareth ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Wed Feb 9 12:42:42 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:29 2006 Subject: Text files Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I'm facing a strange problem here. I have a RHEL 3 server running Sendmail + Mailscanner. When I send a message with a text file attached from my Windows 98 machine (I use Outlook Express as my mail client), the text file, that was a DOS file, goes to the destinatary as an UNIX file. How can I solve this? Regards Roger Jochem ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Wed Feb 9 13:28:34 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:29 2006 Subject: AWL Still Message-ID: I have restarted. I have SA 3.X Thanks. >>> martinh@SOLID-STATE-LOGIC.COM 2/9/2005 4:40:46 AM >>> Dave have you restarted MailScanner after you made the change Als oif you are using SA 2.6x then you can get MS to do this as well..in MailScanner.conf set "SpamAssassin Auto Whitelist = no" -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 David Curtis wrote: > I hate to keep beating a dead horse but I still get e-mails that have > AWL scores in them. I have included "use_auto_whitelist 0" in the > spam.assassin.prefs.conf. > > Help. > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Wed Feb 9 13:29:26 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:29 2006 Subject: I don't fully understand how to change the way MailScanner handles spam. How can I change MailSc Message-ID: Thank you. I will give that a try. >>> martinh@SOLID-STATE-LOGIC.COM 2/9/2005 6:40:18 AM >>> David I suggest to most people that they do it from SA. If you do it from MS than the RBL acts as a complete blacklist and you've not idea which RBL fired either. If you do it from SA then it only adds to the score and doesn't tend to trigger false positives. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 David Curtis wrote: > Yes, MS is doing rbl's. Every thing I have read told me to not have > spamassassin do them as it was to much load. > > Thanks. > > Thanks, > David Curtis > dcurtis@sbschools.net > (802) 652-7254 > South Burlington School District > 550 Dorset Street > South Burlington, Vt 05403 > >>>>martinh@SOLID-STATE-LOGIC.COM 02/09/05 4:49 AM >>> > > david > > are you doing RBL checks within MailScanner? If you are then I suggest > you use SA to do them as doing it in MS make the RBL act as a > blacklist. > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > David Curtis wrote: > >>It is being quarantined. This is the whole header from the e-mail. > > There are no spamassassin scores in it. It looks like MailScanner tags > it as spam and does not even rely on spamassassin. > >> >>>>>Denis.Beauchemin@USHERBROOKE.CA 2/8/2005 11:08:15 AM >>> >> >>David Curtis wrote: >> >> >> >>>I don't fully understand how to change the way MailScanner handles > > spam. > >>>How can I change MailScanner to not filter mail like the scoring it > > uses > >>>for Spamassassin? Below is an example of a header from a newsletter > > that > >>>is being filtered out but not because of Spamassassin scoring. I could >>>always add a whitelist entry but I would rather figure out how to > > change > >>>this. >>> >>>Thanks. >>> >>> >>>Subject: [SPAM] - {Spam as detected by MailScanner} Invitation to >>>Esther Dyson's PC Forum, March 20 to 22: Hello (new) World - Found >>>word(s) to be removed register today in the HTML body >>>MIME-Version: 1.0 >>>Content-Type: text/html; >>> charset="ISO-8859-1" >>>Content-Transfer-Encoding: 7bit >>>X-Mailer-Version: 3.5.5 build 727 >>>X-Mailer: Accucast >>>X-Accutrak: >>>CNET_Networks_#3.139973.3432373335333234@newsletters.online.com >>>X-MailScanner-From: >>>cnet_networks_#3.139973.3432373335333234.b@newsletters.online.com >>>Return-Path: >>> >>>X-OriginalArrivalTime: 07 Feb 2005 16:52:12.0103 (UTC) >>>FILETIME=[5E92BD70:01C50D35] >>> >>> >>> >> >> >>David, >> >>What do you mean by "filtered out"? Do you mean it was quarantined or >>deleted? What is in your maillog? >> >>What are your values for: >>Spam Actions = >>High Scoring Spam Actions = >>Non Spam Actions = >> >>How about adding some verbosity to your MS setup? >>Detailed Spam Report = yes >>Include Scores In SpamAssassin Report = yes >>Always Include SpamAssassin Report = yes >>Log Spam = yes >>Log Non Spam = yes (beware it can produce a lot a output) >> >>Denis >> > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ccampbell at BRUEGGERS.COM Wed Feb 9 13:25:36 2005 From: ccampbell at BRUEGGERS.COM (Christian Campbell) Date: Thu Jan 12 21:28:29 2006 Subject: Blank Email Messages Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Recently we have been getting reports of blank or mostly > blank messages > being sent & received through our server. We have tried to > narrow dow the > problem and believe that MailScanner (or something related) > is altering the > HTML message and the mail client cannot display it properly. > We're seeing the exact same symptoms here too. We're running: mailscanner-4.35.11-1 spamassassin 2.63 RedHat 8.0 ClamAV/F-Prot/BitDefender/Razor/SURBL Christian Christian Campbell Systems Engineer, Sair LCP, A+, N+, i-Net+ Bruegger's Enterprises Desk: 802-652-9270 Cell: 802-734-5023 Fax: 802-660-4034 Email: ccampbell at brueggers dot com PGP Public Key available via PGP keyservers or http://www2.brueggers.com/pgp/ccampbell.html "We all know Linux is great... It does infinite loops in 5 seconds." -Linus Torvalds Christian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3-nr1 (Windows XP) - GPGshell v3.10 iD8DBQFCChCSbedHH5VEUwcRAqBzAJ41SOlAjm7koHng6s/qCWYiE4cVgACffq/6 6MdTMBlcPcp/iabIUI+idfs= =U2Q5 -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Feb 9 13:39:53 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:29 2006 Subject: Blank Email Messages Message-ID: Could be a problem with the MIME libraries. If you update to the latest version it has the latest MIME libraries in their an dit could well fix the issue. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Christian Campbell wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > >>Recently we have been getting reports of blank or mostly >>blank messages >>being sent & received through our server. We have tried to >>narrow dow the >>problem and believe that MailScanner (or something related) >>is altering the >>HTML message and the mail client cannot display it properly. >> > > > We're seeing the exact same symptoms here too. We're running: > > mailscanner-4.35.11-1 > spamassassin 2.63 > RedHat 8.0 > ClamAV/F-Prot/BitDefender/Razor/SURBL > > Christian > > > > Christian Campbell > Systems Engineer, Sair LCP, A+, N+, i-Net+ > Bruegger's Enterprises > Desk: 802-652-9270 > Cell: 802-734-5023 > Fax: 802-660-4034 > Email: ccampbell at brueggers dot com > > PGP Public Key available via PGP keyservers > or http://www2.brueggers.com/pgp/ccampbell.html > > "We all know Linux is great... > It does infinite loops in 5 seconds." > -Linus Torvalds > > > Christian > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.3-nr1 (Windows XP) - GPGshell v3.10 > > iD8DBQFCChCSbedHH5VEUwcRAqBzAJ41SOlAjm7koHng6s/qCWYiE4cVgACffq/6 > 6MdTMBlcPcp/iabIUI+idfs= > =U2Q5 > -----END PGP SIGNATURE----- > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Wed Feb 9 13:44:00 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:29 2006 Subject: Text files Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] The problem does not occur for all text files. I didn't figured out when it happens. The files where I encountered the problem are identified by the file comand as: ASCII text, with very long lines, with CRLF line terminators ----- Original Message ----- From: Roger Jochem To: MAILSCANNER@JISCMAIL.AC.UK Sent: Wednesday, February 09, 2005 10:42 AM Subject: Text files I'm facing a strange problem here. I have a RHEL 3 server running Sendmail + Mailscanner. When I send a message with a text file attached from my Windows 98 machine (I use Outlook Express as my mail client), the text file, that was a DOS file, goes to the destinatary as an UNIX file. How can I solve this? Regards Roger Jochem ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From G.Pentland at SOTON.AC.UK Wed Feb 9 13:57:06 2005 From: G.Pentland at SOTON.AC.UK (Pentland G.) Date: Thu Jan 12 21:28:29 2006 Subject: Blank Email Messages Message-ID: Did anyone get the response to this I sent yesterday? It appears that at least one of my posts on this hasn't worked/came back. Gary Martin Hepworth wrote: > Could be a problem with the MIME libraries. If you update to the > latest version it has the latest MIME libraries in their an dit could > well fix the issue. > > Christian Campbell wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >>> Recently we have been getting reports of blank or mostly blank >>> messages being sent & received through our server. We have tried >>> to narrow dow the problem and believe that MailScanner (or >>> something related) is altering the HTML message and the mail client >>> cannot display it properly. >>> >> >> >> We're seeing the exact same symptoms here too. We're running: >> >> mailscanner-4.35.11-1 >> spamassassin 2.63 >> RedHat 8.0 >> ClamAV/F-Prot/BitDefender/Razor/SURBL >> >> Christian >> >> >> >> Christian Campbell >> Systems Engineer, Sair LCP, A+, N+, i-Net+ >> Bruegger's Enterprises >> Desk: 802-652-9270 >> Cell: 802-734-5023 >> Fax: 802-660-4034 >> Email: ccampbell at brueggers dot com >> >> PGP Public Key available via PGP keyservers >> or http://www2.brueggers.com/pgp/ccampbell.html >> >> "We all know Linux is great... >> It does infinite loops in 5 seconds." >> -Linus Torvalds >> >> >> Christian >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.2.3-nr1 (Windows XP) - GPGshell v3.10 >> >> iD8DBQFCChCSbedHH5VEUwcRAqBzAJ41SOlAjm7koHng6s/qCWYiE4cVgACffq/6 >> 6MdTMBlcPcp/iabIUI+idfs= =U2Q5 >> -----END PGP SIGNATURE----- >> >> ------------------------ MailScanner list ------------------------ To >> unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >> mailscanner' in the body of the email. Before posting, read the MAQ >> (http://www.mailscanner.biz/maq/) and the archives >> (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept for the > presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Wed Feb 9 14:08:20 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:28:29 2006 Subject: I don't fully understand how to change the way MailScanner handles spam. How can I change MailSc Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin Hepworth wrote: > David > > I suggest to most people that they do it from SA. > > If you do it from MS than the RBL acts as a complete blacklist and > you've not idea which RBL fired either. > > If you do it from SA then it only adds to the score and doesn't tend to > trigger false positives. Martin, I agree with you it is better in SA but if you use them in MS you will know which one triggered as long as you enable some verbosity. As I log all spam to syslog I had the info there. Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From Glenn.Steen at AP1.SE Wed Feb 9 14:33:56 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:29 2006 Subject: I don't fully understand how to change the way MailScanner handles spam. How can I change MailSc Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] True, and if you use MW, you have it in the spamreport (in maillog). -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Denis Beauchemin > Sent: den 9 februari 2005 15:08 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: I don't fully understand how to change the way > MailScanner handles spam. How can I change MailSc > > > Martin Hepworth wrote: > > > David > > > > I suggest to most people that they do it from SA. > > > > If you do it from MS than the RBL acts as a complete blacklist and > > you've not idea which RBL fired either. > > > > If you do it from SA then it only adds to the score and > doesn't tend to > > trigger false positives. > > > Martin, > > I agree with you it is better in SA but if you use them in MS > you will > know which one triggered as long as you enable some > verbosity. As I log > all spam to syslog I had the info there. > > Denis > > -- > _ > °v° Denis Beauchemin, analyste > /(_)\ Université de Sherbrooke, S.T.I. > ^ ^ T: 819.821.8000x2252 F: 819.821.8045 > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From stef at L5NET.NET Wed Feb 9 14:57:25 2005 From: stef at L5NET.NET (Stef Morrell) Date: Thu Jan 12 21:28:29 2006 Subject: Spam detection software, running on the system ", has Message-ID: That looks like standard output from SpamAssassin. I'm not sure why you would see it if you were using it in conjunction with MailScanner. Both SA and MS can be configured to either send or discard spam emails, optionally marked as such in the subject line for filtering. It *might* be learning, if you have the auto-bayes turned on, but the message means no more or less than what it says. I guess in answer to the final question, yes - it's normal, if your system is set up that way. Perhaps better to say it's not abnormal. Stef -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of David Ballengee Sent: 07 February 2005 20:36 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Spam detection software, running on the system ", has I am reletively new to mail scanner and spamassassin. Anyway I am getting alot of message with Spam detection software, running on the system "", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. anyway is this normal? Is this just the system learning?? thanks Dave ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- This email has been scanned by Level 5 Internet for viruses, spam and dangerous content. For more information please visit http://www.l5net.net ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From webalizer at NWCWEB.COM Wed Feb 9 15:41:42 2005 From: webalizer at NWCWEB.COM (Dave Duffner - NWCWEB.com) Date: Thu Jan 12 21:28:29 2006 Subject: AWL Still Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Matt Kettler > Sent: Tuesday, February 08, 2005 6:46 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: AWL Still > > > At 02:32 PM 2/8/2005, Dave Duffner - NWCWEB.com wrote: > >X-Spam-Report: > > * 0.7 BIZ_TLD URI: Contains a URL in the BIZ > top-level domain > > * 43 AWL AWL: Auto-whitelist adjustment > >X-Spam-Status: Yes, hits=43.5 required=4.0 tests=AWL,BIZ_TLD > autolearn=no > > version=2.60 > > > > I note that any .biz traffic seems to have this issue, this > >time it came up with a 43 AWL adjustment out of the blue? > > The two rules are 100% unrelated... > > BIZ_TLD looks for URL's containing .biz as the TLD of their link. > > The AWL has nothing to do with URLs at all, so the match > between the two is not significant. > > Looks like you might want to run check-whitelist (from the SA > tarball, tools directory) and see what the AWL entries look > like... Sounds like GTUBE hangover, something that 2.6 is > subject to, but 3.0 is not. Gotcha, will check that out and see what it has to say... > >I'll check the local.cf and make sure it's not > >a factor in this, otherwise I'm lost as to why AWL's still > functioning. > > Since you're talking 2.6, don't look at local.cf.. > use_auto_whitelist is a SA 3.0 thing.. Actually I checked everywhere to ensure either these switches are off or 0 or non-existant. Can't find a single point where they would still be turned on. Also restarted all services after any changes as a normal policy, even a server reboot here and there just because. So any changes should have taken/been imported to eliminate AWL. And we see other changes that indicate it should have worked and is working, which is the strange part. > Also, don't you use MailScanner? Those headers look like they > were generated by a direct call to SA, not one made via MailScanner. Well we have MS/SA/ClamAV but on an Ensim Pro/RH Fedora Core 1 box. The Enism integration requires MS, but if you turn on the SA feature within it, it double-scans everything. So it's using MS to scope/scan it first, then hands off anything it deems acceptable to SA to then process. But it's MS calling it up to be used in the handoff, so the pref's conf file settings override any SA direct settings. But we did scope those SA conf & cf files, anything and everything should be killed for AWL? -- Message scanned by MailScanner, and is believed to be clean. CONFIDENTIALITY NOTICE: This transmission intended for the specified destination and person. If this is not you, this e-mail must be deleted immediately. www.nwcweb.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From harryh at CET.COM Wed Feb 9 15:49:56 2005 From: harryh at CET.COM (Harry Hanson) Date: Thu Jan 12 21:28:29 2006 Subject: Allowing PDF files Message-ID: