From carinus.carelse at MRC.AC.ZA Tue Feb 1 04:56:17 2005 From: carinus.carelse at MRC.AC.ZA (Carinus Carelse) Date: Thu Jan 12 21:28:22 2006 Subject: Whitelisting another query Message-ID: i have implemented the whitelisting now how do i check that it is actually doing this. Carinus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From carinus.carelse at MRC.AC.ZA Tue Feb 1 05:29:45 2005 From: carinus.carelse at MRC.AC.ZA (Carinus Carelse) Date: Thu Jan 12 21:28:23 2006 Subject: Whitelisting another query Message-ID: I wonder could you go so far as to say just a .com domain in the whitelist. Carinus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kte at NEXIS.BE Tue Feb 1 08:31:50 2005 From: kte at NEXIS.BE (Koen Teugels) Date: Thu Jan 12 21:28:23 2006 Subject: Someone in the USA with a printer? I need a quick favour Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Scott Silva wrote: > >> Julian Field wrote: >> >>> Is the US-Letter version better than printing the original, or >>> should I not bother with the US Letter version at all? >>> >>> Dirk Enrique Seiffert wrote: >>> >>>> Not really USA but Colombia - We use lettersize, too. Printed just >>>> straight forward without adjustments from acroread, looks perfect. >>>> >>>> Best wishes >>>> >>>> Enrique >>>> >>>> El Vie 28 Ene 2005 17:22, Julian Field escribió: >>>> >>>> >>>>> I need to ask a quick favour. >>>>> >>>>> I need someone with 8.5 x 11 inch paper. >>>>> Please can you download >>>>> http://www.sng.ecs.soton.ac.uk/mailscanner/MailScannerFlyer.pdf >>>>> (or extract it from the 4.38 distribution). >>>>> >>>>> I would then like you to print it with the smallest margins you >>>>> can set. >>>>> >>>>> Does it look okay? >>>>> Is there anything important missed off the top/bottom/sides? >>>>> >>>>> Where would be the best place to remove the extra bit from the top or >>>>> bottom so that it would print better on USA paper sizes? >>>>> >>>>> Many thanks! >>>> >>>> >> My acrobat is set to reduce to fit, and it just leaves a little >> whitespace around the edges. And except for the top picture, it looks >> great on a Color Laserjet. > > > Great. Many thanks for that. > >> >> But on another subject, what is that ruleset editor on the last >> screenshot on page 2? Is that also from Mailwatch? >> I might just have to give Mailwatch a go! > > > The ruleset editor is a sneak preview of a product to come... (I'm not > going to tell you any more, you will find out soon enough anyway :-) > Is it also os the product? Koen ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at BARENDSE.TO Tue Feb 1 09:05:18 2005 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:28:23 2006 Subject: SpamAss. 3.0.2 upgrade? Message-ID: I downloaded and installed the latest tarball for install-SA-clamav which includes SA 3.0.2. I ran the install script but I get this : Oh good, module Mail::SpamAssassin version 3.0.2 is already installed. [root@gw install-Clam-SA]# spamassassin --version SpamAssassin version 3.0.1 Guess this is not correct? Cheers! Remco ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Feb 1 09:21:07 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:23 2006 Subject: SpamAss. 3.0.2 upgrade? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I would say you have 2 copies of perl installed. One in /usr/bin/perl and one in another directory which is earlier on your $PATH than /usr/bin. You will get in *such* a mess if you have multiple copies of Perl, particularly if your $PATH is set wrong. Do /usr/bin/perl -V and perl -V and you will probably get different output. Remco Barendse wrote: > I downloaded and installed the latest tarball for install-SA-clamav which > includes SA 3.0.2. > > I ran the install script but I get this : > > Oh good, module Mail::SpamAssassin version 3.0.2 is already installed. > > [root@gw install-Clam-SA]# spamassassin --version > SpamAssassin version 3.0.1 > > Guess this is not correct? > > Cheers! > Remco > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Feb 1 09:19:03 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:23 2006 Subject: Whitelisting another query Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Yes. A rule that say From: *.com yes will do the job. Carinus Carelse wrote: > I wonder could you go so far as to say just a *.com* domain in the > whitelist. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Feb 1 09:18:08 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:23 2006 Subject: Why does MailScanner not like my Football club? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You are going to have to give us a lot more information than that. There should be an AttachmentWarning.txt attachment in the message. What does that say? Lance Haig wrote: > Hi, > > I have mail I recieve from a football club mailing list and it is > stopped under the "Other Bad Content Detected" > > I am not sure if Julian has something against "Spurs" :-) > > Anyway why would a message be marked as "Other Bad Content Detected" > and can I stop it being blocked? > > Thanks again > > Lance > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From carinus.carelse at MRC.AC.ZA Tue Feb 1 09:39:55 2005 From: carinus.carelse at MRC.AC.ZA (Carinus Carelse) Date: Thu Jan 12 21:28:23 2006 Subject: Whitelisting not working for all messages Message-ID: My whitelist file looks like this currently. the TO: field one works but the From: field one does not at all. From: *@domain.com yes To: *@domain2.com yes Carinus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Feb 1 09:47:57 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:23 2006 Subject: Whitelisting not working for all messages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You will probably find the real envelope sender address is different from the From: header contents. Take a look in your maillog to find the real addresses, or switch on the "X-Envelope-From" header (or whatever I called it) in MailScanner.conf and take a look at the headers of a message coming in. My best guess would be that you need *@*.domain.com as well as *@domain.com but that is a guess. Carinus Carelse wrote: >My whitelist file looks like this currently. the TO: field one works >but the From: field one does not at all. > >From: *@domain.com yes >To: *@domain2.com yes > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Tue Feb 1 11:00:43 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:28:23 2006 Subject: blacklist does not work Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] hello, think i´ve done right but the blacklist does not work for me ?!? inside MailScanner.conf: Is Definitely Spam = %rules-dir%/spam.blacklist.rules /etc/MailScanner/rules -rw-r--r-- 1 root root 518 Feb 1 11:42 spam.blacklist.rules -rw-r--r-- 1 root root 1106 Feb 1 10:22 spam.whitelist.rules spam.blacklist.rules: To: spam@host.domain12345.de From: andreas@domain135.de host.domain12345.de is the mailscanner host, the other is my personal mail. nothing will be blocked and im sure the one setting in ms conf is enough, or not ? didnt found something in the archive, dont hit me if im to silly to search ;) greetings andy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Feb 1 11:12:46 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:23 2006 Subject: blacklist does not work Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dörfler Andreas wrote: >hello, > >think i´ve done right but the blacklist does not work for me ?!? > >inside MailScanner.conf: >Is Definitely Spam = %rules-dir%/spam.blacklist.rules > >/etc/MailScanner/rules >-rw-r--r-- 1 root root 518 Feb 1 11:42 spam.blacklist.rules >-rw-r--r-- 1 root root 1106 Feb 1 10:22 spam.whitelist.rules > >spam.blacklist.rules: >To: spam@host.domain12345.de >From: andreas@domain135.de > >host.domain12345.de is the mailscanner host, the other is my personal mail. > >nothing will be blocked and im sure the one setting in ms conf is enough, or >not ? > >didnt found something in the archive, dont hit me if im to silly to search >;) > > Don't worry, we all (except me, I guess :-) had to start somewhere. You nearly have the syntax right, but you have missed the "yes" off the end of each line. To: spam@host.domain12345.de yes From: andreas@domain135.de yes As for any matching rule, that value you want to return to "Is Definitely Spam" is the answer "yes". Make those changes, then "service MailScanner reload" if you are running most Linuxes. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jim at SASHBOX.NET Tue Feb 1 11:14:39 2005 From: jim at SASHBOX.NET (Jim Barry) Date: Thu Jan 12 21:28:23 2006 Subject: blacklist does not work Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You need a "yes" or "no" at the end of your rules.. If you want to mark all email FROM andreas@domain135.de AND TO spam@host.domain12345.de ... It would be written like this in a definite spam rules file: To: spam@host.domain12345.de AND FROM: andreas@domain135.de yes On Tue, February 1, 2005 6:00 am, Dörfler Andreas said: > hello, > > think i´ve done right but the blacklist does not work for me ?!? > > inside MailScanner.conf: Is Definitely Spam = > %rules-dir%/spam.blacklist.rules > > > /etc/MailScanner/rules > -rw-r--r-- 1 root root 518 Feb 1 11:42 spam.blacklist.rules > -rw-r--r-- 1 root root 1106 Feb 1 10:22 spam.whitelist.rules > > > spam.blacklist.rules: > To: spam@host.domain12345.de > From: andreas@domain135.de > > > host.domain12345.de is the mailscanner host, the other is my personal > mail. > > nothing will be blocked and im sure the one setting in ms conf is enough, > or not ? > > didnt found something in the archive, dont hit me if im to silly to > search ;) > > > greetings andy > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Tue Feb 1 11:22:20 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:28:23 2006 Subject: AW: blacklist does not work Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] ahh, damn it .. thanks a lot, ive done the "yes" option inside whitelist and forgoten inside blacklist shame over me, sometimes using my brain and eyes will help .. ;) greetings andy p.s. wish you a nice trip julian, come back savely >-----Ursprüngliche Nachricht----- >Von: Julian Field [mailto:MailScanner@ECS.SOTON.AC.UK] >Gesendet: Dienstag, 1. Februar 2005 12:13 >An: MAILSCANNER@JISCMAIL.AC.UK >Betreff: Re: blacklist does not work > > >Dörfler Andreas wrote: > >>hello, >> >>think i´ve done right but the blacklist does not work for me ?!? >> >>inside MailScanner.conf: >>Is Definitely Spam = %rules-dir%/spam.blacklist.rules >> >>/etc/MailScanner/rules >>-rw-r--r-- 1 root root 518 Feb 1 11:42 spam.blacklist.rules >>-rw-r--r-- 1 root root 1106 Feb 1 10:22 spam.whitelist.rules >> >>spam.blacklist.rules: >>To: spam@host.domain12345.de >>From: andreas@domain135.de >> >>host.domain12345.de is the mailscanner host, the other is my personal >>mail. >> >>nothing will be blocked and im sure the one setting in ms conf is >>enough, or not ? >> >>didnt found something in the archive, dont hit me if im to silly to >>search >>;) >> >> >Don't worry, we all (except me, I guess :-) had to start >somewhere. You >nearly have the syntax right, but you have missed the "yes" >off the end >of each line. >To: spam@host.domain12345.de yes >From: andreas@domain135.de yes >As for any matching rule, that value you want to return to "Is >Definitely Spam" is the answer "yes". >Make those changes, then "service MailScanner reload" if you >are running >most Linuxes. > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list >------------------------ To unsubscribe, email >jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in >the body of the email. Before posting, read the MAQ >(http://www.mailscanner.biz/maq/) and the archives >(http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at BARENDSE.TO Tue Feb 1 11:43:35 2005 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:28:23 2006 Subject: SpamAss. 3.0.2 upgrade? Message-ID: Afraid not (or luckily not). I redirected the output and diffed it, no differences at all. Could I have a double copy of spamass? On Tue, 1 Feb 2005, Julian Field wrote: > I would say you have 2 copies of perl installed. One in /usr/bin/perl > and one in another directory which is earlier on your $PATH than > /usr/bin. You will get in *such* a mess if you have multiple copies of > Perl, particularly if your $PATH is set wrong. > > Do > > /usr/bin/perl -V > and > perl -V > > and you will probably get different output. > > Remco Barendse wrote: > >> I downloaded and installed the latest tarball for install-SA-clamav which >> includes SA 3.0.2. >> >> I ran the install script but I get this : >> >> Oh good, module Mail::SpamAssassin version 3.0.2 is already installed. >> >> [root@gw install-Clam-SA]# spamassassin --version >> SpamAssassin version 3.0.1 >> >> Guess this is not correct? >> >> Cheers! >> Remco >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at BARENDSE.TO Tue Feb 1 11:51:32 2005 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:28:23 2006 Subject: Updating the reports in all languages all in one go? Message-ID: Does anyone have a neat script to upgrade all the stuff in /etc/MailScanner/reports ? I forgot to nuke that directory before upgrading MS and I'm now stuck with dozens of .rpmnew files. Another question to that (albeit an unpopular question probably) is it possible to remove the last two lines from the reports (with the transtec message) other than doing it by hand? My boss would like to see it removed. Thanks! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Feb 1 12:05:14 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:23 2006 Subject: Updating the reports in all languages all in one go? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] The only file that *has* to be upgraded is languages.conf. Type "upgrade_languages_conf" and you will find help :-) The other files don't need upgrading if you are happy with their current contents, and have customised them to your site. Remco Barendse wrote: > Does anyone have a neat script to upgrade all the stuff in > /etc/MailScanner/reports ? > > I forgot to nuke that directory before upgrading MS and I'm now stuck > with > dozens of .rpmnew files. > > Another question to that (albeit an unpopular question probably) is it > possible to remove the last two lines from the reports (with the transtec > message) other than doing it by hand? My boss would like to see it > removed. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From carinus.carelse at MRC.AC.ZA Tue Feb 1 12:41:14 2005 From: carinus.carelse at MRC.AC.ZA (Carinus Carelse) Date: Thu Jan 12 21:28:23 2006 Subject: Whitelisting not working for any messages. Message-ID: I have checked for both my rules and with both of them i still get logs that are scanning the messages and it is still marking messages as spam. I checked the X-MailScanner-From Header and it is the same as the first rule how can I debug this or where do I start. My whitelist rules are as follows : From: *@domain.com yes From: *@*.domain.com yes To: *@domain1.com yes Carinus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From carinus.carelse at MRC.AC.ZA Tue Feb 1 12:51:57 2005 From: carinus.carelse at MRC.AC.ZA (Carinus Carelse) Date: Thu Jan 12 21:28:23 2006 Subject: Whitelisting? Should i add the same to spamassassin.prefs file? Message-ID: Should I be adding the whitelist info to the spamassassin.prefs file as well or does it filter through if I put it in the mailscanner config. Carinus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From carinus.carelse at MRC.AC.ZA Tue Feb 1 13:20:55 2005 From: carinus.carelse at MRC.AC.ZA (Carinus Carelse) Date: Thu Jan 12 21:28:23 2006 Subject: Whitelisting? & autowhitelisting Message-ID: if I have autowhitelisting enabled does this affect manual whitelisting and how. Carinus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Tue Feb 1 13:27:50 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:28:23 2006 Subject: Why does MailScanner not like my Football club? Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Julian, Sorry I meant to add the email to theis There was no AttachmentWarning.txt with this e-mail but here is the text The following e-mails were found to have: Other Bad Content Detected Sender: v-eoako_bhbcbgca_flnedh_a@bounce3.rm04.net IP Address: 129.41.69.95 Recipient: lance@haigmail.com Subject: Spurs News Online MessageID: j0VGb2uh031337 Report: MailScanner: Found dangerous Object Codebase/Data tag in HTML message Full headers are: Return-Path: <^Ág> Received: from mail09.rm04.net (mail09.rm04.net [129.41.69.95]) by mailhost.haigmail.com (8.12.10/8.12.10/SuSE Linux 0.7) with ESMTP id j0VGb2uh031337 for ; Mon, 31 Jan 2005 16:37:03 GMT Received: by mail09.rm04.net id hvpf08064o0a; Mon, 31 Jan 2005 11:34:02 -0500 (envelope-from ) Message-ID: <3571584.1107189242895.JavaMail.root@mailgen02.atlp1> Date: Mon, 31 Jan 2005 11:34:02 -0500 (EST) From: "newsletter@spurs" Reply-To: spurs@adm02.com To: lance@haigmail.com Subject: Spurs News Online Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_6784_19393517.1107189052596" -- RedArmourLTD Email Virus Scanner www.RedArmour.co.uk Julian Field wrote: > You are going to have to give us a lot more information than that. There > should be an AttachmentWarning.txt attachment in the message. What does > that say? > > Lance Haig wrote: > >> Hi, >> >> I have mail I recieve from a football club mailing list and it is >> stopped under the "Other Bad Content Detected" >> >> I am not sure if Julian has something against "Spurs" :-) >> >> Anyway why would a message be marked as "Other Bad Content Detected" >> and can I stop it being blocked? >> >> Thanks again >> >> Lance >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Feb 1 13:55:02 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:23 2006 Subject: Whitelisting not working for any messages. Message-ID: Hi I presume you've restarted MS after editing the rule files? You can debug by modifying the 'Debug' setting in MailScanner.conf, stoping MailScanner and running checkmailscanner. This will give you a dump to the screen of what it's doing. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Carinus Carelse wrote: > I have checked for both my rules and with both of them i still get logs that > are scanning the messages and it is still marking messages as spam. I > checked the X-MailScanner-From Header and it is the same as the first rule > how can I debug this or where do I start. > My whitelist rules are as follows : > > From: *@domain.com yes > From: *@*.domain.com yes > To: *@domain1.com yes > > Carinus > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Tue Feb 1 14:07:00 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:28:23 2006 Subject: Why does MailScanner not like my Football club? Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Lance Haig > Sent: Tuesday, February 01, 2005 8:28 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Why does MailScanner not like my Football club? > > Hi Julian, > > Sorry I meant to add the email to theis > > There was no AttachmentWarning.txt with this e-mail but here is the text > > The following e-mails were found to have: Other Bad Content Detected > > Sender: v-eoako_bhbcbgca_flnedh_a@bounce3.rm04.net > IP Address: 129.41.69.95 > Recipient: lance@haigmail.com > Subject: Spurs News Online > MessageID: j0VGb2uh031337 > Report: MailScanner: Found dangerous Object Codebase/Data tag in HTML > message > In MailScanner.conf, you can set: Allow Object Codebase Tags = disarm (safer) or Allow Object Codebase Tags = yes (not so safe) Or to a ruleset that allows email from the football club :) Steve Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com -- This message has been scanned for viruses and dangerous content by The MailScanner at Fortress Systems Ltd., www.fsl.com, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From carinus.carelse at MRC.AC.ZA Tue Feb 1 14:12:59 2005 From: carinus.carelse at MRC.AC.ZA (Carinus Carelse) Date: Thu Jan 12 21:28:23 2006 Subject: Whitelisting not working for any messages. Message-ID: Ok sorry my stupidity got the best of me it is working and working well sorry about that. carinus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Feb 1 14:26:51 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:28:23 2006 Subject: Volunteers to convert FAQ to a Wiki? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > If I were to install a Wiki on the MailScanner site, would someone (or > several of you) be prepared to take on the job of converting the current > FAQ-o-matic to a Wiki? > > It's basically a cut and paste job. It's the content that matters, not > precisely who created the FAQ addition. > > Any volunteers please? I could probably offer some of my time. > > I can get a Wiki set up pretty quickly if you are prepared to do it. I'm using DocuWiki, which is aimed at documentation, at the office. I'm migrating all my file-based documentation to this Wiki. Pretty neat. > > Thanks folks! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Tue Feb 1 15:17:59 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:28:23 2006 Subject: Archiving Question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, I'm archiving mail for all users on our mail server. Is the mail that is archived filtered mail or mail as it is received by the MTA? I'm wondering if the archived mail would be a good source of ham for training SpamAssassin. Thanks, Rod -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Feb 1 15:23:40 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:23 2006 Subject: Archiving Question Message-ID: Rodney archived email is as it was before MS scans it... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Rodney Green wrote: > Hello, > > I'm archiving mail for all users on our mail server. Is the mail that is > archived filtered mail or mail as it is received by the MTA? I'm > wondering if the archived mail would be a good source of ham for > training SpamAssassin. > > Thanks, > Rod > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Howard at HARPER-ADAMS.AC.UK Tue Feb 1 15:25:28 2005 From: Howard at HARPER-ADAMS.AC.UK (Howard Robinson) Date: Thu Jan 12 21:28:23 2006 Subject: Non Nested rules quiry Message-ID: Hello, I have 60 staff and students in China that keep having their emails coming into college marked as spam. They are using about 10 different domains. I want to allow emails from them to four specific staff members here without them being checked for spam. I though I had it sussed but Mailscanner protests when restarting with a syntax error in the rules file. What I have tried so far is:- In MailScanner.conf I have (with other blurb snipped and tabs for spacing) Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules In %rules-dir%/spam.whitelist.rules # note line wrapped To: usera@harper-adams.ac.uk /etc/MailScanner/rules/chinaemail.rules.list FromOrTo: default no In /etc/MailScanner/rules/chinaemail.rules.list I have From: userz@domain1 yes From: usery@domain2 yes From: userx@domain1 yes FromOrTo: default no My idea was that only if it were for usera would mailscanner need to look at the from address however in the book (p309) it says that rules can't be nested other than files full address patterns. However p304 option 14 looks to me to contradict this. Have I got this wrong? Regards Howard Robinson (Senior Technical Development Officer) Harper Adams University College Edgmond Newport Shropshire TF10 8NB UK E-mail: hrobinson@harper-adams.ac.uk Tel. : +44(0)1952 820280 Via switchboard : +44(0)1952 815253 Direct line Fax. : +44(0)1952 814783 College Web site http://www.harper-adams.ac.uk From MailScanner at ecs.soton.ac.uk Tue Feb 1 15:26:06 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:23 2006 Subject: Archiving Question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] unless it's the spam or mcp archive, at which point the "Keep Spam And MCP Archive Clean" setting comes into effect. Martin Hepworth wrote: > Rodney > > archived email is as it was before MS scans it... > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Rodney Green wrote: > >> Hello, >> >> I'm archiving mail for all users on our mail server. Is the mail that is >> archived filtered mail or mail as it is received by the MTA? I'm >> wondering if the archived mail would be a good source of ham for >> training SpamAssassin. >> >> Thanks, >> Rod >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vinet138 at YAHOO.COM Tue Feb 1 15:22:52 2005 From: vinet138 at YAHOO.COM (Bill Smith) Date: Thu Jan 12 21:28:23 2006 Subject: MScanner Disaster Recovery Message-ID: Hi Folks, Does anyone know the best way for disaster recovery MScanner? Any advice would be appreciated. Bill ________________________________________________________________________________ Do you Yahoo!? All your favorites on one personal page ^Ö Try My Yahoo! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From carinus.carelse at MRC.AC.ZA Tue Feb 1 15:32:58 2005 From: carinus.carelse at MRC.AC.ZA (Carinus Carelse) Date: Thu Jan 12 21:28:23 2006 Subject: MailWatch Query Message-ID: I am again faced with the same problem i had before. I am running two copies of MailScanner with two seperate configs which works wonderfully well. i have set up two different databases for the loggin using mailwatch. I now have both copies running the new version but it only logs everything to one database. It does not even create the one debug file but seems to proxy all of the info through one connection which is the one that started up first. Can anyone maybe help me with this problem. It worked well in version 4.27 until the new version 4.3 came out I happily ran both logging to seperate databases and have seperate web stats. Any help is appreciated. Carinus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From billy at PLANETGEEK.BIZ Tue Feb 1 15:42:49 2005 From: billy at PLANETGEEK.BIZ (Billy Pumphrey) Date: Thu Jan 12 21:28:23 2006 Subject: OT Taking care of mail errors and dnsreport.com Message-ID: I don't know where to get better help, so I am hoping that someone can shoot an answer to these problems. I got digging and it looks like I do not have the best setup. Here is my basic setup: Mailscanner is the gateway between the internet and my MS Exchange server. MailScanner running RulesDeJour, SpamAssassin, and Sophos. Linux release 9, Kernel 2.4.20-8. Spamassassin version 2.61 MailScanner version 4.25-14 http://www.dnsreport.com/tools/dnsreport.ch?domain=woodmaclaw.com I believe that these errors are coming from my mailscanner machine name mailscanner.woodmaclaw.local. I do not know how to configure sendmail to accept the postmaster address for example. All of those warnings and errors in that report I would guess would be a good idea to get fixed? What started me on this and what I really need to get fixed is there is a domain that is having problems with emails getting to my mailserver. From ds at CARIBENET.COM Tue Feb 1 15:44:28 2005 From: ds at CARIBENET.COM (Dirk Enrique Seiffert) Date: Thu Jan 12 21:28:23 2006 Subject: High CPU load, RCPT TO: Message-ID: Hello, I can't tell if this is a sendmail or a MailScanner problem: Certain mails are causing a loop, making sendmail consume 99% of the CPU load. I have to manually restart MailScanner. What they have in common: 1) Recipients don't exist 2) RCPT TO: root 25608 74.3 0.5 8572 2556 ? R 09:55 29:11 sendmail: j11EtSBe025608 218.45.73.183.eo.eaccess.ne.jp [218.45.73.183]: RCPT TO: logs show soemthing like: Feb 1 09:55:32 ctg sendmail-in[25608]: j11EtSBe025608: ... User unknown Feb 1 09:55:32 ctg sendmail-in[25608]: j11EtSBe025608: ... User unknown Feb 1 09:55:33 ctg sendmail-in[25608]: j11EtSBe025608: ... User unknown Feb 1 09:55:34 ctg sendmail-in[25608]: j11EtSBe025608: ... User unknown Feb 1 09:55:35 ctg sendmail-in[25608]: j11EtSBe025608: ... User unknown Feb 1 09:55:36 ctg sendmail-in[25608]: j11EtSBe025608: ... User unknown Feb 1 09:55:36 ctg sendmail-in[25608]: j11EtSBe025608: ... User unknown Feb 1 09:55:37 ctg sendmail-in[25608]: j11EtSBe025608: ... User unknown SuSE 9.2, mailscanner-4.36.4-1, perl-spamassassin-3.0.0-3 spamassassin-3.0.0-3 sendmail-8.13.1-5 Does anybody know this problem or a solution? Thanks Enrique -- Dirk Enrique Seiffert CaribeNet S.A. - Cartagena - Colombia www.caribenet.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Feb 1 15:45:08 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:23 2006 Subject: MailWatch Query Message-ID: Carinus Not sure what exactly is happening here... Do you mean all the email is being handled by one machine rather being shared across the two? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Carinus Carelse wrote: > I am again faced with the same problem i had before. I am running two > copies of MailScanner with two seperate configs which works wonderfully > well. i have set up two different databases for the loggin using > mailwatch. I now have both copies running the new version but it only > logs everything to one database. It does not even create the one debug > file but seems to proxy all of the info through one connection which is > the one that started up first. Can anyone maybe help me with this > problem. It worked well in version 4.27 until the new version 4.3 came > out I happily ran both logging to seperate databases and have seperate > web stats. Any help is appreciated. > > Carinus > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Tue Feb 1 15:47:03 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:28:23 2006 Subject: Archiving Question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] What is the mcp archive? Not familiar with what mcp is. Thanks for your help guys, Rod Julian Field wrote: > unless it's the spam or mcp archive, at which point the "Keep Spam And > MCP Archive Clean" setting comes into effect. > > Martin Hepworth wrote: > >> Rodney >> >> archived email is as it was before MS scans it... >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >> Rodney Green wrote: >> >>> Hello, >>> >>> I'm archiving mail for all users on our mail server. Is the mail that is >>> archived filtered mail or mail as it is received by the MTA? I'm >>> wondering if the archived mail would be a good source of ham for >>> training SpamAssassin. >>> >>> Thanks, >>> Rod >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> >> >> ********************************************************************** >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please notify >> the system manager. >> >> This footnote confirms that this email message has been swept >> for the presence of computer viruses and is believed to be clean. >> >> ********************************************************************** >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Rodney Green Network/Security Administrator Trayer Products, Inc. E-Mail: rgreen@trayerproducts.com Phone: 607-734-8124 Ext. 343 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Feb 1 15:52:28 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:23 2006 Subject: Archiving Question Message-ID: Message Content Protection It allows you to define bad words/phrases etc so you can (for example) block profanity. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Rodney Green wrote: > What is the mcp archive? Not familiar with what mcp is. > > Thanks for your help guys, > Rod > > Julian Field wrote: > >> unless it's the spam or mcp archive, at which point the "Keep Spam And >> MCP Archive Clean" setting comes into effect. >> >> Martin Hepworth wrote: >> >>> Rodney >>> >>> archived email is as it was before MS scans it... >>> >>> -- >>> Martin Hepworth >>> Snr Systems Administrator >>> Solid State Logic >>> Tel: +44 (0)1865 842300 >>> >>> >>> Rodney Green wrote: >>> >>>> Hello, >>>> >>>> I'm archiving mail for all users on our mail server. Is the mail >>>> that is >>>> archived filtered mail or mail as it is received by the MTA? I'm >>>> wondering if the archived mail would be a good source of ham for >>>> training SpamAssassin. >>>> >>>> Thanks, >>>> Rod >>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> >>> >>> >>> ********************************************************************** >>> >>> This email and any files transmitted with it are confidential and >>> intended solely for the use of the individual or entity to whom they >>> are addressed. If you have received this email in error please notify >>> the system manager. >>> >>> This footnote confirms that this email message has been swept >>> for the presence of computer viruses and is believed to be clean. >>> >>> ********************************************************************** >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Rodney Green > Network/Security Administrator > Trayer Products, Inc. > E-Mail: rgreen@trayerproducts.com > Phone: 607-734-8124 Ext. 343 > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Feb 1 15:53:20 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:23 2006 Subject: MScanner Disaster Recovery Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Bill backup settings, document settings, document rebuild from scratch. (Test and test retest) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Bill Smith wrote: > Hi Folks, > > Does anyone know the best way for disaster recovery MScanner? > > Any advice would be appreciated. > > Bill > > ------------------------------------------------------------------------ > Do you Yahoo!? > All your favorites on one personal page ^Ö Try My Yahoo! > ------------------------ MailScanner list > ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jwilliams at COURTESYMORTGAGE.COM Tue Feb 1 16:54:42 2005 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:28:23 2006 Subject: Question on upgrading ClamAV Message-ID: Hello everyone. Had a quick question on upgrading clamav on my mailscanner setup. My setup: FreeBSD 4.9 Sendmail 8.12.11 MailScanner 4.29 (Yes, I know it needs updating) :) I came in this morning and updated my clamav from 0.80 to 0.81. Everything appeared to have gone well. However, I know get a funny error when I try and run 'freshclam' to update my definitions. I get the following: Can't change dir to /usr/local/share/clamav Doing a little bit of work, I see that it is possibly looking in the wrong directory. It should be looking in: /usr/local/share/doc/clamav Now, I know this is clamav, but i was hoping some of the other FreeBSD users on this list might be able to shed some light on what the possible problem may be. I am going to jump over to www.clamav.net here, but there list is boogered up right now. Anyway, I was hoping somebody here may have an idea and could help me out. I appreciate the help. Cheers, Jason ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jwilliams at COURTESYMORTGAGE.COM Tue Feb 1 16:59:01 2005 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:28:23 2006 Subject: Question on upgrading ClamAV Message-ID: Nevermind. I think I figured it out. My freshclam.conf was pointing to the wrong DB location. Just to verify, the DB location should contain: daily.cvd main.cvd Just verifying. Cheers, Jaso >Can't change dir to /usr/local/share/clamav > >Doing a little bit of work, I see that it is possibly looking in the wrong >directory. It should be looking in: > >/usr/local/share/doc/clamav > >Now, I know this is clamav, but i was hoping some of the other FreeBSD ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Tue Feb 1 17:01:38 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:28:23 2006 Subject: Question on upgrading ClamAV Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Did the install change your conf files. Check your freshclam.conf, did it change? The default directory for the database is /var/lib/clamav. Jason Williams wrote: > Hello everyone. > > Had a quick question on upgrading clamav on my mailscanner setup. > My setup: > > FreeBSD 4.9 > Sendmail 8.12.11 > MailScanner 4.29 (Yes, I know it needs updating) :) > > I came in this morning and updated my clamav from 0.80 to 0.81. > Everything appeared to have gone well. However, I know get a funny error > when I try and run 'freshclam' to update my definitions. I get the > following: > > Can't change dir to /usr/local/share/clamav > > Doing a little bit of work, I see that it is possibly looking in the > wrong > directory. It should be looking in: > > /usr/local/share/doc/clamav > > Now, I know this is clamav, but i was hoping some of the other FreeBSD > users on this list might be able to shed some light on what the possible > problem may be. > > I am going to jump over to www.clamav.net here, but there list is > boogered > up right now. > > Anyway, I was hoping somebody here may have an idea and could help me > out. > > I appreciate the help. > > Cheers, > > Jason > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Ed Bruce Health Plan of Michigan Senior Programmer Phone: 248.226.1512 FAX: 248.204.6569 -- This message has been scanned for viruses and dangerous content by Secure Resource, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jwilliams at COURTESYMORTGAGE.COM Tue Feb 1 17:08:05 2005 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:28:23 2006 Subject: Question on upgrading ClamAV Message-ID: At 09:01 AM 2/1/2005, you wrote: >Did the install change your conf files. Check your freshclam.conf, did >it change? The default directory for the database is /var/lib/clamav. Yep. That was it. It changed the location of the DB files in freshclam.conf. Once I fixed that, it was fixed. Much appreciated. Cheers, Jason ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lars+lister.mailscanner at ADVENTURAS.NO Tue Feb 1 17:05:47 2005 From: lars+lister.mailscanner at ADVENTURAS.NO (Lars Kristiansen) Date: Thu Jan 12 21:28:23 2006 Subject: Question on upgrading ClamAV Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Hello everyone. > > Had a quick question on upgrading clamav on my mailscanner setup. > My setup: > > FreeBSD 4.9 > Sendmail 8.12.11 > MailScanner 4.29 (Yes, I know it needs updating) :) > > I came in this morning and updated my clamav from 0.80 to 0.81. > Everything appeared to have gone well. However, I know get a funny error > when I try and run 'freshclam' to update my definitions. I get the > following: > > Can't change dir to /usr/local/share/clamav a bit of advice from from /usr/ports/UPDATING: 20041222: AFFECTS: users of security/clamav, security/clamav-devel AUTHOR: jylefort@brutele.be The ClamAV database path has changed from /usr/local/share/clamav to /var/db/clamav. You should update the DatabaseDirectory keyword in /usr/local/etc/clamd.conf and /usr/local/etc/freshclam.conf. > > Doing a little bit of work, I see that it is possibly looking in the wrong > directory. It should be looking in: > > /usr/local/share/doc/clamav > > Now, I know this is clamav, but i was hoping some of the other FreeBSD > users on this list might be able to shed some light on what the possible > problem may be. > > I am going to jump over to www.clamav.net here, but there list is boogered > up right now. > > Anyway, I was hoping somebody here may have an idea and could help me out. > > I appreciate the help. > > Cheers, > > Jason > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jwilliams at COURTESYMORTGAGE.COM Tue Feb 1 17:11:29 2005 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:28:23 2006 Subject: Question on upgrading ClamAV Message-ID: At 09:05 AM 2/1/2005, you wrote: >a bit of advice from from /usr/ports/UPDATING: > >20041222: > AFFECTS: users of security/clamav, security/clamav-devel > AUTHOR: jylefort@brutele.be > > The ClamAV database path has changed from /usr/local/share/clamav to > /var/db/clamav. You should update the DatabaseDirectory keyword in > /usr/local/etc/clamd.conf and /usr/local/etc/freshclam.conf. Ya. I just saw that when I was flipping through the file. Don't I feel grand this morning. Thanks. Jason ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Tue Feb 1 17:21:42 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:28:23 2006 Subject: MScanner Disaster Recovery Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Bill Smith Sent: Tuesday, February 01, 2005 10:23 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: MScanner Disaster Recovery Hi Folks,   Does anyone know the best way for disaster recovery MScanner?   Any advice would be appreciated.   Bill ________________________________________ Easiest way is to setup 2 or more gateways with equal MX records where the total number of gateways - 1 will easily handle all of the load. Secondary Gateway(s) are synchronized manually using a combination of ssh / rsync /keychains after configuration changes are made to a primary gateway. With this configuration it's lose a gateway at 1:00 AM - fix it the next morning because email will still be delivered. Steve Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com ________________________________________ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Feb 1 17:25:13 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:23 2006 Subject: High CPU load, RCPT TO: Message-ID: At 10:44 AM 2/1/2005, Dirk Enrique Seiffert wrote: >I can't tell if this is a sendmail or a MailScanner problem: Certain mails are >causing a loop, making sendmail consume 99% of the CPU load. I have to >manually restart MailScanner. What they have in common: >1) Recipients don't exist >2) RCPT TO: > >root 25608 74.3 0.5 8572 2556 ? R 09:55 29:11 sendmail: >j11EtSBe025608 218.45.73.183.eo.eaccess.ne.jp [218.45.73.183]: RCPT TO: > > >logs show soemthing like: What makes you thing sendmail is looping? All the usernames are different.... Looks like a standard rumplestiltskin attack to me, where a spammer is just trying every name in a dictionary on your domain to see if they can discover new email addresses by brute-force. Most of us are sustaining these on a frequent basis now days, although generally in a distributed fashion instead of single source. If this is bogging down your CPU, perhaps you need to check into doing something to make username lookup lighter weight than it is (are you using milter-ahead or something of the sort?) You might also want to look at things like rumplekill http://bignosebird.com/notebook/rumplekill.shtml ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Tue Feb 1 18:06:31 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:23 2006 Subject: MScanner Disaster Recovery Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Stephen Swaney >Sent: 01 February 2005 17:22 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: MScanner Disaster Recovery > >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of Bill Smith >Sent: Tuesday, February 01, 2005 10:23 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: MScanner Disaster Recovery > >Hi Folks, >  >Does anyone know the best way for disaster recovery MScanner? >  >Any advice would be appreciated. >  >Bill >________________________________________ > >Easiest way is to setup 2 or more gateways with equal MX >records where the >total number of gateways - 1 will easily handle all of the load. > >Secondary Gateway(s) are synchronized manually using a >combination of ssh / >rsync /keychains after configuration changes are made to a >primary gateway. > >With this configuration it's lose a gateway at 1:00 AM - fix >it the next >morning because email will still be delivered. > >Steve >Steve Swaney >President >Fortress Systems Ltd. >www.fsl.com >steve.swaney@fsl.com In addition to the added resiliance that having two or more MailScanner gateways gives you, it also makes upgrades of OS and applications (MS, SA, etc) more straightforward. You can afford to have a mail gateway out of service for upgardes without impacting the overall service. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Feb 1 18:13:55 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:23 2006 Subject: High CPU load, RCPT TO: Message-ID: At 12:25 PM 2/1/2005, Matt Kettler wrote: >At 10:44 AM 2/1/2005, Dirk Enrique Seiffert wrote: > >I can't tell if this is a sendmail or a MailScanner problem: Certain > mails are > >causing a loop, making sendmail consume 99% of the CPU load. >What makes you thing sendmail is looping? All the usernames are >different.... Looks like a standard rumplestiltskin attack to me, where a >spammer is just trying every name in a dictionary on your domain to see if >they can discover new email addresses by brute-force. Oh yes, and one more thing.. you might want to add this to your sendmail.mc: #after 15 invalid recpipients, start slowing them down with #1 second sleeps define(`confBAD_RCPT_THROTTLE',15) Then rebuild your sendmail.cf and do a service MailScanner restart. That option will save you a lot of CPU overhead in the event of a rumple attack, and also slow down the attacker. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joey at JOESMITH.NET Tue Feb 1 18:21:14 2005 From: joey at JOESMITH.NET (Joe Smith) Date: Thu Jan 12 21:28:23 2006 Subject: MScanner Disaster Recovery Message-ID: On Tue, 1 Feb 2005, Stephen Swaney wrote: > With this configuration it's lose a gateway at 1:00 AM - fix it the next > morning because email will still be delivered. What about when the gateway that goes down also handles the POP3 accounts? I know about the only way to provide a secondary lookup for a POP3 server is via DNS somehow, and this could have way too much lag time. I was thinking about this then I thought about having users setup 2 identical accounts in LookOut Express, except they go to different servers on different networks. So if mail ends up on MX1 it stays there for pickup, and if it ends up on MX2 it stays there for pickup. If MX1 or MX2 goes down then users will still get their mail, they will just get a warning messages about which host is down. A little user training would have to be done. Any thoughts or chinks in my armor or does someone have a better plan? Thanks. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Tue Feb 1 18:31:32 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:28:23 2006 Subject: OT Taking care of mail errors and dnsreport.com Message-ID: Billy Pumphrey wrote: > I don't know where to get better help, so I am hoping that someone > can shoot an answer to these problems. I got digging and it looks > like I do not have the best setup. > > Here is my basic setup: > Mailscanner is the gateway between the internet and my MS Exchange > server. MailScanner running RulesDeJour, SpamAssassin, and Sophos. > Linux release 9, Kernel 2.4.20-8. > Spamassassin version 2.61 > MailScanner version 4.25-14 > > http://www.dnsreport.com/tools/dnsreport.ch?domain=woodmaclaw.com > > I believe that these errors are coming from my mailscanner machine > name mailscanner.woodmaclaw.local. I do not know how to configure > sendmail to accept the postmaster address for example. All of those > warnings and errors in that report I would guess would be a good idea > to get fixed? > > What started me on this and what I really need to get fixed is there > is a domain that is having problems with emails getting to my > mailserver. > From houseinvestments.com. Error like this are coming = 550 5.7.1 we > do not relay. > > I havce searched and searched on this error and tried to see what the > problem is on the exchange server. I cannot find what the problem is. > Any help on getting these errors taken care of is greatly appreciated. I'm not a sendmail guru by any stretch. Probably even more clueless than most , but I'll chime in anyway. Keeps me humble. What do you have in your alias file in /etc/sendmail? I have a line that says: postmaster: root (use a tab ot separate the above entries) My MailScanner box is just a gateway so I also added a .forward file in /root which contains the address to forward to on our internal mail server. It may be as simple as changing the name of the server to .com instead of .local though. If that's not in the cards, then I'd look at using mailertable to define what hosts you forward mail to. Without knowing your network layout, I'd offer this: The internet facing machine should be named mail.woodmaclaw.com, and if it just accepts and forwards mail to an internal host it should have entries in the relay-domain file for what domains it will accept for and in the mailertable for where to send them. At least that's how I'm set up and it works for me. Hope this helps... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Tue Feb 1 18:48:36 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:23 2006 Subject: Question on upgrading ClamAV Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jason Williams wrote: > At 09:05 AM 2/1/2005, you wrote: > >> a bit of advice from from /usr/ports/UPDATING: >> >> 20041222: >> AFFECTS: users of security/clamav, security/clamav-devel >> AUTHOR: jylefort@brutele.be >> >> The ClamAV database path has changed from /usr/local/share/clamav to >> /var/db/clamav. You should update the DatabaseDirectory keyword in >> /usr/local/etc/clamd.conf and /usr/local/etc/freshclam.conf. > > > Ya. I just saw that when I was flipping through the file. > Don't I feel grand this morning. Don't be too hard on yourself, I missed it too :-( Don't forget to change MailScanner.conf if you are using the ClamAV perl module to reflect the new db location Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Feb 1 18:55:06 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:23 2006 Subject: Volunteers to convert FAQ to a Wiki? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo, Would it be possible for you to look after this while I'm away please? There have been a few volunteers to port the content, but it needs someone in over-all control to set the structure of it. Hopefully it's actually a very quick job, just lots of cutting and pasting. Is this okay? Many thanks! Jules. Ugo Bellavance wrote: > Julian Field wrote: > >> If I were to install a Wiki on the MailScanner site, would someone (or >> several of you) be prepared to take on the job of converting the current >> FAQ-o-matic to a Wiki? >> >> It's basically a cut and paste job. It's the content that matters, not >> precisely who created the FAQ addition. >> >> Any volunteers please? > > > I could probably offer some of my time. > >> >> I can get a Wiki set up pretty quickly if you are prepared to do it. > > > I'm using DocuWiki, which is aimed at documentation, at the office. I'm > migrating all my file-based documentation to this Wiki. Pretty neat. > >> >> Thanks folks! >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ds at CARIBENET.COM Tue Feb 1 19:27:55 2005 From: ds at CARIBENET.COM (Dirk Enrique Seiffert) Date: Thu Jan 12 21:28:23 2006 Subject: High CPU load, RCPT TO: Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > What makes you thing sendmail is looping? All the usernames are > different.... Looks like a standard rumplestiltskin attack to me, where a > spammer is just trying every name in a dictionary on your domain to see if > they can discover new email addresses by brute-force. Most of us are > sustaining these on a frequent basis now days, although generally in a > distributed fashion instead of single source. I get lots of them, no idea why it has to be me: Its a simple mailserver for a small domain. We are relaying to maybe 1500 mails per day, not more. Since a few weeks these attacks started, I get them every few minutes. > > If this is bogging down your CPU, perhaps you need to check into doing > something to make username lookup lighter weight than it is (are you using > milter-ahead or something of the sort?) Nothing like that: Users are local unix users. > > You might also want to look at things like rumplekill > > http://bignosebird.com/notebook/rumplekill.shtml This looks good and straightforward: I installed already, will let you know if it helps. Thanks a lot Enrique > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Dirk Enrique Seiffert CaribeNet S.A. - Cartagena - Colombia www.caribenet.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Feb 1 20:03:28 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:23 2006 Subject: High CPU load, RCPT TO: Message-ID: At 02:27 PM 2/1/2005, Dirk Enrique Seiffert wrote: >I get lots of them, no idea why it has to be me: Its a simple mailserver for a >small domain. We are relaying to maybe 1500 mails per day, not more. Since a >few weeks these attacks started, I get them every few minutes. It's no just you, it's *everybody*. Spammers and worms are doing a LOT of address guessing these days. Everyone on this list sees this kind of garbage hitting their servers every day. I do not know of any servers that are not being attacked with rumplestiltskin attacks. My server, with very similar mail profile, has been under a continuous barrage rumplestiltskin attacks since some time late in the day on July 8, 2004. I've never felt any pain from it, because I had BAD_RCPT_THROTTLE in place long before the attacks started. Even with BAD_RCPT_THROTTLE , MAX_RCPTS_PER_MSG, and CONNECTION_RATE_THROTTLE, I'm still getting thousands of User unknown's per day. The big difference here is that I'm seeing is that most of my rumples are coming from a wide variety of IPs and connections, instead of all from the same connection.. This limits the rate somewhat, but should they have tried the method they are hitting you with on my server, the throttle will kick in. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From garry at GLENDOWN.DE Tue Feb 1 20:34:03 2005 From: garry at GLENDOWN.DE (Garry Glendown) Date: Thu Jan 12 21:28:23 2006 Subject: MScanner Disaster Recovery Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Joe Smith wrote: > On Tue, 1 Feb 2005, Stephen Swaney wrote: > > >>With this configuration it's lose a gateway at 1:00 AM - fix it the next >>morning because email will still be delivered. > > > What about when the gateway that goes down also handles the POP3 accounts? > I know about the only way to provide a secondary lookup for a POP3 server > is via DNS somehow, and this could have way too much lag time. > > I was thinking about this then I thought about having users setup 2 > identical accounts in LookOut Express, except they go to different servers > on different networks. > > So if mail ends up on MX1 it stays there for pickup, and if it ends up on > MX2 it stays there for pickup. If MX1 or MX2 goes down then users will > still get their mail, they will just get a warning messages about which > host is down. A little user training would have to be done. > > Any thoughts or chinks in my armor or does someone have a better plan? The only way to fix this would be do set up some kind of cluster that uses a central storage e.g. with Cyrus Imap and then a failover between the two machines (or a load balancer in front of it). We tried several approaches for our company and ended up getting a SAN set up for all high availability applications like POP or Webservers ... (please note: MS will NOT need this, as a simple round-robin will do nicely ...) -garry ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From isi at DAGGERSDEN.NET Tue Feb 1 20:45:36 2005 From: isi at DAGGERSDEN.NET (Isi Lawson) Date: Thu Jan 12 21:28:24 2006 Subject: Messages received and processed, but not being delivered Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello All, I have found a problem that I could find no details about on the maillist. Perhaps it is new. I have had a working installation of MailScanner for about 6 months now. Last night I added a ruleset that broke my installation. Backing out the ruleset allow it to work normally again. I am looking for some insight on 2 things: 1) my does this not work. 2) how can i get my mail back. Here is what happened. I modified this setting (/etc/MailScanner.conf) From: Non Spam Actions = deliver To: Non Spam Actions = /etc/MailScanner/rules/nonspam.action.rules I then added this file containing the rules (/etc/MailScanner/rules/nonspam.action.rules) # domain1.net FromOrTo: *@domain1.net deliver # domain2.com FromOrTo: *@domain2.com deliver # domain3.net FromOrTo: *@domain3.net deliver # Default Configuration FromOrTo: Default deliver I restart mailscanner (service MailScanner restart) and everything looks like it comes up in correctly in the logs /var/log/maillog. Jan 31 22:43:16 abaddon postfix/postfix-script: starting the Postfix mail system Jan 31 22:43:16 abaddon postfix/master[9080]: daemon started -- version 2.1.5 Jan 31 22:43:16 abaddon postfix/postfix-script: fatal: the Postfix mail system is already running Jan 31 22:43:17 abaddon MailScanner[9104]: MailScanner E-Mail Virus Scanner version 4.37.7 starting... Jan 31 22:43:17 abaddon MailScanner[9104]: Config: calling custom init function MailWatchLogging Jan 31 22:43:17 abaddon MailScanner[9104]: Started SQL Logging child Jan 31 22:43:18 abaddon MailScanner[9104]: Enabling SpamAssassin auto-whitelist functionality... Jan 31 22:43:20 abaddon MailScanner[9104]: Using locktype = flock When i send a message through i also see normal logs: /var/log/maillog Jan 31 23:52:49 abaddon postfix/smtpd[2112]: connect from web13806.mail.yahoo.com[216.136.175.16] Jan 31 23:52:49 abaddon postfix/smtpd[2112]: 874353800082: client=web13806.mail.yahoo.com[216.136.175.16] Jan 31 23:52:49 abaddon postfix/cleanup[2114]: 874353800082: hold: header Received: from web13806.mail.yahoo.com (web13806.mail.yahoo. com [216.136.175.16])??by smtp01.purecomputing.net (Postfix) with SMTP id 874353800082??for ; Mon, 31 Jan 2005 23: 52:49 from web13806.mail.yahoo.com[216.136.175.16]; from= to= proto=SMTP helo= Jan 31 23:52:49 abaddon postfix/cleanup[2114]: 874353800082: hold: header Received: (qmail 17030 invoked by uid 60001); 1 Feb 2005 04: 52:48 -0000 from web13806.mail.yahoo.com[216.136.175.16]; from= to= proto=SMTP helo= Jan 31 23:52:49 abaddon postfix/cleanup[2114]: 874353800082: message-id=<20050201045248.17028.qmail@web13806.mail.yahoo.com> Jan 31 23:52:49 abaddon postfix/cleanup[2114]: 874353800082: hold: header Received: from [68.158.37.209] by web13806.mail.yahoo.com vi a HTTP; Mon, 31 Jan 2005 20:52:48 PST from web13806.mail.yahoo.com[216.136.175.16]; from= to= proto=SMTP helo= Jan 31 23:52:49 abaddon postfix/smtpd[2112]: disconnect from web13806.mail.yahoo.com[216.136.175.16] Jan 31 23:52:51 abaddon MailScanner[2019]: New Batch: Scanning 1 messages, 1480 bytes Jan 31 23:52:52 abaddon MailScanner[2019]: Virus and Content Scanning: Starting Jan 31 23:52:54 abaddon MailScanner[2019]: Logging message 874353800082.53026 to SQL And the transaction ends right there. There is no more activity until i send another test message. What i see is the message come in normally, get processed by mailscanner but never get put back on the outgoing queue so that postfix can send it. After much troubleshooting (i didn't correlate the rule addition with this problem) I decided to remove the Non Spam rule in MailScanner.conf and restarted. Everything started working just fine. I have it working not but would like to know how to get the ruleset work properly for Non Spam Actions and secondly how to recover my messages that I can see came in (via the logs and mailwatch) but are not anywhere that i have found on the system. (thoughts) Hardware: P4 2.4, 512Meg, 1x60gig, 1x100Mbit Software: Redhat 9, Postfix, Spamassassin, DCC, Pyzor, Razor, MailWatch RBLs: None in MTA, ORDB-RBL and SBL+XBL in MailScanner, None in SpamAssassin Virus Scanners: ClamAV, BitDefender Volume: ~500 messages/day ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Tue Feb 1 23:31:27 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:28:24 2006 Subject: Blantent plagerism... Message-ID: I'm building a new iteration of MailScanner on a faster box. A nice feature Julian's added is the %web-site% variable in the reports where we can send folks that have run afoul of our spam policies. Being a pragmatic and frugal sort (pronounced 'lazy sod') I was wondering if anybody had a page up that they wouldn't mind me plagerizing (with appropriate edits of course) and loading on our web server. TIA... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Wed Feb 2 00:51:15 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:28:24 2006 Subject: High CPU load, RCPT TO: Message-ID: Matt Kettler wrote: > At 02:27 PM 2/1/2005, Dirk Enrique Seiffert wrote: >> I get lots of them, no idea why it has to be me: Its a simple >> mailserver for a small domain. We are relaying to maybe 1500 mails >> per >> day, not more. Since a few weeks these attacks started, I get them >> every few minutes. > > It's no just you, it's *everybody*. > > Spammers and worms are doing a LOT of address guessing these days. > Everyone on this list sees this kind of garbage hitting their servers > every day. I do not know of any servers that are not being attacked > with rumplestiltskin attacks. > > My server, with very similar mail profile, has been under a > continuous barrage rumplestiltskin attacks since some time late in > the day on July 8, 2004. I've never felt any pain from it, because I > had BAD_RCPT_THROTTLE in place long before the attacks started. > > Even with BAD_RCPT_THROTTLE , MAX_RCPTS_PER_MSG, and > CONNECTION_RATE_THROTTLE, I'm still getting thousands of User > unknown's per day. > > The big difference here is that I'm seeing is that most of my rumples > are coming from a wide variety of IPs and connections, instead of all > from the same connection.. This limits the rate somewhat, but should > they have tried the method they are hitting you with on my server, > the throttle will kick in. > Another trend I notice in my logs is that forged spammer addresses are oddly similar even though the attempts come from various IP's around the world. For example: Feb 1 16:23:37 avwall2 sendmail[24323]: j11MNL3Q024323: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=c-66-176-253-242.se.client2.attbi.com [66.176.253.242] Feb 1 16:24:39 avwall2 sendmail[24500]: j11MOTiT024500: Milter: from=, reject=550 5.7.1 connection "CPE0008a122b198-CM000a739bc416.cpe.net.cable.rogers.com" blocked Feb 1 16:24:39 avwall2 sendmail[24500]: j11MOTiT024500: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=CPE0008a122b198-CM000a739bc416.cpe.net.cable.rogers.com [69.194.46.137] Feb 1 16:25:13 avwall2 sendmail[24566]: j11MP0FN024566: Milter: from=, reject=550 5.7.1 connection "ACD6AC8E.ipt.aol.com" blocked Feb 1 16:25:14 avwall2 sendmail[24566]: j11MP0FN024566: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=ACD6AC8E.ipt.aol.com [172.214.172.142] Feb 1 16:26:00 avwall2 sendmail[24732]: j11MPlfN024732: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=pcp559187pcs.rthfrd01.tn.comcast.net [68.52.102.111] Feb 1 16:26:42 avwall2 sendmail[24852]: j11MQTwf024852: Milter: from=, reject=550 5.7.1 connection "12-215-96-255.client.mchsi.com" blocked Feb 1 16:26:43 avwall2 sendmail[24852]: j11MQTwf024852: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=12-215-96-255.client.mchsi.com [12.215.96.255] Feb 1 16:28:17 avwall2 sendmail[25185]: j11MS5Sn025185: Milter: from=, reject=550 5.7.1 sender blocked Feb 1 16:28:17 avwall2 sendmail[25185]: j11MS5Sn025185: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=CPE-203-51-239-203.qld.bigpond.net.au [203.51.239.203] Feb 1 17:14:08 avwall2 milter-sender[1604]: 06355 j11NDv31001112: sender (0) cached, skipping Feb 1 17:14:08 avwall2 sendmail[1112]: j11NDv31001112: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=muedsl-82-207-223-151.citykom.de [82.207.223.151] Feb 1 17:16:52 avwall2 milter-sender[1604]: 06393 j11NGgMN001567: sender (0) cached, skipping Feb 1 17:16:52 avwall2 sendmail[1567]: j11NGgMN001567: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=adsl-68-72-85-49.dsl.chcgil.ameritech.net [68.72.85.49] Feb 1 17:17:16 avwall2 sendmail[1596]: j11NH0dw001596: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=morristown-68-118-99-14.chartertn.net [68.118.99.14] Feb 1 17:19:30 avwall2 sendmail[1894]: j11NJJtw001894: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=cs242231-3.houston.rr.com [24.242.231.3] Feb 1 17:19:52 avwall2 sendmail[1975]: j11NJcwP001975: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=cpe-66-67-134-209.rochester.res.rr.com [66.67.134.209] Feb 1 17:23:56 avwall2 sendmail[2650]: j11NNj7B002650: Milter: from=, reject=550 5.7.1 connection "c-24-19-188-76.client.comcast.net" blocked Feb 1 17:23:56 avwall2 sendmail[2650]: j11NNj7B002650: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=c-24-19-188-76.client.comcast.net [24.19.188.76] Feb 1 17:24:57 avwall2 sendmail[2818]: j11NOlmr002818: Milter: from=, reject=550 5.7.1 sender blocked Feb 1 17:24:57 avwall2 sendmail[2818]: j11NOlmr002818: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=cs7011422-167.satx.rr.com [70.114.22.167] Feb 1 17:25:13 avwall2 sendmail[2880]: j11NP2Lf002880: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=rdu26-233-130.nc.rr.com [66.26.233.130] Feb 1 17:25:51 avwall2 sendmail[3014]: j11NPZbi003014: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=adsl-67-37-236-140.dsl.chcgil.ameritech.net [67.37.236.140] Notice all the ernest*@ addresses? I also utilize the greet_pause feature of sendmail-8.13.x Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From carinus.carelse at MRC.AC.ZA Wed Feb 2 04:49:52 2005 From: carinus.carelse at MRC.AC.ZA (Carinus Carelse) Date: Thu Jan 12 21:28:24 2006 Subject: MailWatch Query Message-ID: No what seems to be happening is that I have two copies as of MailScanner running on the same box one scanning the internal queue and one scanning the external queue. I have set them both up to log to different mysql databases this was working very well but as soon as i take the MailScanner to the new version it seems to log everything to just the one database even though it has two different names and two different id's used for accessingit. I suspect that what is happening is that the MailScanners are doing is that they are coming up and the first one connects to the database and then the second MailScanner comes up and it's info is forced through the first connection as opposed to connecting to it's own database and logging there. Carinus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jim at SASHBOX.NET Wed Feb 2 04:50:24 2005 From: jim at SASHBOX.NET (Jim Barry) Date: Thu Jan 12 21:28:24 2006 Subject: Munged 'reports' Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Been seeing this type of thing often lately.... $longspamreport seems to give choppy/inaccurate reports... Most often when reporting things like spam scores and razor scores... Any ideas? SA 3.0.2 and MS 4.38.9-1 pts rule name description ---- ---------------------- -------------------------------------------------- 5.8 BAYES_99 BODY: Bayesian spam probability is 99 to 100 to 90 to 10% of HTML elements are non-standard 0.0 HTML_MESSAGE BODY: HTML included in message 2.4 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME parts ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From carinus.carelse at MRC.AC.ZA Wed Feb 2 04:59:17 2005 From: carinus.carelse at MRC.AC.ZA (Carinus Carelse) Date: Thu Jan 12 21:28:24 2006 Subject: Report Summary Message-ID: I wonder if anyone has seen a script that will scan the logs for the preovious day and extract a summary report of spam per user then email each user a list of what email addressess were trying to send spam to them. Carinus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Wed Feb 2 07:56:40 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:24 2006 Subject: MScanner Disaster Recovery Message-ID: >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Joe Smith >Sent: 01 February 2005 18:21 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: MScanner Disaster Recovery > >On Tue, 1 Feb 2005, Stephen Swaney wrote: > >> With this configuration it's lose a gateway at 1:00 AM - fix >it the next >> morning because email will still be delivered. > >What about when the gateway that goes down also handles the >POP3 accounts? >I know about the only way to provide a secondary lookup for a >POP3 server >is via DNS somehow, and this could have way too much lag time. > It is good system and security practice to maintain separation of function. Mail gateways/relays should not also be mailbox servers. These are separate functions often run by different parts of an organisation. For example at this university the central computing service (ISS) is responsible for the mail gateways of which we have 8, all with identical software and tables and running as equal value MX hosts for our domains. This is an easily scalable architecture and provides resiliance through redundancy. No user access is required to these relays. They act as the SMTP "firewall" for the site. They are simple to maintain and upgrade. Behind these the university runs many mailbox servers. Only some of these are run by the ISS. The rest are run by departments and projects. But _all_ mail servers must route their outgoing mail through the mail gateways (the SMTP firewalls). As implied above _all_ incoming mail to the site is also routed through the mail gateways (and hence through MS + SA + friends). I do acknowledge though that while it is easy to provide a resilient and scaleable mail gateway architecture it is rather more difficult to provide a scaleable and resilient mail server architecture. We have a number of stand-alone Unix-based POP & IMAP servers (and a few remaining Novel POP servers) but the most resilient and scaleable mail server architecture we run is that based around a cluster of Exchange servers running with automatic failover. This is not a cheap solution however! By keeping the mail relay machines separate from mail gateway machines we are free to evaluate many different mail server arhitectures and services, often running on operating systems different to that which runs on our mail gateways. A useful read is the UKERNA techical guide "Designing Reliable Mail Systems" - see http://www.ja.net/documents/tg_reliablemail.pdf. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vinet138 at YAHOO.COM Wed Feb 2 08:40:26 2005 From: vinet138 at YAHOO.COM (Bill Smith) Date: Thu Jan 12 21:28:24 2006 Subject: MScanner Disaster Recovery Message-ID: Thanks for all the input. Bill Quentin Campbell wrote: >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Stephen Swaney >Sent: 01 February 2005 17:22 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: MScanner Disaster Recovery > >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of Bill Smith >Sent: Tuesday, February 01, 2005 10:23 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: MScanner Disaster Recovery > >Hi Folks, > >Does anyone know the best way for disaster recovery MScanner? > >Any advice would be appreciated. > >Bill >________________________________________ > >Easiest way is to setup 2 or more gateways with equal MX >records where the >total number of gateways - 1 will ! easily handle all of the load. > >Secondary Gateway(s) are synchronized manually using a >combination of ssh / >rsync /keychains after configuration changes are made to a >primary gateway. > >With this configuration it's lose a gateway at 1:00 AM - fix >it the next >morning because email will still be delivered. > >Steve >Steve Swaney >President >Fortress Systems Ltd. >www.fsl.com >steve.swaney@fsl.com In addition to the added resiliance that having two or more MailScanner gateways gives you, it also makes upgrades of OS and applications (MS, SA, etc) more straightforward. You can afford to have a mail gateway out of service for upgardes without impacting the overall service. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ________________________________________________________________________________ Do you Yahoo!? Yahoo! Search presents - Jib Jab's 'Second Term' ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Feb 2 09:12:08 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:24 2006 Subject: Non Nested rules quiry Message-ID: Might it be the ".list" ending on %rules-dir%/chinaemail.rules.list that is giving you grief? IIRC rules files need end in .rule or .rules. -- Glenn -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Howard Robinson Sent: den 1 februari 2005 16:25 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Non Nested rules quiry Hello, I have 60 staff and students in China that keep having their emails coming into college marked as spam. They are using about 10 different domains. I want to allow emails from them to four specific staff members here without them being checked for spam. I though I had it sussed but Mailscanner protests when restarting with a syntax error in the rules file. What I have tried so far is:- In MailScanner.conf I have (with other blurb snipped and tabs for spacing) Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules In %rules-dir%/spam.whitelist.rules # note line wrapped To: usera@harper-adams.ac.uk /etc/MailScanner/rules/chinaemail.rules.list FromOrTo: default no In /etc/MailScanner/rules/chinaemail.rules.list I have From: userz@domain1 yes From: usery@domain2 yes From: userx@domain1 yes FromOrTo: default no My idea was that only if it were for usera would mailscanner need to look at the from address however in the book (p309) it says that rules can't be nested other than files full address patterns. However p304 option 14 looks to me to contradict this. Have I got this wrong? Regards Howard Robinson (Senior Technical Development Officer) Harper Adams University College Edgmond Newport Shropshire TF10 8NB UK E-mail: hrobinson@harper-adams.ac.uk Tel. : +44(0)1952 820280 Via switchboard : +44(0)1952 815253 Direct line Fax. : +44(0)1952 814783 College Web site http://www.harper-adams.ac.uk ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Feb 2 09:16:59 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:24 2006 Subject: MailWatch Query Message-ID: Carinus From memory (and it's worse every day :-) there's a few fun and games in getting two MS instances running on the same box. I'd make sure when you upgraded you made sure the MailWatch.pm require line in Custom.pm points to the full patch, or put it in the CustomFunctions dir and make sure the MailScanner.conf has the correct path for the CustomFunctions dir. Also please include at least some of thread you are replying to as we forget what the conversion is about.... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Carinus Carelse wrote: > No what seems to be happening is that I have two copies as of MailScanner > running on the same box one scanning the internal queue and one scanning the > external queue. I have set them both up to log to different mysql databases > this was working very well but as soon as i take the MailScanner to the new > version it seems to log everything to just the one database even though it > has two different names and two different id's used for accessingit. I > suspect that what is happening is that the MailScanners are doing is that > they are coming up and the first one connects to the database and then the > second MailScanner comes up and it's info is forced through the first > connection as opposed to connecting to it's own database and logging there. > > > Carinus > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Feb 2 09:22:35 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:24 2006 Subject: Messages received and processed, but not being delivered Message-ID: Isi try taking the blank lines out of the rule files. You can debug what is happening by stopping MS, changing the Debug statements to YES in MailScanner.conf and running checkmailscanner which will dump a load of instrumentation to the screen as MS runs.. If you haven't kept archive copies (or a store action in a ruleset) you haven't got the emails to reprocess. You might to turn on the archive action while you are testing all this..so you can reprocess the messages if you need to. I'd also move the RBL's in SA as if you have in MS they act a blacklist, not just adding to the spam score. Oh and turn off autowhitelist and the ALL_TRUSTED rule in spam.assassin.prefs.conf as well. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Isi Lawson wrote: > Hello All, > > I have found a problem that I could find no details about on the maillist. > Perhaps it is new. > > I have had a working installation of MailScanner for about 6 months now. > Last night I added a ruleset that broke my installation. Backing out the > ruleset allow it to work normally again. I am looking for some insight on > 2 things: > > 1) my does this not work. > 2) how can i get my mail back. > > Here is what happened. > > I modified this setting (/etc/MailScanner.conf) > From: > Non Spam Actions = deliver > > To: > Non Spam Actions = /etc/MailScanner/rules/nonspam.action.rules > > > I then added this file containing the rules > (/etc/MailScanner/rules/nonspam.action.rules) > > # domain1.net > FromOrTo: *@domain1.net deliver > > # domain2.com > FromOrTo: *@domain2.com deliver > > # domain3.net > FromOrTo: *@domain3.net deliver > > # Default Configuration > FromOrTo: Default deliver > > > I restart mailscanner (service MailScanner restart) and everything looks > like it comes up in correctly in the logs /var/log/maillog. > > Jan 31 22:43:16 abaddon postfix/postfix-script: starting the Postfix mail > system > Jan 31 22:43:16 abaddon postfix/master[9080]: daemon started -- version 2.1.5 > Jan 31 22:43:16 abaddon postfix/postfix-script: fatal: the Postfix mail > system is already running > Jan 31 22:43:17 abaddon MailScanner[9104]: MailScanner E-Mail Virus > Scanner version 4.37.7 starting... > Jan 31 22:43:17 abaddon MailScanner[9104]: Config: calling custom init > function MailWatchLogging > Jan 31 22:43:17 abaddon MailScanner[9104]: Started SQL Logging child > Jan 31 22:43:18 abaddon MailScanner[9104]: Enabling SpamAssassin > auto-whitelist functionality... > Jan 31 22:43:20 abaddon MailScanner[9104]: Using locktype = flock > > > When i send a message through i also see normal logs: /var/log/maillog > > Jan 31 23:52:49 abaddon postfix/smtpd[2112]: connect from > web13806.mail.yahoo.com[216.136.175.16] > Jan 31 23:52:49 abaddon postfix/smtpd[2112]: 874353800082: > client=web13806.mail.yahoo.com[216.136.175.16] > Jan 31 23:52:49 abaddon postfix/cleanup[2114]: 874353800082: hold: header > Received: from web13806.mail.yahoo.com (web13806.mail.yahoo. > com [216.136.175.16])??by smtp01.purecomputing.net (Postfix) with SMTP id > 874353800082??for ; Mon, 31 Jan 2005 23: > 52:49 from web13806.mail.yahoo.com[216.136.175.16]; > from= to= proto=SMTP > helo= yahoo.com> > Jan 31 23:52:49 abaddon postfix/cleanup[2114]: 874353800082: hold: header > Received: (qmail 17030 invoked by uid 60001); 1 Feb 2005 04: > 52:48 -0000 from web13806.mail.yahoo.com[216.136.175.16]; > from= to= proto=SMTP helo= mail.yahoo.com> > Jan 31 23:52:49 abaddon postfix/cleanup[2114]: 874353800082: > message-id=<20050201045248.17028.qmail@web13806.mail.yahoo.com> > Jan 31 23:52:49 abaddon postfix/cleanup[2114]: 874353800082: hold: header > Received: from [68.158.37.209] by web13806.mail.yahoo.com vi > a HTTP; Mon, 31 Jan 2005 20:52:48 PST from > web13806.mail.yahoo.com[216.136.175.16]; from= > to= > proto=SMTP helo= > Jan 31 23:52:49 abaddon postfix/smtpd[2112]: disconnect from > web13806.mail.yahoo.com[216.136.175.16] > Jan 31 23:52:51 abaddon MailScanner[2019]: New Batch: Scanning 1 messages, > 1480 bytes > Jan 31 23:52:52 abaddon MailScanner[2019]: Virus and Content Scanning: > Starting > Jan 31 23:52:54 abaddon MailScanner[2019]: Logging message > 874353800082.53026 to SQL > > And the transaction ends right there. There is no more activity until i > send another test message. What i see is the message come in normally, > get processed by mailscanner but never get put back on the outgoing queue > so that postfix can send it. > > After much troubleshooting (i didn't correlate the rule addition with this > problem) I decided to remove the Non Spam rule in MailScanner.conf and > restarted. Everything started working just fine. > > I have it working not but would like to know how to get the ruleset work > properly for Non Spam Actions and secondly how to recover my messages that > I can see came in (via the logs and mailwatch) but are not anywhere that i > have found on the system. (thoughts) > > Hardware: P4 2.4, 512Meg, 1x60gig, 1x100Mbit > Software: Redhat 9, Postfix, Spamassassin, DCC, Pyzor, Razor, MailWatch > RBLs: None in MTA, ORDB-RBL and SBL+XBL in MailScanner, None in SpamAssassin > Virus Scanners: ClamAV, BitDefender > Volume: ~500 messages/day > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Feb 2 09:24:59 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:24 2006 Subject: Report Summary Message-ID: Carinus Have a look at the quarantine report at http://www.fsl.com/support/QuarantineReport.tar.gz sound like just what you need. Only works with Exim or Sendmail MTA's though.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Carinus Carelse wrote: > I wonder if anyone has seen a script that will scan the logs for the preovious > day and extract a summary report of spam per user then email each user a list > of what email addressess were trying to send spam to them. > > > Carinus > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From carinus.carelse at MRC.AC.ZA Wed Feb 2 10:24:11 2005 From: carinus.carelse at MRC.AC.ZA (Carinus Carelse) Date: Thu Jan 12 21:28:24 2006 Subject: Report Summary Message-ID: I wonder how can i test this with out sending an email to everyone and just seeing what it does? The quarantine report I mean. Carinus Martin Hepworth wrote: > Carinus > > Have a look at the quarantine report at > http://www.fsl.com/support/QuarantineReport.tar.gz sound like just what > you need. Only works with Exim or Sendmail MTA's though.. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > Carinus Carelse wrote: > > I wonder if anyone has seen a script that will scan the logs for the preovious > > day and extract a summary report of spam per user then email each user a list > > of what email addressess were trying to send spam to them. > > > > > > Carinus > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dannyh at aac-services.co.uk Wed Feb 2 11:32:50 2005 From: dannyh at aac-services.co.uk (Dan Harris) Date: Thu Jan 12 21:28:24 2006 Subject: Kaspersky AV update failure caused MS to hang Message-ID: Hi, I had a situation at 13:15 GMT yesterday where failed update to my Kaspersky 5.0.2 installation caused MailScanner to hang without warning or error, the only hint of anything wrong being in the kavupdater.log file. I have "Virus Scanners = clamav bitdefender mcafee kaspersky-4.5" and "Virus Scanner Timeout = 300" in my MS config file. An initial restart of MS seemed to be going ok, doing the spam checks on the first batch of 30 messages before hanging again after the "Virus and Content Scanning: Starting" message. This was repeated several times before I spotted the correlation between the times of the hang and the failed KAV update. Removing KAV from the Virus Scanners list and restarting MS worked round the problem, and a later KAV update seems to have fixed it. So, I was wondering if: A) Has anyone else witnessed this behaviour, either with KAV or any other AV product? B) How aggressive is the Virus Scanner Timeout setting, and should it add an appropriate error message in the log file? By aggressive I mean does it pass this value to the AV scanner (if it supports it) and rely on that to behave, or does it actively try to kill the process after the timeout period? Next stop Kaspersky Labs support, as I've just noticed that they're now up to version 5.0.5! Best Regards, Dan Harris AAC Services Ltd. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brad at BECKENHAUER.COM Wed Feb 2 11:40:20 2005 From: brad at BECKENHAUER.COM (Brad Beckenhauer) Date: Thu Jan 12 21:28:24 2006 Subject: {Spam? 0.09} check_MailScanner.cron issue in v4.38.9 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I upgraded from 4.35.11 to 4.38.9 using the tar.gz last night. Everything went well during the upgrade, but this morning I noticed that the etc/cron/check_MailScanner.cron job was erroring and here is the exact error message: "/opt/MailScanner/bin/cron/check_MailScanner.cron: line 19: /opt/MailScanner/bin/check_MailScanner: No such file or directory" Here is what I found on my system: /opt/MailScanner/bin/cron/check_MailScanner.cron file references /opt/MailScanner/bin/check_MailScanner /opt/MailScanner/bin/check_MailScanner does not exist ( at least by that name). Solution (pay attention to the case of the file name): edit the /opt/MailScanner/bin/cron/check_MailScanner.cron file and change the filename case in line 19 from: /opt/MailScanner/bin/check_MailScanner to: /opt/MailScanner/bin/check_mailscanner that's all. Julian, Many, Many thanks for MailScanner I've been using MS since version 3.22-12 and have loved every minute of it. I've also bought the book, One of the "early releases" with the bad index, now a reference manual on my shelf. Can't wait to see this new product you've been hinting about the past week or so... A ruleset editor I heard mentioned. -Brad Everything should be as simple as possible but not one bit simpler - Albert Einstein ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Wed Feb 2 11:47:09 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:28:24 2006 Subject: {Spam? 0.09} check_MailScanner.cron issue in v4.38.9 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Brad Beckenhauer wrote: > Can't wait to see this new product you've been hinting about the past week or so... A ruleset editor I heard mentioned. > > -Brad > A ruleset editor already exists for quite some time.. http://msre.sourceforge.net/ - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From karen at PROJECTHARMONY.AM Wed Feb 2 12:24:16 2005 From: karen at PROJECTHARMONY.AM (Karen Mkoyan) Date: Thu Jan 12 21:28:24 2006 Subject: {Spam? 0.09} check_MailScanner.cron issue in v4.38.9 Message-ID: [ The following text is in the "koi8-r" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Just intalled the msre, pretty good tool, if you prefere editing files from web. Karen -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Dhawal Doshy Sent: 2 ÆÅ×ÒÁÌÑ 2005 Ç. 15:47 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: {Spam? 0.09} check_MailScanner.cron issue in v4.38.9 Brad Beckenhauer wrote: > Can't wait to see this new product you've been hinting about the past week or so... A ruleset editor I heard mentioned. > > -Brad > A ruleset editor already exists for quite some time.. http://msre.sourceforge.net/ - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Feb 2 13:56:36 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:24 2006 Subject: Munged 'reports' Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] And what do they look like when viewed in a fixed-pitch font in a wide enough window? Jim Barry wrote: >Been seeing this type of thing often lately.... > >$longspamreport seems to give choppy/inaccurate reports... Most often when >reporting things like spam scores and razor scores... > >Any ideas? > >SA 3.0.2 and MS 4.38.9-1 > > > pts rule name description >---- ---------------------- >-------------------------------------------------- > 5.8 BAYES_99 BODY: Bayesian spam probability is 99 to 100 >to 90 to >10% of HTML elements are non-standard > 0.0 HTML_MESSAGE BODY: HTML included in message > 2.4 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME parts > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Feb 2 13:58:28 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:24 2006 Subject: Non Nested rules quiry Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Howard, For the archives, please can you post the response I sent to you? Thanks, Jules Steen, Glenn wrote: >Might it be the ".list" ending on %rules-dir%/chinaemail.rules.list >that is giving you grief? IIRC rules files need end in >.rule or .rules. > >-- Glenn > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Howard Robinson >Sent: den 1 februari 2005 16:25 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Non Nested rules quiry > > >Hello, >I have 60 staff and students in China that keep having their emails >coming into college marked as spam. They are using about 10 different >domains. >I want to allow emails from them to four specific staff members here >without them being checked for spam. >I though I had it sussed but Mailscanner protests when restarting with a >syntax error in the rules file. >What I have tried so far is:- >In MailScanner.conf I have (with other blurb snipped and tabs for >spacing) >Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules > > >In %rules-dir%/spam.whitelist.rules ># note line wrapped >To: usera@harper-adams.ac.uk >/etc/MailScanner/rules/chinaemail.rules.list > > >FromOrTo: default no > > >In /etc/MailScanner/rules/chinaemail.rules.list >I have >From: userz@domain1 yes >From: usery@domain2 yes >From: userx@domain1 yes >FromOrTo: default no > > >My idea was that only if it were for usera would mailscanner need to >look at the from address however in the book (p309) it says that rules >can't be nested other than files full address patterns. >However p304 option 14 looks to me to contradict this. > > >Have I got this wrong? > > > >Regards > >Howard Robinson >(Senior Technical Development Officer) >Harper Adams University College >Edgmond >Newport >Shropshire >TF10 8NB UK > >E-mail: hrobinson@harper-adams.ac.uk >Tel. : +44(0)1952 820280 Via switchboard > : +44(0)1952 815253 Direct line >Fax. : +44(0)1952 814783 >College Web site http://www.harper-adams.ac.uk > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Wed Feb 2 14:09:10 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:24 2006 Subject: Matching domain to sender. Message-ID: I have not seen this setting and thing that it might prevent a ton of spam. I may be wrong. Just your normal System Adin...no super human traits. Can you run some rule to check the senders ip and or domain name and match that to the mail from address? Thanks for any comments. This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Wed Feb 2 14:24:20 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:28:24 2006 Subject: AW: Matching domain to sender. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] if you need it configure your mta for it (sendmail, postfix ?) most popular mta´s are supporting the mx checks. greetings andy >-----Ursprüngliche Nachricht----- >Von: David Curtis [mailto:DCurtis@SBSCHOOLS.NET] >Gesendet: Mittwoch, 2. Februar 2005 15:09 > >I have not seen this setting and thing that it might prevent a >ton of spam. I may be wrong. Just your normal System Adin...no >super human traits. > >Can you run some rule to check the senders ip and or domain >name and match that to the mail from address? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joey at JOESMITH.NET Wed Feb 2 14:37:12 2005 From: joey at JOESMITH.NET (Joe Smith) Date: Thu Jan 12 21:28:24 2006 Subject: MScanner Disaster Recovery Message-ID: On Wed, 2 Feb 2005, Quentin Campbell wrote: > It is good system and security practice to maintain separation of > function. > > Mail gateways/relays should not also be mailbox servers. These are > separate functions often run by different parts of an organisation. I tend to agree with that senario and have mostly followed that conguration in my mid to high volume servers. I also keep the DNS seperated and network diverse. I also do things like install multiple nics to allow "backhauling" the processed mail to the POP/IMAP machine(s) via a private dedicated lan and not sending it back out the world interface it came in on. I do have a few installations where the seperation of function would be like having 2 engines in a car, one to run the front wheels and one to run the back. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Wed Feb 2 14:56:45 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:24 2006 Subject: AW: Matching domain to sender. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Any idea of where this setting is in postfix. Many thanks for the advice. >>> Andreas.Doerfler@KEMPTEN.DE 2/2/2005 9:24:20 AM >>> if you need it configure your mta for it (sendmail, postfix ?) most popular mta´s are supporting the mx checks. greetings andy >-----Ursprüngliche Nachricht----- >Von: David Curtis [mailto:DCurtis@SBSCHOOLS.NET] >Gesendet: Mittwoch, 2. Februar 2005 15:09 > >I have not seen this setting and thing that it might prevent a >ton of spam. I may be wrong. Just your normal System Adin...no >super human traits. > >Can you run some rule to check the senders ip and or domain >name and match that to the mail from address? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Wed Feb 2 15:02:52 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:28:24 2006 Subject: AW: AW: Matching domain to sender. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] http://www.postfix.org just 2 clicks away .. ;) http://www.postfix.org/documentation.html http://www.postfix.org/ADDRESS_VERIFICATION_README.html http://www.postfix.org/postconf.5.html#reject_unknown_sender_domain greetings andy >-----Ursprüngliche Nachricht----- >Von: David Curtis [mailto:DCurtis@SBSCHOOLS.NET] >Gesendet: Mittwoch, 2. Februar 2005 15:57 >An: MAILSCANNER@JISCMAIL.AC.UK >Betreff: Re: AW: Matching domain to sender. > > >Any idea of where this setting is in postfix. Many thanks for >the advice. > >>>> Andreas.Doerfler@KEMPTEN.DE 2/2/2005 9:24:20 AM >>> >if you need it configure your mta for it (sendmail, postfix ?) >most popular mta´s are supporting the mx checks. > >greetings >andy > >>-----Ursprüngliche Nachricht----- >>Von: David Curtis [mailto:DCurtis@SBSCHOOLS.NET] >>Gesendet: Mittwoch, 2. Februar 2005 15:09 >> >>I have not seen this setting and thing that it might prevent a >>ton of spam. I may be wrong. Just your normal System Adin...no >>super human traits. >> >>Can you run some rule to check the senders ip and or domain >>name and match that to the mail from address? > >------------------------ MailScanner list >------------------------ To unsubscribe, email >jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in >the body of the email. Before posting, read the MAQ >(http://www.mailscanner.biz/maq/) and the archives >(http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > > > > > > >This email may contain information protected under the Family >Educational Rights and Privacy Act (FERPA) or the Health >Insurance Portability and Accountability Act (HIPAA). If this >email contains confidential and/or privileged health or >student information and you are not entitled to access such >information under FERPA or HIPAA, federal regulations require >that you destroy this email without reviewing it and you may >not forward it to anyone. > >------------------------ MailScanner list >------------------------ To unsubscribe, email >jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in >the body of the email. Before posting, read the MAQ >(http://www.mailscanner.biz/maq/) and the archives >(http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From t.d.lee at DURHAM.AC.UK Wed Feb 2 15:12:21 2005 From: t.d.lee at DURHAM.AC.UK (David Lee) Date: Thu Jan 12 21:28:24 2006 Subject: Matching domain to sender. Message-ID: On Wed, 2 Feb 2005, David Curtis wrote: > I have not seen this setting and thing that it might prevent a ton of > spam. I may be wrong. Just your normal System Adin...no super human > traits. > > Can you run some rule to check the senders ip and or domain name and > match that to the mail from address? > > Thanks for any comments. It may not be as straightforward as it seems on the surface. Who is the "sender", what is the domain name? Example: let's imagine a legitimate mail list to which you and I might both belong. I, "me@mydom.com", send a message to it, "list@listdom.com", hosted on machines at an ISP/university/etc. "ISP.com". You receive this mail. But who has been the "sender" from your perspective? o The visible "From:" contains my "mydom.com": but that is several steps away from the transaction at your site; o The SMTP machine (probably the list expander) pushing it to you is "something.ISP.com", which bears no direct relation to me (email originator) as "sender"; o The envelope "From" contains "owner-list@listdom.com", which doesn't directly trace back to the "ISP.com" DNS names and addresses; o The visible "To:" contains "listdom.com" (which, as a text string, bears no direct relation to your site). So your "check the senders ip and or domain name and match that to the mail from address" becomes non-trivial. Note that an emerging technology, SPF, is designed to help to address the email forgery aspects of the problem if, and as, it gains wider acceptance and use. Indeed, SpamAssassin 3.x is beginning to take account of it. By its very nature, it needs time to ramp up. (It has a few "no pain, no gain" implications, but that's part of life in these spam-riddled days, and no-one has yet come up with a better, and even more widely acceptable, compromise.) Hope taht helps. -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham : : Phone: +44 191 334 2752 U.K. : ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joey at JOESMITH.NET Wed Feb 2 15:21:45 2005 From: joey at JOESMITH.NET (Joe Smith) Date: Thu Jan 12 21:28:24 2006 Subject: Matching domain to sender. Message-ID: On Wed, 2 Feb 2005, David Curtis wrote: > I have not seen this setting and thing that it might prevent a ton of > spam. I may be wrong. Just your normal System Adin...no super human > traits. It is becoming less prevalent for spammers to do this, due to better laws and enforcement. They are moving more towards registered or borrowed domains which makes them look legit. However there is a system along the lines you query gaining some popularity, SPF. Have a look: http://spf.pobox.com I have started configuring some of my domains to respond to spf queries. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Danny_Beland at PCH.GC.CA Wed Feb 2 15:23:54 2005 From: Danny_Beland at PCH.GC.CA (Danny Beland) Date: Thu Jan 12 21:28:24 2006 Subject: Scan for viruses before scanning for spam Message-ID: Is there a way to scan for viruses before scanning for spam or to scan forwarded messages for viruses? The problem we have is we set MailScanner to forward all spam to a mailbox, when it forwards it, it doesn't scan the message for viruses. We use SA 2.64 and McAfee virus scan. Thanks, Danny ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Wed Feb 2 15:35:30 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:24 2006 Subject: Matching domain to sender. Message-ID: Once I started diving into the Postfix settings I realized that what I wanted was not simple and as you stated I now understand why it is not so simple. Thanks for the help. >>> t.d.lee@DURHAM.AC.UK 2/2/2005 10:12:21 AM >>> On Wed, 2 Feb 2005, David Curtis wrote: > I have not seen this setting and thing that it might prevent a ton of > spam. I may be wrong. Just your normal System Adin...no super human > traits. > > Can you run some rule to check the senders ip and or domain name and > match that to the mail from address? > > Thanks for any comments. It may not be as straightforward as it seems on the surface. Who is the "sender", what is the domain name? Example: let's imagine a legitimate mail list to which you and I might both belong. I, "me@mydom.com", send a message to it, "list@listdom.com", hosted on machines at an ISP/university/etc. "ISP.com". You receive this mail. But who has been the "sender" from your perspective? o The visible "From:" contains my "mydom.com": but that is several steps away from the transaction at your site; o The SMTP machine (probably the list expander) pushing it to you is "something.ISP.com", which bears no direct relation to me (email originator) as "sender"; o The envelope "From" contains "owner-list@listdom.com", which doesn't directly trace back to the "ISP.com" DNS names and addresses; o The visible "To:" contains "listdom.com" (which, as a text string, bears no direct relation to your site). So your "check the senders ip and or domain name and match that to the mail from address" becomes non-trivial. Note that an emerging technology, SPF, is designed to help to address the email forgery aspects of the problem if, and as, it gains wider acceptance and use. Indeed, SpamAssassin 3.x is beginning to take account of it. By its very nature, it needs time to ramp up. (It has a few "no pain, no gain" implications, but that's part of life in these spam-riddled days, and no-one has yet come up with a better, and even more widely acceptable, compromise.) Hope taht helps. -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham : : Phone: +44 191 334 2752 U.K. : ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From billy at PLANETGEEK.BIZ Wed Feb 2 16:51:41 2005 From: billy at PLANETGEEK.BIZ (Billy Pumphrey) Date: Thu Jan 12 21:28:24 2006 Subject: OT Taking care of mail errors and dnsreport.com Message-ID: My alias file seems to be /etc/aliases and it has: # # Aliases in this file will NOT be expanded in the header from # Mail, but WILL be visible over networks or from /bin/mail. # # >>>>>>>>>> The program "newaliases" must be run after # >> NOTE >> this file is updated for any changes to # >>>>>>>>>> show through to sendmail. # # Basic system aliases -- these MUST be present. mailer-daemon: postmaster postmaster: root Then some other entries.............. Then ... # mailman aliases mailman: postmaster mailman-owner: mailman newsadm: news newsadmin: news usenet: news ftpadm: ftp ftpadmin: ftp ftp-adm: ftp ftp-admin: ftp # trap decode to catch security attacks decode: root # Person who should get root's mail root: administrator@woodmaclaw.com ---------- In my mailertable I have this.... woodmaclaw.com esmtp:[10.1.1.2] www.woodmaclaw.com esmtp:[10.1.1.2] ---------- In my relay-domains I have this.... Woodmaclaw.com www.woodmaclaw.com I am confused about naming the mailscanner.woodmaclaw.local to mailscanner.woodmaclaw.com. Do I need to do this even though the computer is in my local domain? Seems like you have a similar setup as me? I have... --- path of mail ---- Internet My csu/dsu 68.xxx.xxx.xxx My router (linux smoothwall distro) My mailscanner machine (mailscanner.woodmaclaw.local) My MS Exchange machine (woodendc.woodmaclaw.local) Billy Pumphrey IT Manager Wooden & McLaughlin > -----Original Message----- > From: Kevin Miller [mailto:Kevin_Miller@CI.JUNEAU.AK.US] > Sent: Tuesday, February 01, 2005 1:32 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: OT Taking care of mail errors and dnsreport.com > > Billy Pumphrey wrote: > > I don't know where to get better help, so I am hoping that > someone can > > shoot an answer to these problems. I got digging and it > looks like I > > do not have the best setup. > > > > Here is my basic setup: > > Mailscanner is the gateway between the internet and my MS Exchange > > server. MailScanner running RulesDeJour, SpamAssassin, and Sophos. > > Linux release 9, Kernel 2.4.20-8. > > Spamassassin version 2.61 > > MailScanner version 4.25-14 > > > > http://www.dnsreport.com/tools/dnsreport.ch?domain=woodmaclaw.com > > > > I believe that these errors are coming from my mailscanner machine > > name mailscanner.woodmaclaw.local. I do not know how to configure > > sendmail to accept the postmaster address for example. All > of those > > warnings and errors in that report I would guess would be a > good idea > > to get fixed? > > > > What started me on this and what I really need to get fixed > is there > > is a domain that is having problems with emails getting to my > > mailserver. > > From houseinvestments.com. Error like this are coming = > 550 5.7.1 we > > do not relay. > > > > I havce searched and searched on this error and tried to > see what the > > problem is on the exchange server. I cannot find what the > problem is. > > Any help on getting these errors taken care of is greatly > appreciated. > > I'm not a sendmail guru by any stretch. Probably even more clueless > than most , but I'll chime in anyway. Keeps me humble. > > What do you have in your alias file in /etc/sendmail? I have a line > that > says: > > postmaster: root > > (use a tab ot separate the above entries) > > My MailScanner box is just a gateway so I also added a .forward file > in /root which contains the address to forward to on our internal mail > server. > > It may be as simple as changing the name of the server to .com instead > of .local though. If that's not in the cards, then I'd look at using > mailertable to define what hosts you forward mail to. Without knowing > your network layout, I'd offer this: The internet facing machine > should be named mail.woodmaclaw.com, and if it just accepts and > forwards mail to an internal host it should have entries in the > relay-domain file for what domains it will accept for and in the > mailertable for where to send them. At least that's how I'm set up > and it works for me. Hope this helps... > > > ...Kevin > -- > Kevin Miller Registered Linux User No: 307357 > CBJ MIS Dept. Network Systems Admin., Mail Admin. > 155 South Seward Street ph: (907) 586-0242 > Juneau, Alaska 99801 fax: (907 586-4500 > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed Feb 2 16:49:02 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:28:24 2006 Subject: Scan for viruses before scanning for spam Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Danny Beland wrote: > Is there a way to scan for viruses before scanning for spam or to scan > forwarded messages for viruses? The problem we have is we set MailScanner > to forward all spam to a mailbox, when it forwards it, it doesn't scan the > message for viruses. We use SA 2.64 and McAfee virus scan. Are you sure it doesn't scan it? I forward low-scoring spam and they all have this header: X-camo-route-MailScanner: Found to be clean > > Thanks, > > Danny > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Wed Feb 2 17:20:37 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:24 2006 Subject: Matching domain to sender. Message-ID: At 09:09 AM 2/2/2005, David Curtis wrote: >I have not seen this setting and thing that it might prevent a ton of >spam. I may be wrong. Just your normal System Adin...no super human >traits. > >Can you run some rule to check the senders ip and or domain name and >match that to the mail from address? One word of caution with this. Don't expect this to be have a low false-positive rate. It's very common to use MX's which mismatch the domain name of the server. For example, xanadu.evi-inc.com acts as the outbound MX for both mkettler@evi-inc.com and mkettler@evitechnology.com. Really, this is what SPF is for. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ard at PERGAMENTUM.COM Wed Feb 2 17:39:06 2005 From: ard at PERGAMENTUM.COM (Alisdair Davey) Date: Thu Jan 12 21:28:24 2006 Subject: Sending just non virus notices Message-ID: Is there a way to configure "Send Notices" in such a way that I don't get Virus notifications, but do get notifications about bad filenames / scripts etc? I could swear I'd seen something about this on the list in the past but, can't find anything in the archive. Cheers Alisdair -- Dr Alisdair Davey ard@pergamentum.com Pergamentum Solutions Tel: 1-303-981-9838 2066 Dailey Lane Superior, CO 80027 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Wed Feb 2 18:10:34 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:28:24 2006 Subject: OT Taking care of mail errors and dnsreport.com Message-ID: Billy Pumphrey wrote: > My alias file seems to be /etc/aliases and it has: > # > # Aliases in this file will NOT be expanded in the header from # > Mail, but WILL be visible over networks or from /bin/mail. > # > # >>>>>>>>>> The program "newaliases" must be run after > # >> NOTE >> this file is updated for any changes to > # >>>>>>>>>> show through to sendmail. > # > > # Basic system aliases -- these MUST be present. > mailer-daemon: postmaster > postmaster: root Pretty much like mine, except I have: postmaster: root mailer-daemon: postmaster Don't know if the order makes any difference. > # Person who should get root's mail > root: administrator@woodmaclaw.com I don't have this. What I did was in root's home dir (/root) I created a file called .forward and put in the following: postmaster@ci.juneau.ak.us You might want to add postmaster@woodmaclaw.com as a 2nd email address for Administrator in Exchange, so that the Exchange server accepts that, or conversely, put administrator@woodmaclaw.com in your .forward file. Or both just to be safe. Might all be much of a muchness, but I know using a forward file works. > ---------- In my mailertable I have this.... > woodmaclaw.com esmtp:[10.1.1.2] > www.woodmaclaw.com esmtp:[10.1.1.2] That looks fine (assuming that someone actually sends to someone@www.woodmaclaw.com - I'd expect www to refer to a machine in the woodmaclaw.com domain rather than a mail domain but there's nothing that says it can't be both). I also assume that 10.1.1.2 *isn't* the IP address of mail.woodmaclaw.com, but is instead the internal address of the machine to forward to. Did you create the mailertable.db? You have to run the following command whenever you change a file like access, or mailertable: makemap hash /etc/mail/mailertable < /etc/mail/mailertable makemap hash /etc/mail/access < /etc/mail/access If you don't do that, sendmail will never use the changes. In my circumstances, the mailertable, access table, etc. are pretty humble, but an ISP that is hosting hundreds or more domains might have a huge table so sendmail wants to create a db out of it for better performance. The makemap command builds the database. Also, make sure you use tabs, not spaces between the domain name and emspt... > ---------- In my relay-domains I have this.... > Woodmaclaw.com > www.woodmaclaw.com That looks fine. Or at least it looks similar to mine. This file doesn't need to be hashed like the mailertable or the access table. And, in your sendmail.cf you should have the following (I'm assuming you have an access table - can't recall if you mentioned it or not): FEATURE(`mailertable')dnl FEATURE(`access_db')dnl dnl These mailers are available. per default only smtp is used. You have dnl to add entries to /etc/mail/mailertable to enable one of the other dnl mailers. MAILER(`local')dnl MAILER(`smtp')dnl If you change your sendmail.cf you'll have to regenerate your /etc/sendmail.conf > I am confused about naming the mailscanner.woodmaclaw.local to > mailscanner.woodmaclaw.com. Do I need to do this even though the > computer is in my local domain? I think this is actually OK - it needs to be .com on the outside, but can be .local on the inside. I was a bit befuddled yesterday by your description. I think I sorted it out in my mind. > Seems like you have a similar setup as me? I have... > --- path of mail ---- > Internet > My csu/dsu 68.xxx.xxx.xxx > My router (linux smoothwall distro) > My mailscanner machine (mailscanner.woodmaclaw.local) > My MS Exchange machine (woodendc.woodmaclaw.local) Does the Exchange server accept mail for someone@woodmaclaw.com? It will need to do that of course. Beyond that, I can't think of what else might be goofy. Hope this helps... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Feb 2 18:46:03 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:24 2006 Subject: Sending just non virus notices Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Just filter your notifications feed with procmail or similar. Alisdair Davey wrote: >Is there a way to configure "Send Notices" in such a way that I don't get >Virus notifications, but do get notifications about bad filenames / scripts >etc? I could swear I'd seen something about this on the list in the past >but, can't find anything in the archive. >Cheers >Alisdair > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Feb 2 18:38:01 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:24 2006 Subject: OT Taking care of mail errors and dnsreport.com Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Billy Pumphrey wrote: > My alias file seems to be /etc/aliases and it has: > # > # Aliases in this file will NOT be expanded in the header from # Mail, but > WILL be visible over networks or from /bin/mail. > # > # >>>>>>>>>> The program "newaliases" must be run after > # >> NOTE >> this file is updated for any changes to > # >>>>>>>>>> show through to sendmail. > # > > # Basic system aliases -- these MUST be present. > mailer-daemon: postmaster > postmaster: root > > Then some other entries.............. > Then ... > > # mailman aliases > mailman: postmaster > mailman-owner: mailman > > newsadm: news > newsadmin: news > usenet: news > ftpadm: ftp > ftpadmin: ftp > ftp-adm: ftp > ftp-admin: ftp > > # trap decode to catch security attacks > decode: root > > # Person who should get root's mail > root: administrator@woodmaclaw.com > > ---------- In my mailertable I have this.... > woodmaclaw.com esmtp:[10.1.1.2] > www.woodmaclaw.com esmtp:[10.1.1.2] > > ---------- In my relay-domains I have this.... > Woodmaclaw.com > www.woodmaclaw.com > > I am confused about naming the mailscanner.woodmaclaw.local to > mailscanner.woodmaclaw.com. Do I need to do this even though the computer > is in my local domain? > > Seems like you have a similar setup as me? I have... > --- path of mail ---- > Internet > My csu/dsu 68.xxx.xxx.xxx > My router (linux smoothwall distro) > My mailscanner machine (mailscanner.woodmaclaw.local) My MS Exchange machine > (woodendc.woodmaclaw.local) If the computer needs to get - receive from the internet, it needs a real upper level domain, not local. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Wed Feb 2 19:16:20 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:28:24 2006 Subject: OT Taking care of mail errors and dnsreport.com Message-ID: Scott Silva wrote: snip >> Internet >> My csu/dsu 68.xxx.xxx.xxx >> My router (linux smoothwall distro) >> My mailscanner machine (mailscanner.woodmaclaw.local) My MS Exchange >> machine (woodendc.woodmaclaw.local) > If the computer needs to get - receive from the internet, it needs a > real upper level domain, not local. I believe his mailscanner.woodmaclaw.local and his mail.woodmaclaw.com machine are the same host. One being the internal name, the other external. Billy can correct me if I'm wrong... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From webalizer at NWCWEB.COM Wed Feb 2 19:36:16 2005 From: webalizer at NWCWEB.COM (Dave Duffner - NWCWEB.com) Date: Thu Jan 12 21:28:24 2006 Subject: OT Taking care of mail errors and dnsreport.com Message-ID: Greetings, Just as a side note on this thread I've been watching... The last 2 weeks I've had very strange reports from both dnsreports and dnsstuff that don't match. dnsreports keeps giving false errors that dnsstuff shows as being OK. So this may not even be a true error being chased down, may want to run tests through other points and see if you get the same results! David J. Duffner VP Operations NWCWEB www.nwcweb.com > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Kevin Miller > Sent: Wednesday, February 02, 2005 2:16 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: OT Taking care of mail errors and dnsreport.com > > > Scott Silva wrote: > snip > >> Internet > >> My csu/dsu 68.xxx.xxx.xxx > >> My router (linux smoothwall distro) > >> My mailscanner machine (mailscanner.woodmaclaw.local) My > MS Exchange > >> machine (woodendc.woodmaclaw.local) > > > If the computer needs to get - receive from the internet, > it needs a > > real upper level domain, not local. > > I believe his mailscanner.woodmaclaw.local and his > mail.woodmaclaw.com machine are the same host. One being the > internal name, the other external. Billy can correct me if > I'm wrong... > > ...Kevin > -- > Kevin Miller Registered Linux User No: 307357 > CBJ MIS Dept. Network Systems Admin., Mail Admin. > 155 South Seward Street ph: (907) 586-0242 > Juneau, Alaska 99801 fax: (907 586-4500 > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' > in the body of the email. Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Message scanned by MailScanner, and is believed to be clean. CONFIDENTIALITY NOTICE: This transmission intended for the specified destination and person. If this is not you, this e-mail must be deleted immediately. www.nwcweb.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Feb 2 19:41:14 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:24 2006 Subject: 4.38.10 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have had a teensy little bug in the handling of the phishing.safe.sites.conf file reported. As I'm off tomorrow morning, I have just fixed it and released a new version. If a few of you could try it quickly for me and confirm if there are any problems in the next 2 hours or so, I will leave happy that it is fixed. You have the bug if your MailScanner won't start at all and "Debug = yes" makes it report an error in Config.pm around line 808. This bug will not appear in any version before 4.38 as the code containing it didn't exist then. Thanks folks! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Wed Feb 2 19:43:19 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:28:24 2006 Subject: OT Taking care of mail errors and dnsreport.com Message-ID: Dave Duffner - NWCWEB.com wrote: > Greetings, > > Just as a side note on this thread I've been > watching... The last 2 weeks I've had very strange > reports from both dnsreports and dnsstuff that don't > match. dnsreports keeps giving false errors that > dnsstuff shows as being OK. > > So this may not even be a true error being > chased down, may want to run tests through other > points and see if you get the same results! I just sent a note off to postmaster@woodmaclaw.com, but then doublechecked dnsreports. It looks like it's backup.mywebmailserver.com that's misconfigured, not mail.woodmaclaw.com. All my original comments apply still, I think, but the addresses in the mailer-table might be different depending on his IP layout. Dnsreport message: ------------------- ERROR: One or more of your mailservers does not accept mail to postmaster@woodmaclaw.com. Mailservers are required (RFC822 6.3, RFC1123 5.2.7, and RFC2821 4.5.1) to accept mail to postmaster. backup.mywebmailserver.com's postmaster response: ^^^^^^ >>> RCPT TO: <<< 550 5.7.1 ... we do not relay <> ------------------- S'later... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Wed Feb 2 19:44:23 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:24 2006 Subject: Blantent plagerism... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kevin Miller wrote: >I'm building a new iteration of MailScanner on a faster box. A nice feature >Julian's added is the %web-site% variable in the reports where we can send >folks that have run afoul of our spam policies. Being a pragmatic and >frugal sort (pronounced 'lazy sod') I was wondering if anybody had a page up >that they wouldn't mind me plagerizing (with appropriate edits of course) >and loading on our web server. > > Well mine is the disclaimer signature... (It too has been err assisted from others :-) ) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Wed Feb 2 21:40:02 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:24 2006 Subject: 4.38.10 Message-ID: Hi! > I have had a teensy little bug in the handling of the > phishing.safe.sites.conf file reported. > As I'm off tomorrow morning, I have just fixed it and released a new > version. > > If a few of you could try it quickly for me and confirm if there are any > problems in the next 2 hours or so, I will leave happy that it is fixed. > > You have the bug if your MailScanner won't start at all and "Debug = > yes" makes it report an error in Config.pm around line 808. > > This bug will not appear in any version before 4.38 as the code > containing it didn't exist then. Besides the version number that still shows 4.38.9 its running just fine. Perhaps you can make the: Log Dangerous HTML Tags = yes Default to no, since its pretty annoying in the logs when not 'debugging' :) Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kenneth at CANCUN.NET Wed Feb 2 23:20:21 2005 From: kenneth at CANCUN.NET (Kenneth Andresen) Date: Thu Jan 12 21:28:24 2006 Subject: Scanning outgoing mails for spam and viruses Message-ID: Hello all, I am trying to find a way to check outgoing mail for spam and viruses prior to sending them, and wonder if this is possible with MailScanner? I am using Squirrelmail as a web based interface for mail, so the messages are generated on the server. Squirrelmail sends the outgoing messages by SMTP, however only messages sent to another account on the server gets scanned. Is it any way to have procmail or similar filter the outgoing messages, and quarantine infected or suspect messages? --- Kenneth ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From PHachey at CITY.CORNWALL.ON.CA Thu Feb 3 00:10:10 2005 From: PHachey at CITY.CORNWALL.ON.CA (Philip Hachey) Date: Thu Jan 12 21:28:24 2006 Subject: SURBL / URIBL not triggered in SA Message-ID: Hi. I've done quite a bit of searching on this, including in the archives for this mail list and while I've seen numerous mentions, I have yet to find a solution. All of the DNS RBL checks in both MailScanner and SpamAssassin get triggered when appropriate, but the only "URI" that gets triggered is the "URI_REDIRECT". There is no SURBL even when I send an email through containing in the body of the message: http://surbl-org-permanent-test-point.com-MUNGED/ (without the -MUNGED) I am using MailScanner 4.38.9 and SpamAssassin 3.0.2 I have installed the latest Net::DNS perl module from CPAN and also installed the tar files from the latest "install-Clam-SA.tar" In /etc/mail/spamassassin, there is an init.pre that calls the URI plugin and a symlink local.cf which points to /etc/MailScanner/spam.assassin.prefs.conf which, for the most part, is the same as the default shipped with MailScanner. Any ideas? Thanks, ---------------------------------- Philip J. Hachey ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Feb 3 00:32:31 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:24 2006 Subject: SURBL / URIBL not triggered in SA Message-ID: At 07:10 PM 2/2/2005, Philip Hachey wrote: >Hi. I've done quite a bit of searching on this, including in the archives >for this mail list and while I've seen numerous mentions, I have yet to >find a solution. > >All of the DNS RBL checks in both MailScanner and SpamAssassin get >triggered when appropriate, but the only "URI" that gets triggered is the >"URI_REDIRECT". There is no SURBL even when I send an email through >containing in the body of the message: > >http://surbl-org-permanent-test-point.com-MUNGED/ >(without the -MUNGED) > >I am using MailScanner 4.38.9 and SpamAssassin 3.0.2 Have you tried debugging it by going straight to the SA command line interface and see if that gets it? First, give sa's lint a whirl and see if there are any complaints (it should run quiet with no output) spamassassin --lint Grab SA's test message, or any other message with complete headers, and edit it to have the URL in it, and run it through spamassassin's test mode: spamassassin -t Volume 200+ messages a day Hardware Athlon 3000+, 1G RAM, 80G Drive Software Fedora Core 2, Exim, Spamassassin, Pyzor, DCC, Mailscanner RBLs None in MTA, All in MailScanner, None in Spamassassin Virus Scanners: ClamAV No attachment limits have been specified in Exim. Searched the web and archives and didn't see the answer to what I need. I'd like to be able to control attachment sizes by domain. I have not been able to find an example of a ruleset with the correct keywords/syntax to limit attachments by domain. I figure one part will be To: *@somedomain.com, but what's the keyword to set the attachment limit or unlimited? TIA, Stephen ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Christo at IT4AFRICA.CO.ZA Thu Feb 3 06:53:55 2005 From: Christo at IT4AFRICA.CO.ZA (Christo Bezuidenhout) Date: Thu Jan 12 21:28:24 2006 Subject: attachment limits ruleset by domain {Virus Scanned} Message-ID: FromOrTo: *@domain 10000000 FromOrTo: default 1000000 First could be From: To: FromOrTo: etc > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of TunedWeb Admin > Sent: 03 February 2005 08:33 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: attachment limits ruleset by domain {Virus Scanned} > > Volume 200+ messages a day > Hardware Athlon 3000+, 1G RAM, 80G Drive Software Fedora Core > 2, Exim, Spamassassin, Pyzor, DCC, Mailscanner RBLs None in > MTA, All in MailScanner, None in Spamassassin Virus Scanners: ClamAV > > No attachment limits have been specified in Exim. > > Searched the web and archives and didn't see the answer to > what I need. > > I'd like to be able to control attachment sizes by domain. I > have not been able to find an example of a ruleset with the > correct keywords/syntax to limit attachments by domain. > > I figure one part will be To: *@somedomain.com, but what's > the keyword to set the attachment limit or unlimited? > > TIA, Stephen > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. > MailScanner thanks transtec Computers for their support. > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dbird at SGHMS.AC.UK Thu Feb 3 12:12:27 2005 From: dbird at SGHMS.AC.UK (Daniel Bird) Date: Thu Jan 12 21:28:24 2006 Subject: [Fwd: too suspicious by half?] Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Found this quite humorous, but am not quite sure why this happened. A good use for the phishing whitelist me thinks , until I can figure out why.... Dan -------- Original Message -------- Subject: too suspicious by half? Date: Thu, 03 Feb 2005 12:00:55 +0000 From: Dominick McIntyre <*****@******> To: Daniel Bird Nice to see your email filter doesn't even trust itself... > > ------ End of Forwarded Message > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner *MailScanner has detected a possible fraud attempt from "www.mailscanner.info" claiming to be* , and is > > believed to be clean. > > MailScanner thanks transtec Computers *MailScanner has detected a possible fraud attempt from "www.transtec.co.uk" claiming to be* for > > their support. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lele at PROFIM.FLORIDA.IT Thu Feb 3 13:13:19 2005 From: lele at PROFIM.FLORIDA.IT (Emanuele Salvador) Date: Thu Jan 12 21:28:24 2006 Subject: Mailscanner, Exim and Message-ID: X-Florida Group-MailScanner-Information: Please contact the ISP for more information X-Florida Group-MailScanner: Found to be clean X-MailScanner-From: lele@profim.florida.it I'm actually running Mailscanner 4.38.9 on a Redhat 9 linux box, along with Exim 4.44, latest spamassassin and McAfee and F-Secure antivirus. Everything seems to work fine but I get a lot of Mailscanner processess when I run ps ax. I tried to debug as per instructions, tried to activate and deactivate virus scanners but have no results. Any suggestions are welcome !! Thanks, Emanuele Salvador A carrot is as close as a rabbit gets to a diamond. - Don Van Vliet - ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From combs at MAGNET.FSU.EDU Thu Feb 3 14:10:20 2005 From: combs at MAGNET.FSU.EDU (Tom Combs) Date: Thu Jan 12 21:28:24 2006 Subject: false positives from spamcop.net? Message-ID: Have there been any reports of problems with the spamcop.net RBL returning false positives on Feb 2? I had some email sent from mail.magnet.fsu.edu to an internal magnet.fsu.edu address that got tagged as spam by spamcop. I checked their website and we are not listed in their database. -- Tom Combs E-mail: combs@magnet.fsu.edu National High Magnetic Field Laboratory Phone: (850) 644-1657 1800 E. Paul Dirac Drive Tallahassee, FL 32310 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Thu Feb 3 14:34:29 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:28:24 2006 Subject: OT: combining mbox files Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, I would like to combine quarantined mail files, which are in mbox format, to a single file. When I run 'cat * >> newfile' the files are combined, but there is no whitespace between each message. I need there to be whitespace between each message; whatever is normally required for an mbox file containg multiples message. Can anyone offer advise please? Thanks, Rod -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nmeverde at NP.K12.MN.US Thu Feb 3 15:07:22 2005 From: nmeverde at NP.K12.MN.US (Nick Meverden) Date: Thu Jan 12 21:28:24 2006 Subject: OT: combining mbox files Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] There are perl modules that you can use to create a mbox and move those messages into it. Read the perldoc for Mail::Box - Nick > Hello, > > I would like to combine quarantined mail files, which are in mbox > format, to a single file. When I run 'cat * >> newfile' the files are > combined, but there is no whitespace between each message. I need there > to be whitespace between each message; whatever is normally required for > an mbox file containg multiples message. Can anyone offer advise please? > > Thanks, > Rod > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Thu Feb 3 14:55:47 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:28:24 2006 Subject: OT: combining mbox files Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rodney Green wrote: > Hello, > > I would like to combine quarantined mail files, which are in mbox > format, to a single file. When I run 'cat * >> newfile' the files are > combined, but there is no whitespace between each message. I need there > to be whitespace between each message; whatever is normally required for > an mbox file containg multiples message. Can anyone offer advise please? > > Thanks, > Rod > Create a list of all you required files, typically 'ls > list_of_files' if they are all in one place OR use the find command to do it. Next do this on the bash (or whatever shell you use) prompt.. for i in `cat list_of_files` # note these are backticks and not quotes do cat $i >> consolidated_file echo "" >> consolidated_file done hope it works. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From davidb at UNIQUEPHOTO.COM Thu Feb 3 15:09:57 2005 From: davidb at UNIQUEPHOTO.COM (David Ballengee) Date: Thu Jan 12 21:28:24 2006 Subject: /etc/cron.hourly/update_virus_scanners getting stuck Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I am running Mail Scanner 4/36/4 with Kaspesky 5.05 email virus scanner using sendmail version 8.12.11. Just recently it seems that the cron job /etc/cron/hourly/update_virus_scanners gets stuck. (It seems to run over and over again when i run a ps -aux When this happens Mail Scanner dies, thus so does sendmail. All the messages get stuck in the queue. There is nothing really special about the machine its running on. HP Xenon 1 gb of ram. Fedora Core 2 any ideas?? -- David Ballengee IT Supervisor Unique Photo (973)377-5555x259 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Feb 3 15:21:36 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:24 2006 Subject: /etc/cron.hourly/update_virus_scanners getting stuck Message-ID: David a couple of people have reported issues with the update scripts. But they were running 5.0.5 (5.0.3 and 5.0.4) so I think they fixed it by upgrading to 5.0.5. hmm on the kapersky support pages... Problems with download servers. We apologize to customers and partners for the problems caused by our download servers over the past few days. A recent virus outbreak and an exceptionally large antivirus database update created an unprecedented load on our servers. This meant the servers were inaccessible for long periods. We have now completely restructured our update procedure. This means that the cumulative update released on 28.01.05, which contributed to the server problems,was the last update of such a large size. We are also reviewing our download server system to ensure that our servers will function effectively at times of peak demand. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 David Ballengee wrote: > I am running Mail Scanner 4/36/4 with Kaspesky 5.05 email virus scanner > using sendmail version 8.12.11. > > Just recently it seems that the cron job > > /etc/cron/hourly/update_virus_scanners gets stuck. (It seems to run over > and over again when i run a ps -aux > > When this happens Mail Scanner dies, thus so does sendmail. All the > messages get stuck in the queue. > > There is nothing really special about the machine its running on. > > HP Xenon 1 gb of ram. Fedora Core 2 > > any ideas?? > > -- > David Ballengee > IT Supervisor > Unique Photo > (973)377-5555x259 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From slewis at COMPLAW.COM Thu Feb 3 15:14:00 2005 From: slewis at COMPLAW.COM (Samuel Lewis) Date: Thu Jan 12 21:28:24 2006 Subject: MailScanner/Clamscan problem Message-ID: [My apologies if this is the second posting of this message; it wasn't clear whether the message posted or not.] I just upgraded to MailScanner-4.38.9-1 and I'm running clamav-0.81. This morning, I attempted to e-mail a .tgz file. When MailScanner attempts to scan the e-mail with the .tgz file attached, I get a whole bunch of entries like: Feb 3 08:09:06 murphy MailScanner[31485]: irdb/author.created_on.idx.lock Feb 3 08:09:07 murphy MailScanner[31485]: ProcessClamAVOutput: unrecognised line "irdb/author.created_on.idx.lock". Please contact the authors! in the /var/log/maillog. It seems to create such an entry for every file in the .tgz file. I've attempted to run clamscan against the .tgz file manually to determine if it is a clamav problem, and clamscan has no problem processing the file. I've also verified that the MailScanner.conf file includes the "Incoming Work Group = clamav" and "Incoming Work Permissions = 0640" as detailed in the clamav-wrapper file. I noticed some discussion about this problem in the list archives, but never saw a resolution other than upgrading to the current version. Any suggestions you can provide are appreciated. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Carl.Andrews at CRACKERBARREL.COM Thu Feb 3 15:27:09 2005 From: Carl.Andrews at CRACKERBARREL.COM (Andrews Carl 448) Date: Thu Jan 12 21:28:24 2006 Subject: New method of Virus Propagation Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Does MS/clamav look inside RAR files? http://www.eweek.com/article2/0,1759,1756636,00.asp Thanks! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Feb 3 15:39:23 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:24 2006 Subject: false positives from spamcop.net? Message-ID: At 09:10 AM 2/3/2005, Tom Combs wrote: >Have there been any reports of problems with the spamcop.net RBL >returning false positives on Feb 2? I had some email sent from >mail.magnet.fsu.edu to an internal magnet.fsu.edu address that got >tagged as spam by spamcop. I checked their website and we are not >listed in their database. Any chance you got reported to spamcop and wound up listed by them for a short period of time? Given the latest trend in spam, zombies that use the proper relay, it's going to be common for spamcop to wind up with short-lived listings for the legitimate mailservers of ISPs. At least, until the spamcop guys clean things up in their reporting engine, which they may have already done. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Thu Feb 3 15:44:03 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:28:24 2006 Subject: New method of Virus Propagation Message-ID: To my knowledge, .rar files are denied by default in the filename.rules.conf Mike ________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Andrews Carl 448 Sent: Thursday, February 03, 2005 9:27 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: New method of Virus Propagation Does MS/clamav look inside RAR files? http://www.eweek.com/article2/0,1759,1756636,00.asp Thanks! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Carl.Andrews at CRACKERBARREL.COM Thu Feb 3 15:39:56 2005 From: Carl.Andrews at CRACKERBARREL.COM (Andrews Carl 448) Date: Thu Jan 12 21:28:24 2006 Subject: New method of Virus Propagation Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Oops! Guess it does: http://www.clamav.net/abstract.html#pagestart -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Andrews Carl 448 Sent: Thursday, February 03, 2005 9:27 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: New method of Virus Propagation Does MS/clamav look inside RAR files? http://www.eweek.com/article2/0,1759,1756636,00.asp Thanks! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Carl.Andrews at CRACKERBARREL.COM Thu Feb 3 15:52:31 2005 From: Carl.Andrews at CRACKERBARREL.COM (Andrews Carl 448) Date: Thu Jan 12 21:28:24 2006 Subject: New method of Virus Propagation Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Oh. Did not look at that file, I was looking at filetype.rules.conf -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Mike Kercher Sent: Thursday, February 03, 2005 9:44 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: New method of Virus Propagation To my knowledge, .rar files are denied by default in the filename.rules.conf Mike ________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Andrews Carl 448 Sent: Thursday, February 03, 2005 9:27 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: New method of Virus Propagation Does MS/clamav look inside RAR files? http://www.eweek.com/article2/0,1759,1756636,00.asp Thanks! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From davidb at UNIQUEPHOTO.COM Thu Feb 3 15:58:09 2005 From: davidb at UNIQUEPHOTO.COM (David Ballengee) Date: Thu Jan 12 21:28:24 2006 Subject: /etc/cron.hourly/update_virus_scanners getting stuck Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] could i just remove /etc/cron.hourly/update_virus_scanners from cron and then just use the kaspserky updater cron job?? Martin Hepworth wrote: > David > > a couple of people have reported issues with the update scripts. But > they were running 5.0.5 (5.0.3 and 5.0.4) so I think they fixed it by > upgrading to 5.0.5. > > hmm on the kapersky support pages... > > Problems with download servers. > > We apologize to customers and partners for the problems caused by our > download servers over the past few days. > > A recent virus outbreak and an exceptionally large antivirus database > update created an unprecedented load on our servers. This meant the > servers were inaccessible for long periods. > > We have now completely restructured our update procedure. This means > that the cumulative update released on 28.01.05, which contributed to > the server problems,was the last update of such a large size. > > We are also reviewing our download server system to ensure that our > servers will function effectively at times of peak demand. > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > David Ballengee wrote: > >> I am running Mail Scanner 4/36/4 with Kaspesky 5.05 email virus scanner >> using sendmail version 8.12.11. >> >> Just recently it seems that the cron job >> >> /etc/cron/hourly/update_virus_scanners gets stuck. (It seems to run over >> and over again when i run a ps -aux >> >> When this happens Mail Scanner dies, thus so does sendmail. All the >> messages get stuck in the queue. >> >> There is nothing really special about the machine its running on. >> >> HP Xenon 1 gb of ram. Fedora Core 2 >> >> any ideas?? >> >> -- >> David Ballengee >> IT Supervisor >> Unique Photo >> (973)377-5555x259 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- David Ballengee IT Supervisor Unique Photo (973)377-5555x259 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Thu Feb 3 16:04:43 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:28:24 2006 Subject: false positives from spamcop.net? Message-ID: I've had a rash of spamcop blocks from sites deemed too critical for sendmail DNSBL blockage (eg Maine State Government, Yahoo lists, a local ISP) so I had to demote spamcop from a sendmail DNSBL down to the "Spam List =" line in MailScanner. I replaced spamcop in my DNSBL with sbl-xbl.spamhaus.org, no complaints so far. Jeff Earickson Colby College On Thu, 3 Feb 2005, Matt Kettler wrote: > Date: Thu, 3 Feb 2005 10:39:23 -0500 > From: Matt Kettler > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: false positives from spamcop.net? > > At 09:10 AM 2/3/2005, Tom Combs wrote: >> Have there been any reports of problems with the spamcop.net RBL >> returning false positives on Feb 2? I had some email sent from >> mail.magnet.fsu.edu to an internal magnet.fsu.edu address that got >> tagged as spam by spamcop. I checked their website and we are not >> listed in their database. > > Any chance you got reported to spamcop and wound up listed by them for a > short period of time? > > Given the latest trend in spam, zombies that use the proper relay, it's > going to be common for spamcop to wind up with short-lived listings for the > legitimate mailservers of ISPs. At least, until the spamcop guys clean > things up in their reporting engine, which they may have already done. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Feb 3 16:07:56 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:24 2006 Subject: /etc/cron.hourly/update_virus_scanners getting stuck Message-ID: David Assuming that's the only AV in your setup. The MS kapersky updater script will still lock MS until it's finished which seems to be the issue here. You may it beneficial to install ClamAV in the mean time until Kapersky get their act together, and remove kapersky from the MailScanner.conf file... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 David Ballengee wrote: > could i just remove > > /etc/cron.hourly/update_virus_scanners > > from cron > > and then just use the kaspserky updater cron job?? > > Martin Hepworth wrote: > >> David >> >> a couple of people have reported issues with the update scripts. But >> they were running 5.0.5 (5.0.3 and 5.0.4) so I think they fixed it by >> upgrading to 5.0.5. >> >> hmm on the kapersky support pages... >> >> Problems with download servers. >> >> We apologize to customers and partners for the problems caused by our >> download servers over the past few days. >> >> A recent virus outbreak and an exceptionally large antivirus database >> update created an unprecedented load on our servers. This meant the >> servers were inaccessible for long periods. >> >> We have now completely restructured our update procedure. This means >> that the cumulative update released on 28.01.05, which contributed to >> the server problems,was the last update of such a large size. >> >> We are also reviewing our download server system to ensure that our >> servers will function effectively at times of peak demand. >> >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >> David Ballengee wrote: >> >>> I am running Mail Scanner 4/36/4 with Kaspesky 5.05 email virus scanner >>> using sendmail version 8.12.11. >>> >>> Just recently it seems that the cron job >>> >>> /etc/cron/hourly/update_virus_scanners gets stuck. (It seems to run over >>> and over again when i run a ps -aux >>> >>> When this happens Mail Scanner dies, thus so does sendmail. All the >>> messages get stuck in the queue. >>> >>> There is nothing really special about the machine its running on. >>> >>> HP Xenon 1 gb of ram. Fedora Core 2 >>> >>> any ideas?? >>> >>> -- >>> David Ballengee >>> IT Supervisor >>> Unique Photo >>> (973)377-5555x259 >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> >> >> ********************************************************************** >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please notify >> the system manager. >> >> This footnote confirms that this email message has been swept >> for the presence of computer viruses and is believed to be clean. >> >> ********************************************************************** >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> > > -- > David Ballengee > IT Supervisor > Unique Photo > (973)377-5555x259 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Feb 3 16:09:28 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:24 2006 Subject: false positives from spamcop.net? Message-ID: I find it better to do the RBL's in SA, so if they break/stop etc you don't end up with a massive blacklist, merely added weight to the SA score. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Jeff A. Earickson wrote: > I've had a rash of spamcop blocks from sites deemed too critical > for sendmail DNSBL blockage (eg Maine State Government, Yahoo lists, > a local ISP) so I had to demote spamcop from a sendmail DNSBL down > to the "Spam List =" line in MailScanner. I replaced spamcop in my > DNSBL with sbl-xbl.spamhaus.org, no complaints so far. > > Jeff Earickson > Colby College > > On Thu, 3 Feb 2005, Matt Kettler wrote: > >> Date: Thu, 3 Feb 2005 10:39:23 -0500 >> From: Matt Kettler >> Reply-To: MailScanner mailing list >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: false positives from spamcop.net? >> >> At 09:10 AM 2/3/2005, Tom Combs wrote: >> >>> Have there been any reports of problems with the spamcop.net RBL >>> returning false positives on Feb 2? I had some email sent from >>> mail.magnet.fsu.edu to an internal magnet.fsu.edu address that got >>> tagged as spam by spamcop. I checked their website and we are not >>> listed in their database. >> >> >> Any chance you got reported to spamcop and wound up listed by them for a >> short period of time? >> >> Given the latest trend in spam, zombies that use the proper relay, it's >> going to be common for spamcop to wind up with short-lived listings >> for the >> legitimate mailservers of ISPs. At least, until the spamcop guys clean >> things up in their reporting engine, which they may have already done. >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Thu Feb 3 16:15:25 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:24 2006 Subject: /etc/cron.hourly/update_virus_scanners getting stuck Message-ID: Hi! > > /etc/cron.hourly/update_virus_scanners > > from cron > > and then just use the kaspserky updater cron job?? > Most likely that will also cause trouble, since it doesnt interact with MailScanner and doesnt do the proper file locking during the updates. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dnsadmin at 1BIGTHINK.COM Thu Feb 3 16:20:12 2005 From: dnsadmin at 1BIGTHINK.COM (DNSAdmin) Date: Thu Jan 12 21:28:24 2006 Subject: false positives from spamcop.net? Message-ID: At 11:09 AM 2/3/2005, you wrote: >I find it better to do the RBL's in SA, so if they break/stop etc you >don't end up with a massive blacklist, merely added weight to the SA score. SNIP >Jeff A. Earickson wrote: >>I've had a rash of spamcop blocks from sites deemed too critical >>for sendmail DNSBL blockage (eg Maine State Government, Yahoo lists, >>a local ISP) so I had to demote spamcop from a sendmail DNSBL down >>to the "Spam List =" line in MailScanner. I replaced spamcop in my >>DNSBL with sbl-xbl.spamhaus.org, no complaints so far. >> SNIP >>At 09:10 AM 2/3/2005, Tom Combs wrote: >>> >>>>Have there been any reports of problems with the spamcop.net RBL >>>>returning false positives on Feb 2? I had some email sent from >>>>mail.magnet.fsu.edu to an internal magnet.fsu.edu address that got >>>>tagged as spam by spamcop. I checked their website and we are not >>>>listed in their database. >>> >>> >>>Any chance you got reported to spamcop and wound up listed by them for a >>>short period of time? >>> >>>Given the latest trend in spam, zombies that use the proper relay, it's >>>going to be common for spamcop to wind up with short-lived listings >>>for the >>>legitimate mailservers of ISPs. At least, until the spamcop guys clean >>>things up in their reporting engine, which they may have already done. SNIP Yep and Yup! I quit on SpamCop due to too many false positives of important mail, but it was still being delivered due to SpamAssassin scoring rather than RBL in MailScanner. It will cost you in processor cycles by a bit, though. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. http://www.sng.ecs.soton.ac.uk/mailscanner/ Configuration by Glenn Parsons dnsadmin-at-1bigthink.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From PHachey at CITY.CORNWALL.ON.CA Thu Feb 3 16:41:10 2005 From: PHachey at CITY.CORNWALL.ON.CA (Philip Hachey) Date: Thu Jan 12 21:28:24 2006 Subject: SURBL / URIBL not triggered in SA Message-ID: Attached is the debug from a message containing the URL that should be blocked. Please note that the line "debug: URIDNSBL: domains to query:" contains no domains so it's as though the plugin's parsing isn't working. I realize that this is a SpamAssassin problem, not MailScanner, but perhaps someone here has run into this before and has a solution? Thank you. Matt Kettler Sent by: MailScanner mailing list 2005-02-02 19:32 Please respond to MailScanner mailing list To: MAILSCANNER@JISCMAIL.AC.UK cc: Subject: Re: SURBL / URIBL not triggered in SA At 07:10 PM 2/2/2005, Philip Hachey wrote: >Hi. I've done quite a bit of searching on this, including in the archives >for this mail list and while I've seen numerous mentions, I have yet to >find a solution. > >All of the DNS RBL checks in both MailScanner and SpamAssassin get >triggered when appropriate, but the only "URI" that gets triggered is the >"URI_REDIRECT". There is no SURBL even when I send an email through >containing in the body of the message: > >http://surbl-org-permanent-test-point.com-MUNGED/ >(without the -MUNGED) > >I am using MailScanner 4.38.9 and SpamAssassin 3.0.2 Have you tried debugging it by going straight to the SA command line interface and see if that gets it? First, give sa's lint a whirl and see if there are any complaints (it should run quiet with no output) spamassassin --lint Grab SA's test message, or any other message with complete headers, and edit it to have the URL in it, and run it through spamassassin's test mode: spamassassin -t Thanks to Julian and several others who replied to this subject earlier in the week. (It may be teaching Grandmothers to suck eggs - that is still legal in the UK- but for newbies and more timid users, like me, it may be useful). The problem was allowing 4 staff to accept email from 60 off campus addresses without being spam checked. I could have added a line for each combination but that would have been hard to maintain - 4*60 = 240 lines at the moment! The solution below means only two lists need amending should more staff or students need adding or the in-decipherable email address on the hand written list given to me need correcting . A stop and restart of mailscanner was necessary. In MaiLScanner.conf Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules In %rules-dir%/spam.whitelist.rules # This is where you can build a Spam WhiteList # Addresses matching in here, with the value # "yes" will never be marked as spam. # Next line is wrapped over two lines in the email but one # in the real file To: /etc/MailScanner/lists/harperstaff and From: /etc/MailScanner/lists/offcampuslist yes FromOrTo: default no In /etc/MailScanner/lists/harperstaff I have 1 address per line harperusera@mydomain harperuserb@mydomain harperuserc@mydomain harperuserd@mydomain in /etc/MailScanner/lists/offcampuslist I have 1 addess per line OffcampususerA@domain1 OffcampususerB@domain1 OffcampususerC@domain2 OffcampususerD@domain123 ...etc I have tried this using a Yahoo account and my harper account as a test and it works fine. Mailwatch shows whitelisted emails in a lovely shade of green.(-; Thanks to Julian et al for a great package By the way got the book and I am finding it useful. Regards Howard Robinson (Senior Technical Development Officer) Harper Adams University College Edgmond Newport Shropshire TF10 8NB UK E-mail: hrobinson@harper-adams.ac.uk Tel. : +44(0)1952 820280 Via switchboard : +44(0)1952 815253 Direct line Fax. : +44(0)1952 814783 College Web site http://www.harper-adams.ac.uk ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ivessm at softecusa.com Thu Feb 3 16:53:58 2005 From: ivessm at softecusa.com (Stewart M. Ives) Date: Thu Jan 12 21:28:25 2006 Subject: Matching domain to sender. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] David certainly points out a lot of details that many times get overlooked in our ever desire to stop spam at the front door and not let it even cross the door frame and get inside. You might want to start reading up on milter applications. milter-ahead and it's big brother milter-send are excellent programs that function "out in front" of everything else and stop the mail from crossing the door frame and getting inside. They also do a good job of wittling down the amount of spam you recieve over time. I have not implemented any of this but am considering it based on the ever increasing amount of spam we are receiving on a daily basis. Let us know what you find. Do a google on "milter" - short for mail filter. Good luck. I also am not a super human guru but please don't tell my wife that. stew ---------- Original Message ----------- From: David Lee To: MAILSCANNER@JISCMAIL.AC.UK Sent: Wed, 2 Feb 2005 15:12:21 +0000 Subject: Re: Matching domain to sender. > On Wed, 2 Feb 2005, David Curtis wrote: > > > I have not seen this setting and thing that it might prevent a ton of > > spam. I may be wrong. Just your normal System Adin...no super human > > traits. > > > > Can you run some rule to check the senders ip and or domain name and > > match that to the mail from address? > > > > Thanks for any comments. > > It may not be as straightforward as it seems on the surface. > > Who is the "sender", what is the domain name? > > Example: let's imagine a legitimate mail list to which you and I > might both belong. I, "me@mydom.com", send a message to it, > "list@listdom.com", hosted on machines at an ISP/university/etc. > "ISP.com". You receive this mail. But who has been the "sender" > from your perspective? > > o The visible "From:" contains my "mydom.com": but that is several > steps away from the transaction at your site; > o The SMTP machine (probably the list expander) pushing it to you is > "something.ISP.com", which bears no direct relation to me (email > originator) as "sender"; > o The envelope "From" contains "owner-list@listdom.com", which doesn't > directly trace back to the "ISP.com" DNS names and addresses; > o The visible "To:" contains "listdom.com" (which, as a text string, > bears no direct relation to your site). > > So your "check the senders ip and or domain name and match that to > the mail from address" becomes non-trivial. > > Note that an emerging technology, SPF, is designed to help to > address the email forgery aspects of the problem if, and as, it > gains wider acceptance and use. Indeed, SpamAssassin 3.x is > beginning to take account of it. By its very nature, it needs time > to ramp up. (It has a few "no pain, no gain" implications, but > that's part of life in these spam-riddled days, and no-one has yet > come up with a better, and even more widely acceptable, compromise.) > > Hope taht helps. > > -- > > : David Lee I.T. Service : > : Senior Systems Programmer Computer Centre : > : University of Durham : > : http://www.dur.ac.uk/t.d.lee/ South Road : > : Durham : > : Phone: +44 191 334 2752 U.K. : > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------- End of Original Message ------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Feb 3 17:10:00 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:25 2006 Subject: SURBL / URIBL not triggered in SA Message-ID: At 11:41 AM 2/3/2005, Philip Hachey wrote: > debug from a message containing the URL that should be >blocked. Please note that the line "debug: URIDNSBL: domains to query:" >contains no domains so it's as though the plugin's parsing isn't working. It is probably not working because your test message technically has no body. The headers end with a blank line and you don't have one. Try adding the required blank line after the last header and before the body text. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Thu Feb 3 17:24:18 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:28:25 2006 Subject: SURBL / URIBL not triggered in SA Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kettler wrote: > At 11:41 AM 2/3/2005, Philip Hachey wrote: > >> debug from a message containing the URL that should be >> blocked. Please note that the line "debug: URIDNSBL: domains to query:" >> contains no domains so it's as though the plugin's parsing isn't working. > > > It is probably not working because your test message technically has no > body. The headers end with a blank line and you don't have one. > > Try adding the required blank line after the last header and before the > body text. > I was facing the same problem a couple of months back. You could try doing this.. cd /usr/share/spamassassin/ ln -s /etc/mail/spamassassin/init.pre . service MailScanner restart If required replace /usr/share/spamassassin/ in the first command with the value of 'SpamAssassin Local Rules Dir' OR 'SpamAssassin Default Rules Dir' from MailScanner.conf - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From PHachey at CITY.CORNWALL.ON.CA Thu Feb 3 17:46:51 2005 From: PHachey at CITY.CORNWALL.ON.CA (Philip Hachey) Date: Thu Jan 12 21:28:25 2006 Subject: SURBL / URIBL not triggered in SA Message-ID: Great!.. that worked, thanks. A manual execution of spamassassin now trips URIBL_SC_SURBL for that test message. Unfortunately, however, when I send another test message containing the same URL from my yahoo account through MailScanner, it's still not being triggered. I just get this: "not spam, SpamAssassin (score=-1.647, required 3, autolearn=not spam, AWL 0.95, BAYES_00 -2.60)" The URIBL rules never appear in my spam log either for any incoming message. (though both the SpamAssassin and the MailScanner standard RBL checks appear everywhere). Anyway, that's narrowed it down somewhat. It would seem that it has something to do with the way MailScanner calls SpamAssassin -- different option or using config files that I don't expect. Matt Kettler Sent by: MailScanner mailing list 2005-02-03 12:10 Please respond to MailScanner mailing list To: MAILSCANNER@JISCMAIL.AC.UK cc: Subject: Re: SURBL / URIBL not triggered in SA At 11:41 AM 2/3/2005, Philip Hachey wrote: > debug from a message containing the URL that should be >blocked. Please note that the line "debug: URIDNSBL: domains to query:" >contains no domains so it's as though the plugin's parsing isn't working. It is probably not working because your test message technically has no body. The headers end with a blank line and you don't have one. Try adding the required blank line after the last header and before the body text. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jim at SASHBOX.NET Thu Feb 3 17:44:29 2005 From: jim at SASHBOX.NET (Jim Barry) Date: Thu Jan 12 21:28:25 2006 Subject: Munged spam report (revisited) Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Here is a perfect example of what I was trying to explain in the previous post: These are cut/pasted from the raw text of the email, so it is all intact: Notice the header includes the Bayes rule hit, spam report in the body of the message does not mention bayes, but lists the 'bayes' score after the Razor rule hit. I believe the razor 'cf' factor is supposed to be listed there, not a bayes 'score' value. (mail 1 MS HEADER) X-Sashbox-MailScanner-SpamCheck: spam, SpamAssassin (score=5.252, required 5, BAYES_40 -1.10, DCC_CHECK 1.55, DIGEST_MULTIPLE 0.10, RAZOR2_CF_RANGE_51_100 1.75, RAZOR2_CHECK 1.75, SPF_HELO_SOFTFAIL 1.20) (mail 1 text REPORT) pts rule name description ---- ---------------------- -------------------------------------------------- 1.2 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record (softfail) [SPF failed: Please see http://spf.pobox.com/why.html?sender=host4u.net&ip=209.150.128.153&receiver=kudzu.sashbox.net] 1.8 RAZOR2_CF_RANGE_51_100 BODY: Razor2 gives confidence level above 50 [score: 0.3415] 1.6 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/) 1.8 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) 0.1 DIGEST_MULTIPLE Message hits more than one network digest check *** And in the following email, the problem was reversed: The razor 'cf' factor was listed in the report under the Bayes rule hit, and the Razor score rule RAZOR2_CF_RANGE_51_100 was completely left off the report. (mail 2 MS HEADER) X-Sashbox-MailScanner-SpamCheck: spam, SpamAssassin (score=8.706, required 5, BAYES_60 1.20, FB_PRESSHERE 0.25, HTML_10_20 0.25, HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.18, RAZOR2_CF_RANGE_51_100 1.75, RAZOR2_CHECK 1.75, SARE_HTML_HTML_QUOT 1.67, SARE_RECV_IP_218080 1.67) (mail 2 text REPORT) pts rule name description ---- ---------------------- -----------------------------------------------= --- 1.7 SARE_RECV_IP_218080 Spam passed through possible spammer relay 0.2 FB_PRESSHERE BODY: FB_PRESSHERE 0.2 HTML_10_20 BODY: Message is 10 HTML 0.0 HTML_MESSAGE BODY: HTML included in message 1.2 BAYES_60 BODY: Bayesian spam probability is 60 to 80 [cf: 90] 0.2 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 1.7 SARE_HTML_HTML_QUOT FULL: Message body has very strange HTML sequen= ce 1.8 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From PHachey at CITY.CORNWALL.ON.CA Thu Feb 3 17:52:54 2005 From: PHachey at CITY.CORNWALL.ON.CA (Philip Hachey) Date: Thu Jan 12 21:28:25 2006 Subject: SURBL / URIBL not triggered in SA Message-ID: AWESOME! Creating a link to init.pre in /usr/share/spamassassin has done the trick. Do you suppose this means that MailScanner does not tell SA to look in /etc/mail/spamassassin by default? Thank you! Dhawal Doshy Sent by: MailScanner mailing list 2005-02-03 12:24 Please respond to MailScanner mailing list To: MAILSCANNER@JISCMAIL.AC.UK cc: Subject: Re: SURBL / URIBL not triggered in SA Matt Kettler wrote: > At 11:41 AM 2/3/2005, Philip Hachey wrote: > >> debug from a message containing the URL that should be >> blocked. Please note that the line "debug: URIDNSBL: domains to query:" >> contains no domains so it's as though the plugin's parsing isn't working. > > > It is probably not working because your test message technically has no > body. The headers end with a blank line and you don't have one. > > Try adding the required blank line after the last header and before the > body text. > I was facing the same problem a couple of months back. You could try doing this.. cd /usr/share/spamassassin/ ln -s /etc/mail/spamassassin/init.pre . service MailScanner restart If required replace /usr/share/spamassassin/ in the first command with the value of 'SpamAssassin Local Rules Dir' OR 'SpamAssassin Default Rules Dir' from MailScanner.conf - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Feb 3 17:54:17 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:25 2006 Subject: SURBL / URIBL not triggered in SA Message-ID: Philip to emulate MS's call of SA spamassassin -p /spam.assassin.prefs.conf where path-to is usually /opt/MailScanner/etc or /etc/MailScanner If you want to find out a particular mesg is run then edit MailScanner.conf, change both Debug options to yes, stop MS, and then run checkmailscanner. It will run a single batch through with all the debug info, so make sure an good test mesg is included in the inbound queue. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Philip Hachey wrote: > Great!.. that worked, thanks. A manual execution of spamassassin now > trips URIBL_SC_SURBL for that test message. Unfortunately, however, when > I send another test message containing the same URL from my yahoo account > through MailScanner, it's still not being triggered. I just get this: > > "not spam, SpamAssassin (score=-1.647, required 3, autolearn=not spam, AWL > 0.95, BAYES_00 -2.60)" > > The URIBL rules never appear in my spam log either for any incoming > message. (though both the SpamAssassin and the MailScanner standard RBL > checks appear everywhere). > > Anyway, that's narrowed it down somewhat. It would seem that it has > something to do with the way MailScanner calls SpamAssassin -- different > option or using config files that I don't expect. > > > > > > Matt Kettler > Sent by: MailScanner mailing list > 2005-02-03 12:10 > Please respond to MailScanner mailing list > > > To: MAILSCANNER@JISCMAIL.AC.UK > cc: > Subject: Re: SURBL / URIBL not triggered in SA > > > At 11:41 AM 2/3/2005, Philip Hachey wrote: > >> debug from a message containing the URL that should be >>blocked. Please note that the line "debug: URIDNSBL: domains to query:" >>contains no domains so it's as though the plugin's parsing isn't working. > > > It is probably not working because your test message technically has no > body. The headers end with a blank line and you don't have one. > > Try adding the required blank line after the last header and before the > body text. ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jim at SASHBOX.NET Thu Feb 3 18:06:57 2005 From: jim at SASHBOX.NET (Jim Barry) Date: Thu Jan 12 21:28:25 2006 Subject: Munged spam report (revisited) Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Just got another one... It looks like the corrupted reports occur only when both a Razor confidence factor and a Bayes score hit on the same email. Is this just me? X-Sashbox-MailScanner-SpamCheck: spam, SpamAssassin (score=8, required 5, BAYES_50 0.40, DBL_12_LETTER_FLDR 0.20, RAZOR2_CF_RANGE_51_100 1.75, RAZOR2_CHECK 1.75, RCVD_IN_BL_SPAMCOP_NET 3.90) pts rule name description ---- ---------------------- -----------------------------------------------= --- 0.4 BAYES_50 BODY: Bayesian spam probability is 40 to 60 [cf: 100] 1.8 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) 3.9 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [Blocked - see ] 0.2 DBL_12_LETTER_FLDR DBL_12_LETTER_FLDR ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Thu Feb 3 18:26:52 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:28:25 2006 Subject: High CPU load, RCPT TO: Message-ID: Hi there, the method to block or stop mails to unknown recipients seems to be fine. But the last day i just made tail -f on my maillog, and noticed, that someone is sending a lot mails to postmaster within seconds. So, the accout postmaster is existing, but it seems to me that this person tried to get my maschine into its knees.. is there a way to block someone sending a lot of mails within a few seconds automaticaly? As these mails where no spam, just mails with some weird content, vispan did not work, as these mails where not tagged as spam. So i am wondering if there is a way to have a script looking into the logfile, and if one ip is sending max-mails within x seconds, add this ip to he access-file as blocked.. Any ideas would be great Thanks Marcel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Thu Feb 3 18:35:42 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:28:25 2006 Subject: High CPU load, RCPT TO: Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Marcel Blenkers wrote: >Hi there, > >the method to block or stop mails to unknown recipients seems to be fine. >But the last day i just made tail -f on my maillog, and noticed, that >someone is sending a lot mails to postmaster within seconds. > >So, the accout postmaster is existing, but it seems to me that this person >tried to get my maschine into its knees.. > >is there a way to block someone sending a lot of mails within a few >seconds automaticaly? > >As these mails where no spam, just mails with some weird content, vispan >did not work, as these mails where not tagged as spam. > >So i am wondering if there is a way to have a script looking into the >logfile, and if one ip is sending max-mails within x seconds, add this ip >to he access-file as blocked.. > > > Marcel, MailScanner offers IPBlock in CustomConfig.pm. It does pretty much what you want (as long as you use sendmail). I have been using it here for almost a year with success. Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From mike at CAMAROSS.NET Thu Feb 3 18:35:22 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:28:25 2006 Subject: High CPU load, RCPT TO: Message-ID: Marcel Blenkers wrote: > Hi there, > > the method to block or stop mails to unknown recipients seems to be > fine. > But the last day i just made tail -f on my maillog, and noticed, that > someone is sending a lot mails to postmaster within seconds. > > So, the accout postmaster is existing, but it seems to me that this > person tried to get my maschine into its knees.. > > is there a way to block someone sending a lot of mails within a few > seconds automaticaly? > > As these mails where no spam, just mails with some weird content, > vispan did not work, as these mails where not tagged as spam. > > So i am wondering if there is a way to have a script looking into the > logfile, and if one ip is sending max-mails within x seconds, add > this ip to he access-file as blocked.. > > Any ideas would be great > > Thanks > > Marcel > I use this in my sendmail.mc define(`confBAD_RCPT_THROTTLE',`1')dnl Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Thu Feb 3 18:42:25 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:28:25 2006 Subject: High CPU load, RCPT TO: Message-ID: Marcel Blenkers wrote: > Hi there, > > the method to block or stop mails to unknown recipients seems to be > fine. > But the last day i just made tail -f on my maillog, and noticed, that > someone is sending a lot mails to postmaster within seconds. > > So, the accout postmaster is existing, but it seems to me that this > person tried to get my maschine into its knees.. > > is there a way to block someone sending a lot of mails within a few > seconds automaticaly? > > As these mails where no spam, just mails with some weird content, > vispan did not work, as these mails where not tagged as spam. > > So i am wondering if there is a way to have a script looking into the > logfile, and if one ip is sending max-mails within x seconds, add > this ip to he access-file as blocked.. > > Any ideas would be great > > Thanks > > Marcel You might also tinker with the ConnectionRateThrottle parameter Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Thu Feb 3 18:48:59 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:28:25 2006 Subject: SURBL / URIBL not triggered in SA Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Philip Hachey wrote: >AWESOME! > >Creating a link to init.pre in /usr/share/spamassassin has done the trick. > >Do you suppose this means that MailScanner does not tell SA to look in >/etc/mail/spamassassin by default? > >Thank you! > > > Don't you have the following setup: # The site rules are searched for here. # Normal location on most systems is /etc/mail/spamassassin. SpamAssassin Site Rules Dir = /etc/mail/spamassassin Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From PHachey at CITY.CORNWALL.ON.CA Thu Feb 3 18:58:54 2005 From: PHachey at CITY.CORNWALL.ON.CA (Philip Hachey) Date: Thu Jan 12 21:28:25 2006 Subject: SURBL / URIBL not triggered in SA Message-ID: Yes. At one point, I even tried setting the Default Rules Dir to that as well, but no luck. Creating the link to init.pre does work, however. It *is* a bit weird. Denis Beauchemin Sent by: MailScanner mailing list 2005-02-03 13:48 Please respond to MailScanner mailing list To: MAILSCANNER@JISCMAIL.AC.UK cc: Subject: Re: SURBL / URIBL not triggered in SA Philip Hachey wrote: >AWESOME! > >Creating a link to init.pre in /usr/share/spamassassin has done the trick. > >Do you suppose this means that MailScanner does not tell SA to look in >/etc/mail/spamassassin by default? > >Thank you! > > > Don't you have the following setup: # The site rules are searched for here. # Normal location on most systems is /etc/mail/spamassassin. SpamAssassin Site Rules Dir = /etc/mail/spamassassin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joshua.hirsh at PARTNERSOLUTIONS.CA Thu Feb 3 18:59:51 2005 From: joshua.hirsh at PARTNERSOLUTIONS.CA (Hirsh, Joshua) Date: Thu Jan 12 21:28:25 2006 Subject: autolearn , spam Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > I just wonder what is wrong with my SA config? Does not score > the below email as Spam. What is the autolearn=disabled mean? Bayes? > > not spam, SpamAssassin (score=1.318, required 4.9, autolearn=disabled, > RAZOR2_CHECK 0.15, URIBL_SBL 0.63, URIBL_WS_SURBL 0.54)" > > Thanks, > > Magda Funny... it marked it as spam for me: score=5.36, required 5, BAYES_00 -2.60, BIZ_TLD 2.29, URIBL_OB_SURBL 3.21, URIBL_SBL 1.00, URIBL_WS_SURBL 1.46 Which version of SpamAssassin are you running? If you don't use bayes or you have "bayes_auto_learn 1" set, autolearn will show as disabled. Regards, -Joshua ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MHewryk at SYMCOR.COM Thu Feb 3 19:28:16 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:25 2006 Subject: autolearn , spam URIBL_OB_SURBL Message-ID: I don't use bayes, maybe this is why. SA - 3.0.2 How do I check bayes DB? How do I refresh bayes? How do I make sure bayes is autolearning? How can I maintain byes? Not maintain bayes gets crazy results... I had bayes turned on for some time and it was a disaster, all spams had BAYES with the minus score. I can see that yours has a minus value too: BAYES_00 -2.60!!!!!!! This is wrong, right? I like yours: URIBL_OB_SURBL 3.21. What is this? How can I set it up? If I has it turn on it might help with all the Spam coming through our mail gateway systems. Thanks, Magda Hewryk -------------------------------- Mid-Range Systems 905-273-1637 (Office) 416-554-0743 (Cell) "Hirsh, Joshua" To Sent by: MAILSCANNER@JISCMAIL.AC.UK MailScanner cc mailing list Re: autolearn , spam 02/03/2005 01:59 PM Please respond to MailScanner mailing list > I just wonder what is wrong with my SA config? Does not score > the below email as Spam. What is the autolearn=disabled mean? Bayes? > > not spam, SpamAssassin (score=1.318, required 4.9, autolearn=disabled, > RAZOR2_CHECK 0.15, URIBL_SBL 0.63, URIBL_WS_SURBL 0.54)" > > Thanks, > > Magda Funny... it marked it as spam for me: score=5.36, required 5, BAYES_00 -2.60, BIZ_TLD 2.29, URIBL_OB_SURBL 3.21, URIBL_SBL 1.00, URIBL_WS_SURBL 1.46 Which version of SpamAssassin are you running? If you don't use bayes or you have "bayes_auto_learn 1" set, autolearn will show as disabled. Regards, -Joshua ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From billy at PLANETGEEK.BIZ Thu Feb 3 19:34:13 2005 From: billy at PLANETGEEK.BIZ (Billy Pumphrey) Date: Thu Jan 12 21:28:25 2006 Subject: OT Taking care of mail errors and dnsreport.com Message-ID: > > # Person who should get root's mail > > root: administrator@woodmaclaw.com > > I don't have this. What I did was in root's home dir (/root) > I created a file called .forward and put in the following: > > postmaster@ci.juneau.ak.us > > You might want to add postmaster@woodmaclaw.com as a 2nd > email address for Administrator in Exchange, so that the > Exchange server accepts that, or conversely, put > administrator@woodmaclaw.com in your .forward file. Or both > just to be safe. > > Might all be much of a muchness, but I know using a forward > file works. I do not have a user called postmaster. Since I could not find the simple command to show the list of users, I looked in /home and /etc/passwd to see if there exist a postmaster account. Does this account have to exists? Common sense would tell me so. I did create a postmaster@woodmaclaw.com address on the exchange server (and told it to forward to my account which is besides the point) and that is the one that delivered your message to me. I am going to take a .forward file and use it for my bpumphrey on the mailscanner machine its self and forward to bpumphrey@woodmaclaw.com. If I telnet into mailscanner, check my mail for bpumphrey on mailscanner the mail is sent to bpumphrey@mailscanner.woodmaclaw.local. I suppose that this is correct and good practice? > > > ---------- In my mailertable I have this.... > > woodmaclaw.com esmtp:[10.1.1.2] > > www.woodmaclaw.com esmtp:[10.1.1.2] > > That looks fine (assuming that someone actually sends to > someone@www.woodmaclaw.com - I'd expect www to refer to a > machine in the woodmaclaw.com domain rather than a mail > domain but there's nothing that says it can't be both). I > also assume that 10.1.1.2 *isn't* the IP address of > mail.woodmaclaw.com, but is instead the internal address of > the machine to forward to. 10.1.1.2 is the exchange server that mailscanner forwards mail to. > Did you create the mailertable.db? You have to run the > following command whenever you change a file like access, or > mailertable: > > makemap hash /etc/mail/mailertable < /etc/mail/mailertable > makemap hash /etc/mail/access < /etc/mail/access > > If you don't do that, sendmail will never use the changes. > In my circumstances, the mailertable, access table, etc. are > pretty humble, but an ISP that is hosting hundreds or more > domains might have a huge table so sendmail wants to create a > db out of it for better performance. The makemap command > builds the database. Yes I ran the makemap command. No one sends to user@www.woodmaclaw.com. It was recommended by someone in the list when I was setting the machine up and was getting help to put both in there. > > Also, make sure you use tabs, not spaces between the domain > name and emspt... > > > ---------- In my relay-domains I have this.... > > Woodmaclaw.com > > www.woodmaclaw.com > > That looks fine. Or at least it looks similar to mine. This > file doesn't need to be hashed like the mailertable or the > access table. > > And, in your sendmail.cf you should have the following (I'm > assuming you have an access table - can't recall if you > mentioned it or not): I do have an access table > > FEATURE(`mailertable')dnl > FEATURE(`access_db')dnl > dnl These mailers are available. per default only smtp is > used. You have dnl to add entries to /etc/mail/mailertable > to enable one of the other dnl mailers. > MAILER(`local')dnl > MAILER(`smtp')dnl > > If you change your sendmail.cf you'll have to regenerate your > /etc/sendmail.conf > I searhced my sendmail.cf for the text of "dnl" and it did not find any. I did it by using vi and "/" as the command. I found mailertable and access.db in there several times, but it seems like we have different versions. > > > I am confused about naming the mailscanner.woodmaclaw.local to > > mailscanner.woodmaclaw.com. Do I need to do this even though the > > computer is in my local domain? > > I think this is actually OK - it needs to be .com on the > outside, but can be .local on the inside. I was a bit > befuddled yesterday by your description. > I think I sorted it out in my mind. I did go ahead and change it to mailscanner.woodmaclaw.com > > > > Seems like you have a similar setup as me? I have... > > --- path of mail ---- > > Internet > > My csu/dsu 68.xxx.xxx.xxx > > My router (linux smoothwall distro) > > My mailscanner machine (mailscanner.woodmaclaw.local) My MS > Exchange > > machine (woodendc.woodmaclaw.local) > I am sorry about the above line with MS exchange, since there was no caracter return that might have been confusing. > Does the Exchange server accept mail for > someone@woodmaclaw.com? It will need to do that of course. Yes, mail is in the format of someone@woodmaclaw.com From ds at CARIBENET.COM Thu Feb 3 19:36:21 2005 From: ds at CARIBENET.COM (Dirk Enrique Seiffert) Date: Thu Jan 12 21:28:25 2006 Subject: High CPU load, RCPT TO: (solved) Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Oh yes, and one more thing.. you might want to add this to your > sendmail.mc: #after 15 invalid recpipients, start slowing them down with > #1 second sleeps > define(`confBAD_RCPT_THROTTLE',15) > > Then rebuild your sendmail.cf and do a service MailScanner restart. This indeed solved: The rumplekill script alone did not do the job. Though it showes an average of 60 rumple-attacks a day! Thanks a lot for your help!! Best wishes -- Dirk Enrique Seiffert CaribeNet S.A. - Cartagena - Colombia www.caribenet.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craig at WESTPRESS.COM Thu Feb 3 19:40:04 2005 From: craig at WESTPRESS.COM (Craig Daters) Date: Thu Jan 12 21:28:25 2006 Subject: Buy the book! Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] First of all, I want to say thank you Julian. I just received your book today, and I am a happy camper. I had already printed out and coil bound Steve Swaney's version 1.0.1 Admin Guide (btw, thank you Steve for your work on that too.) But all of the updated info, and new info all in one book is great, and well worth having. I really liked the appendix too, definately got me to chuckling. Is that reproducible? I have to give a presentation to my company regarding our network, and how it works, and that would be great to include :) I wanted to ask you though Julian, (and if you would prefer to contact me off list, that would be fine.) My company is a commercial printshop that prides itself on being leading edge. We are not the cheapest in our industry, but we stand behind our services and we're not afraid to explore new technologies. We are very immersed in digital printing, and variable data printing (every piece of the press is different and personalized.) We even went to Germany to buy a new traditional printing press. I would like to know more about how you are having your book printed. Who you are using, how are you providing files to them, what types of files--that sort of thing, and if they have explained their printing process to you. We currently can duplicate/produce what I am looking at, but I have to think that they maybe have a more streamlined method of producing it.? Is it okay to discuss this with you, or should I just be happy with the book? :) Kind regards, Craig D. -- Craig Daters (craig@westpress.com) Systems Administrator West Press Print Communications 1663 West Grant Road Tucson, Arizona 85705 (520) 624-4939 (520) 624-2715 fax www.westpress.com -- Please note: It is the policy of West Press that all e-mail sent to and from any @westpress.com address may be recorded and monitored. Unless it is West Press related business, please do not send any material of a private, personal, or confidential nature to this or any @westpress.com e-mail address. This message has been scanned for UCE (spam), viruses, and dangerous content, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From billy at PLANETGEEK.BIZ Thu Feb 3 19:44:10 2005 From: billy at PLANETGEEK.BIZ (Billy Pumphrey) Date: Thu Jan 12 21:28:25 2006 Subject: OT Taking care of mail errors and dnsreport.com Message-ID: > -----Original Message----- > From: Kevin Miller [mailto:Kevin_Miller@CI.JUNEAU.AK.US] > Sent: Wednesday, February 02, 2005 2:43 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: OT Taking care of mail errors and dnsreport.com > > Dave Duffner - NWCWEB.com wrote: > > Greetings, > > > > Just as a side note on this thread I've been > watching... The > > last 2 weeks I've had very strange reports from both dnsreports and > > dnsstuff that don't match. dnsreports keeps giving false > errors that > > dnsstuff shows as being OK. > > > > So this may not even be a true error being chased down, may > > want to run tests through other points and see if you get the same > > results! > > I just sent a note off to postmaster@woodmaclaw.com, but then > doublechecked dnsreports. It looks like it's > backup.mywebmailserver.com that's misconfigured, not > mail.woodmaclaw.com. All my original comments apply still, I > think, but the addresses in the mailer-table might be > different depending on his IP layout. > > Dnsreport message: > ------------------- > ERROR: One or more of your mailservers does not accept mail > to postmaster@woodmaclaw.com. Mailservers are required (RFC822 6.3, > RFC1123 5.2.7, and RFC2821 4.5.1) to accept mail to postmaster. > backup.mywebmailserver.com's postmaster response: > ^^^^^^ > >>> RCPT TO: <<< 550 5.7.1 ... we do not > >>> relay <> > ------------------- > > S'later... > > ...Kevin > -- > Kevin Miller Registered Linux User No: 307357 > CBJ MIS Dept. Network Systems Admin., Mail Admin. > 155 South Seward Street ph: (907) 586-0242 > Juneau, Alaska 99801 fax: (907 586-4500 > I did receive your email that you sent to postmaster@woodmaclaw.com. I get confused because of how our web site is being hosted. It is being resaled who knows how many times and I can barely find out the company that actually host it. Mail.woodmaclaw.com is only a A record that points to our IP address. My router then forwards the smtp traffic to the mailscanner.woodmaclaw.com <-- I did change the name to .com. Mailscanner.woodmaclaw.com is a local machine with a local IP address. My exchange server name is woodendc.woodmaclaw.local and of course is a local machine. So mail.woodmaclaw.com is not a machine. The way that the web site is hosted makes me want to change it so that at the least I have charge of the DNS, but yet again I could do without that responsibility. That machine called backup.mywebmailserver.com, I have no clue what that machines function is other than to confuse me :). In other words I don't really know the path of the email from the beginning. You send me an email, goes to ns1.mydnsserver.com, ns1 says goto 68.74.55.130 (my ip address), and then the process starts from where we have talked about. So seems like maybe some of these errors from emails are getting bounced or error "we do not relay" because of backup.mywebmailserver.com? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craig at WESTPRESS.COM Thu Feb 3 19:46:11 2005 From: craig at WESTPRESS.COM (Craig Daters) Date: Thu Jan 12 21:28:25 2006 Subject: Buy the book! Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Craig Daters wrote: > I would like to know more about how you are having your book printed. > Who you are using, how are you providing files to them, what types of > files--that sort of thing, and if they have explained their printing > process to you. We currently can duplicate/produce what I am looking at, > but I have to think that they maybe have a more streamlined method of > producing it.? > > Is it okay to discuss this with you, or should I just be happy with the > book? :) > Well, I guess if I had just read the copyright page, my answer had already been provided...duh! :) -- Craig Daters (craig@westpress.com) Systems Administrator West Press Print Communications 1663 West Grant Road Tucson, Arizona 85705 (520) 624-4939 (520) 624-2715 fax www.westpress.com -- Please note: It is the policy of West Press that all e-mail sent to and from any @westpress.com address may be recorded and monitored. Unless it is West Press related business, please do not send any material of a private, personal, or confidential nature to this or any @westpress.com e-mail address. This message has been scanned for UCE (spam), viruses, and dangerous content, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Thu Feb 3 19:48:06 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:28:25 2006 Subject: High CPU load, RCPT TO: Message-ID: Hi there, > > Marcel, > > MailScanner offers IPBlock in CustomConfig.pm. It does pretty much what > you want (as long as you use sendmail). I have been using it here for > almost a year with success. > ok.. looked at it.. and wonder if i got it right: First, i should create a file called IPBlock.conf within /etc/MailScanner. And in this, i should put the amount of mails, this ip(block) could send within one hour? correct? For example: 127.0.0.1 10000 default 100 then, change the MailScanner.conf with the following: Always Looked Up Last = &IPBlock then restart MailScanner and way you go.. if this is the correct handling, and those entries within ipblock.conf are split with tab, then MailScanner would block those ips, running over those default value for the rest of the hour..correct? Whats your default for maximum mails an hour of one ip? I mean an ip, you do not know.. :) Any advice would be great. Thanks in advance.. Marcel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Thu Feb 3 19:50:14 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:28:25 2006 Subject: OT: combining mbox files Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dhawal Doshy wrote: > Rodney Green wrote: > >> Hello, >> >> I would like to combine quarantined mail files, which are in mbox >> format, to a single file. When I run 'cat * >> newfile' the files are >> combined, but there is no whitespace between each message. I need there >> to be whitespace between each message; whatever is normally required for >> an mbox file containg multiples message. Can anyone offer advise please? >> >> Thanks, >> Rod >> > > Create a list of all you required files, typically 'ls > list_of_files' > if they are all in one place OR use the find command to do it. > > Next do this on the bash (or whatever shell you use) prompt.. > > for i in `cat list_of_files` # note these are backticks and not quotes > do > cat $i >> consolidated_file > echo "" >> consolidated_file > done > > hope it works. > > - dhawal Thank you Dhawal! That worked well. Rod -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joey at JOESMITH.NET Thu Feb 3 19:53:32 2005 From: joey at JOESMITH.NET (Joe Smith) Date: Thu Jan 12 21:28:25 2006 Subject: false positives from spamcop.net? Message-ID: On Thu, 3 Feb 2005, Martin Hepworth wrote: > I find it better to do the RBL's in SA, so if they break/stop etc you > don't end up with a massive blacklist, merely added weight to the SA score. I do that too. How many RBL's does SA lookup by default? I noticed there are quite a number of them, some with rather miniscule scores. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Thu Feb 3 19:59:14 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:28:25 2006 Subject: High CPU load, RCPT TO: Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Marcel Blenkers wrote: >Hi there, > > > >>Marcel, >> >>MailScanner offers IPBlock in CustomConfig.pm. It does pretty much what >>you want (as long as you use sendmail). I have been using it here for >>almost a year with success. >> >> >> >ok.. > >looked at it.. > >and wonder if i got it right: > >First, i should create a file called IPBlock.conf within /etc/MailScanner. >And in this, i should put the amount of mails, this ip(block) could send >within one hour? correct? > >For example: > >127.0.0.1 10000 >default 100 > >then, change the MailScanner.conf with the following: > > Always Looked Up Last = &IPBlock > > >then restart MailScanner and way you go.. > >if this is the correct handling, and those entries within ipblock.conf are >split with tab, then MailScanner would block those ips, running over those >default value for the rest of the hour..correct? > >Whats your default for maximum mails an hour of one ip? >I mean an ip, you do not know.. :) > > > Marcel, I don't think you need to use tabs (spaces will do). My default value is 500 messages/hour but I am thinking about lowering this quite a bit. You need one more thing for it to work: put a job in your cron.hourly directory to clean things up. The script can be found at the end of CustomConfig.pm. If you omit this script you will not permit banned IP addresses to regain the privilege to send you mail. Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From ebruce at HPMICH.COM Thu Feb 3 20:07:39 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:28:25 2006 Subject: High CPU load, RCPT TO: Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Marcel Blenkers wrote: Marcel, > > MailScanner offers IPBlock in CustomConfig.pm. It does pretty much > what you want (as long as you use sendmail). I have been using it > here for almost a year with success. Ok, I've seen a number of answers like this, as long as you use sendmail. Well we're using postfix. Does this not work with postfix? I see that postfix has smtpd_client_connection_rate_limit, but I've got a sneaky suspicion it doesn't do anything when using MailScanner or am I wrong and this does work??? -- Ed Bruce Health Plan of Michigan Senior Programmer Phone: 248.226.1512 FAX: 248.204.6569 -- This message has been scanned for viruses and dangerous content by Secure Resource, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MHewryk at SYMCOR.COM Thu Feb 3 20:11:54 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:25 2006 Subject: SpamAssassin/MS & 25_uribl.cf Message-ID: Hi, How can I make sure that SpamAssassin read/use 25_uribl.cf file? I think if I can make this working for me it will help dramatically to identify Spam correctly. Thanks, Magda ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MHewryk at SYMCOR.COM Thu Feb 3 20:21:56 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:25 2006 Subject: SP scoring Message-ID: Hi, Anybody can answer why option A)is scored so low comparing to option B)? What I'm missing in the SA config that the scoring is so inaccurate? A) not spam, SpamAssassin (score=1.318, required 4.9, autolearn=disabled, > RAZOR2_CHECK 0.15, URIBL_SBL 0.63, URIBL_WS_SURBL 0.54)" vs. B) score=5.36, required 5, BAYES_00 -2.60, BIZ_TLD 2.29, URIBL_OB_SURBL 3.21, URIBL_SBL 1.00, URIBL_WS_SURBL 1.46 Thanks, Magda Hewryk -------------------------------- Mid-Range Systems 905-273-1637 (Office) 416-554-0743 (Cell) "Hirsh, Joshua" To Sent by: MAILSCANNER@JISCMAIL.AC.UK MailScanner cc mailing list Re: autolearn , spam 02/03/2005 01:59 PM Please respond to MailScanner mailing list > I just wonder what is wrong with my SA config? Does not score > the below email as Spam. What is the autolearn=disabled mean? Bayes? > > not spam, SpamAssassin (score=1.318, required 4.9, autolearn=disabled, > RAZOR2_CHECK 0.15, URIBL_SBL 0.63, URIBL_WS_SURBL 0.54)" > > Thanks, > > Magda Funny... it marked it as spam for me: score=5.36, required 5, BAYES_00 -2.60, BIZ_TLD 2.29, URIBL_OB_SURBL 3.21, URIBL_SBL 1.00, URIBL_WS_SURBL 1.46 Which version of SpamAssassin are you running? If you don't use bayes or you have "bayes_auto_learn 1" set, autolearn will show as disabled. Regards, -Joshua ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From TGFurnish at HERFFJONES.COM Thu Feb 3 20:28:31 2005 From: TGFurnish at HERFFJONES.COM (Furnish, Trever G) Date: Thu Jan 12 21:28:25 2006 Subject: SpamAssassin/MS & 25_uribl.cf Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Run the following and look for 25_uribl.cf in the output: spamassassin --lint -D 2>&1 | less (Replace "less" with "more" if you prefer to page through the output with "more".) > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Magda Hewryk > Sent: Thursday, February 03, 2005 3:12 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: SpamAssassin/MS & 25_uribl.cf > > > Hi, > > How can I make sure that SpamAssassin read/use 25_uribl.cf > file? I think if > I can make this working for me it will help dramatically to > identify Spam > correctly. > > > Thanks, > > Magda > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Thu Feb 3 20:24:06 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:28:25 2006 Subject: High CPU load, RCPT TO: Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ed Bruce wrote: > Marcel Blenkers wrote: Marcel, > >> >> MailScanner offers IPBlock in CustomConfig.pm. It does pretty much >> what you want (as long as you use sendmail). I have been using it >> here for almost a year with success. > > > Ok, I've seen a number of answers like this, as long as you use > sendmail. Well we're using postfix. Does this not work with postfix? I > see that postfix has smtpd_client_connection_rate_limit, but I've got a > sneaky suspicion it doesn't do anything when using MailScanner or am I > wrong and this does work??? Ed, I don't know much about postfix... but IPBlock modifies sendmail's access file to block bad IPs. If postfix has a similar mechanism it could easily be modified. Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From drew at THEMARSHALLS.CO.UK Thu Feb 3 20:23:34 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:25 2006 Subject: High CPU load, RCPT TO: Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ed Bruce wrote: > Ok, I've seen a number of answers like this, as long as you use > sendmail. Well we're using postfix. Does this not work with postfix? No > I > see that postfix has smtpd_client_connection_rate_limit, but I've got a > sneaky suspicion it doesn't do anything when using MailScanner or am I > wrong and this does work??? You are wrong and it works well :-) . What you have to remember is that MS sits between Postfix's SMTPd and the rest of the Postfix process, so you can use all of the 'smtpd_' suite of parameters to protect your machine (Including strict RFC821 envelopes etc) and then what ever gets through there MailScanner gets! One of the other things I use to protect against brute force attacks is smtpd_hard_error_limit which I use to lower Postfix's hard error limit. So if there is a single client who issues too many errors they are disconnected after a set number of errors. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MHewryk at SYMCOR.COM Thu Feb 3 20:30:28 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:25 2006 Subject: SA & 50_scores.cf Message-ID: Anybody can send me out the scores for the SPAM below, please. The SPAM wasn't tagged as spam on my system. "not spam, SpamAssassin (score=4.777, required 4.9, autolearn=disabled, DATE_IN_PAST_96_XX 1.08, FORGED_RCVD_HELO 0.05, INFO_TLD 0.48, URIBL_OB_SURBL 2.00, URIBL_SBL 0.63, URIBL_WS_SURBL 0.54)" Thanks, Magda ----- Forwarded by Magdalena Hewryk/TOR/SYM on 02/03/2005 03:25 PM ----- Paula Commodore To 12/01/2004 06:20 cc AM Subject R.olex starting under $199 Original Replica Roleex wrist-watches salee We are offering Real Reproductions Replica R0lex watches for a lowest pricee ! http://ukldhwxmqw.hagimkbkjh.info/?Am66695x1Ebc3AAacJ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Thu Feb 3 20:31:08 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:28:25 2006 Subject: High CPU load, RCPT TO: Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Drew Marshall wrote: > Ed Bruce wrote: > >> Ok, I've seen a number of answers like this, as long as you use >> sendmail. Well we're using postfix. Does this not work with postfix? > > > No Thanks for the info and for answering my negative question :-) -- This message has been scanned for viruses and dangerous content by Secure Resource, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MHewryk at SYMCOR.COM Thu Feb 3 20:34:03 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:25 2006 Subject: SpamAssassin/MS & 25_uribl.cf Message-ID: What is DBI used for? debug: diag: module not installed: DBI ('require' failed) Magda "Furnish, Trever G" MAILSCANNER@JISCMAIL.AC.UK Sent by: cc MailScanner mailing list Subject 02/03/2005 03:28 PM Please respond to MailScanner mailing list Run the following and look for 25_uribl.cf in the output: spamassassin --lint -D 2>&1 | less (Replace "less" with "more" if you prefer to page through the output with "more".) > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Magda Hewryk > Sent: Thursday, February 03, 2005 3:12 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: SpamAssassin/MS & 25_uribl.cf > > > Hi, > > How can I make sure that SpamAssassin read/use 25_uribl.cf > file? I think if > I can make this working for me it will help dramatically to > identify Spam > correctly. > > > Thanks, > > Magda > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Thu Feb 3 20:34:07 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:28:25 2006 Subject: SA & 50_scores.cf Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Magda Hewryk wrote: > > Subject: > SA & 50_scores.cf > From: > Magda Hewryk > Date: > Thu, 3 Feb 2005 15:30:28 -0500 > To: > MAILSCANNER@JISCMAIL.AC.UK > > To: > MAILSCANNER@JISCMAIL.AC.UK > > > Anybody can send me out the scores for the SPAM below, please. The SPAM >wasn't tagged as spam on my system. > >"not spam, SpamAssassin (score=4.777, required 4.9, autolearn=disabled, >DATE_IN_PAST_96_XX 1.08, FORGED_RCVD_HELO 0.05, INFO_TLD 0.48, >URIBL_OB_SURBL 2.00, URIBL_SBL 0.63, URIBL_WS_SURBL 0.54)" >Thanks, > > Détails de l'analyse du message: (18.0 points, 5.0 requis) -0.0 SPF_HELO_PASS SPF: HELO matches SPF record 0.6 J_CHICKENPOX_13 BODY: 1alpha-pock-3alpha 0.6 J_CHICKENPOX_14 BODY: 1alpha-pock-4alpha 2.3 BIZ_TLD URI: Contient une URL dans un domaine en .biz 0.0 BAYES_50 BODY: L'algorithme Bayésien a évalué la probabilité de spam entre 40 et 60% [score: 0.5000] 3.5 URIBL_SBL Contains an URL listed in the SBL blocklist [URIs: hagimkbkjh.info] 4.0 URIBL_JP_SURBL Has URI in JP at http://www.surbl.org/lists.html [URIs: hagimkbkjh.info] 3.0 URIBL_WS_SURBL Contains a URL listed in the WS SURBL blocklist [URIs: hagimkbkjh.info] 4.0 URIBL_OB_SURBL Contains a URL listed in the OB SURBL blocklist [URIs: hagimkbkjh.info] It scores much higher here... your email was detected as spam... Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From TGFurnish at HERFFJONES.COM Thu Feb 3 20:45:51 2005 From: TGFurnish at HERFFJONES.COM (Furnish, Trever G) Date: Thu Jan 12 21:28:25 2006 Subject: SpamAssassin/MS & 25_uribl.cf Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You got that when you ran spamassassin --lint -D? You probably have missing PERL modules then, but that's really just a guess. DBI is a Perl API for accessing databases. It's provided as a set of Perl modules, and it in turn needs other (DBD) modules to talk to specific databases. One of those modules is probably DB_File, which is listed in the requirements for SpamAssassin 3+, so if you don't have that installed, don't expect things to work. If you're on a Redhat system (at least on my RHEL3 system), DBI is packaged as "perl-DBI" by Redhat and DB_File is needed from CPAN. Hope that helps. And hopefully others will correct me if I'm leading you astray... -t. > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Magda Hewryk > Sent: Thursday, February 03, 2005 3:34 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: SpamAssassin/MS & 25_uribl.cf > > > What is DBI used for? > > debug: diag: module not installed: DBI ('require' failed) > > > > Magda > > > > "Furnish, Trever > G" > To > ONES.COM> MAILSCANNER@JISCMAIL.AC.UK > Sent by: > cc > MailScanner > mailing list > Subject > 25_uribl.cf > MAIL.AC.UK> > > > 02/03/2005 03:28 > PM > > > Please respond to > MailScanner > mailing list > MAIL.AC.UK> > > > > > > > Run the following and look for 25_uribl.cf in the output: > spamassassin --lint -D 2>&1 | less > > (Replace "less" with "more" if you prefer to page through the > output with > "more".) > > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > > Behalf Of Magda Hewryk > > Sent: Thursday, February 03, 2005 3:12 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: SpamAssassin/MS & 25_uribl.cf > > > > > > Hi, > > > > How can I make sure that SpamAssassin read/use 25_uribl.cf > > file? I think if > > I can make this working for me it will help dramatically to > > identify Spam > > correctly. > > > > > > Thanks, > > > > Magda > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Thu Feb 3 20:49:15 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:28:25 2006 Subject: Slightly OT: Mutex file Message-ID: Downloaded the bayes start pack from Steve Swaney's site (www.fsl.com - thanks much Steve) and when I unpacked it I noticed a mutex file in there. Is that chaff? Should it be deleted? TIA... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MHewryk at SYMCOR.COM Thu Feb 3 20:49:58 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:25 2006 Subject: SA & 50_scores.cf Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Does anybody have the following points in the 50_scores.cf? Should I make them higher? How can I tune SP to use scores from the second (last column?). It looks like on my system it uses the numbers from the first column. # URIDNSBL ifplugin Mail::SpamAssassin::Plugin::URIDNSBL score URIBL_AB_SURBL 0 2.007 0 0.417 score URIBL_OB_SURBL 0 1.996 0 3.213 score URIBL_PH_SURBL 0 0.839 0 2.000 score URIBL_SBL 0 0.629 0 0.996 score URIBL_SC_SURBL 0 3.897 0 4.263 score URIBL_WS_SURBL 0 0.539 0 1.462 endif # Mail::SpamAssassin::Plugin::URIDNSBL Thanks, Magda Denis Beauchemin To Sent by: MAILSCANNER@JISCMAIL.AC.UK MailScanner cc mailing list Re: SA & 50_scores.cf 02/03/2005 03:34 PM Please respond to MailScanner mailing list Magda Hewryk wrote: > > Subject: > SA & 50_scores.cf > From: > Magda Hewryk > Date: > Thu, 3 Feb 2005 15:30:28 -0500 > To: > MAILSCANNER@JISCMAIL.AC.UK > > To: > MAILSCANNER@JISCMAIL.AC.UK > > > Anybody can send me out the scores for the SPAM below, please. The SPAM >wasn't tagged as spam on my system. > >"not spam, SpamAssassin (score=4.777, required 4.9, autolearn=disabled, >DATE_IN_PAST_96_XX 1.08, FORGED_RCVD_HELO 0.05, INFO_TLD 0.48, >URIBL_OB_SURBL 2.00, URIBL_SBL 0.63, URIBL_WS_SURBL 0.54)" >Thanks, > > Détails de l'analyse du message: (18.0 points, 5.0 requis) -0.0 SPF_HELO_PASS SPF: HELO matches SPF record 0.6 J_CHICKENPOX_13 BODY: 1alpha-pock-3alpha 0.6 J_CHICKENPOX_14 BODY: 1alpha-pock-4alpha 2.3 BIZ_TLD URI: Contient une URL dans un domaine en .biz 0.0 BAYES_50 BODY: L'algorithme Bayésien a évalué la probabilité de spam entre 40 et 60% [score: 0.5000] 3.5 URIBL_SBL Contains an URL listed in the SBL blocklist [URIs: hagimkbkjh.info] 4.0 URIBL_JP_SURBL Has URI in JP at http://www.surbl.org/lists.html [URIs: hagimkbkjh.info] 3.0 URIBL_WS_SURBL Contains a URL listed in the WS SURBL blocklist [URIs: hagimkbkjh.info] 4.0 URIBL_OB_SURBL Contains a URL listed in the OB SURBL blocklist [URIs: hagimkbkjh.info] It scores much higher here... your email was detected as spam... Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MHewryk at SYMCOR.COM Thu Feb 3 20:52:22 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:25 2006 Subject: SpamAssassin/MS & 25_uribl.cf Message-ID: I haveb DB_File and other modues as listed below. I'm going to install DBI via cpan. Thanks! debug: diag: module not installed: DBI ('require' failed) debug: diag: module installed: DB_File, version 1.808 debug: diag: module installed: Digest::SHA1, version 2.07 debug: diag: module installed: IO::Socket::UNIX, version 1.21 debug: diag: module installed: MIME::Base64, version 2.21 debug: diag: module installed: Net::DNS, version 0.45 debug: diag: module not installed: Net::LDAP ('require' failed) debug: diag: module installed: Razor2::Client::Agent, version 2.40 debug: diag: module installed: Storable, version 2.09 debug: diag: module installed: URI, version 1.30 Thanks, Magda "Furnish, Trever G" MAILSCANNER@JISCMAIL.AC.UK Sent by: cc MailScanner mailing list Subject 02/03/2005 03:45 PM Please respond to MailScanner mailing list You got that when you ran spamassassin --lint -D? You probably have missing PERL modules then, but that's really just a guess. DBI is a Perl API for accessing databases. It's provided as a set of Perl modules, and it in turn needs other (DBD) modules to talk to specific databases. One of those modules is probably DB_File, which is listed in the requirements for SpamAssassin 3+, so if you don't have that installed, don't expect things to work. If you're on a Redhat system (at least on my RHEL3 system), DBI is packaged as "perl-DBI" by Redhat and DB_File is needed from CPAN. Hope that helps. And hopefully others will correct me if I'm leading you astray... -t. > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Magda Hewryk > Sent: Thursday, February 03, 2005 3:34 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: SpamAssassin/MS & 25_uribl.cf > > > What is DBI used for? > > debug: diag: module not installed: DBI ('require' failed) > > > > Magda > > > > "Furnish, Trever > G" > To > ONES.COM> MAILSCANNER@JISCMAIL.AC.UK > Sent by: > cc > MailScanner > mailing list > Subject > 25_uribl.cf > MAIL.AC.UK> > > > 02/03/2005 03:28 > PM > > > Please respond to > MailScanner > mailing list > MAIL.AC.UK> > > > > > > > Run the following and look for 25_uribl.cf in the output: > spamassassin --lint -D 2>&1 | less > > (Replace "less" with "more" if you prefer to page through the > output with > "more".) > > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > > Behalf Of Magda Hewryk > > Sent: Thursday, February 03, 2005 3:12 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: SpamAssassin/MS & 25_uribl.cf > > > > > > Hi, > > > > How can I make sure that SpamAssassin read/use 25_uribl.cf > > file? I think if > > I can make this working for me it will help dramatically to > > identify Spam > > correctly. > > > > > > Thanks, > > > > Magda > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Thu Feb 3 21:00:53 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:28:25 2006 Subject: SpamAssassin/MS & 25_uribl.cf Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Magda Hewryk wrote: >I haveb DB_File and other modues as listed below. >I'm going to install DBI via cpan. Thanks! > >debug: diag: module not installed: DBI ('require' failed) >debug: diag: module installed: DB_File, version 1.808 >debug: diag: module installed: Digest::SHA1, version 2.07 >debug: diag: module installed: IO::Socket::UNIX, version 1.21 >debug: diag: module installed: MIME::Base64, version 2.21 >debug: diag: module installed: Net::DNS, version 0.45 >debug: diag: module not installed: Net::LDAP ('require' failed) >debug: diag: module installed: Razor2::Client::Agent, version 2.40 >debug: diag: module installed: Storable, version 2.09 >debug: diag: module installed: URI, version 1.30 > > Magda, You seem to have a really old version of MIME::Base64. This is not good as you may be vulnerable to many malformed MIME messages. Denis PS: I also have a slightly more recent version of Net::DNS 0.48. -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From peter at UCGBOOK.COM Thu Feb 3 21:02:37 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:25 2006 Subject: SA & 50_scores.cf Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Magda Hewryk wrote: > Does anybody have the following points in the 50_scores.cf? > Should I make them higher? > > How can I tune SP to use scores from the second (last column?). It looks > like on my system it uses the numbers from the first column. > > # URIDNSBL > ifplugin Mail::SpamAssassin::Plugin::URIDNSBL > score URIBL_AB_SURBL 0 2.007 0 0.417 > score URIBL_OB_SURBL 0 1.996 0 3.213 > score URIBL_PH_SURBL 0 0.839 0 2.000 > score URIBL_SBL 0 0.629 0 0.996 > score URIBL_SC_SURBL 0 3.897 0 4.263 > score URIBL_WS_SURBL 0 0.539 0 1.462 > endif # Mail::SpamAssassin::Plugin::URIDNSBL What column it uses depends on your configuration, the last column is for network checks and Bayes, they usually score the highest. It's all explained on the SA web site. Fix your DBI installation and start using Bayes. That will help. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MHewryk at SYMCOR.COM Thu Feb 3 21:19:18 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:25 2006 Subject: SpamAssassin/MS & 25_uribl.cf Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks!! I fixed this: debug: diag: module installed: MIME::Base64, version 3.05 Thanks, Magda Denis Beauchemin To Sent by: MAILSCANNER@JISCMAIL.AC.UK MailScanner cc mailing list Re: SpamAssassin/MS & 25_uribl.cf 02/03/2005 04:00 PM Please respond to MailScanner mailing list Magda Hewryk wrote: >I haveb DB_File and other modues as listed below. >I'm going to install DBI via cpan. Thanks! > >debug: diag: module not installed: DBI ('require' failed) >debug: diag: module installed: DB_File, version 1.808 >debug: diag: module installed: Digest::SHA1, version 2.07 >debug: diag: module installed: IO::Socket::UNIX, version 1.21 >debug: diag: module installed: MIME::Base64, version 2.21 >debug: diag: module installed: Net::DNS, version 0.45 >debug: diag: module not installed: Net::LDAP ('require' failed) >debug: diag: module installed: Razor2::Client::Agent, version 2.40 >debug: diag: module installed: Storable, version 2.09 >debug: diag: module installed: URI, version 1.30 > > Magda, You seem to have a really old version of MIME::Base64. This is not good as you may be vulnerable to many malformed MIME messages. Denis PS: I also have a slightly more recent version of Net::DNS 0.48. -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Feb 3 21:22:09 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:25 2006 Subject: SP scoring Message-ID: At 03:21 PM 2/3/2005, Magda Hewryk wrote: >Anybody can answer why option A)is scored so low comparing to option B)? >What I'm missing in the SA config that the scoring is so inaccurate? > >A) >not spam, SpamAssassin (score=1.318, required 4.9, autolearn=disabled, > > RAZOR2_CHECK 0.15, URIBL_SBL 0.63, URIBL_WS_SURBL 0.54)" > >vs. > >B) >score=5.36, required 5, BAYES_00 -2.60, BIZ_TLD 2.29, URIBL_OB_SURBL 3.21, >URIBL_SBL 1.00, URIBL_WS_SURBL 1.46 Looks like B) is using hand-edited non-standard scores for the SURBL rules.. They are higher than any of the scoresets in the standard distribution, thus must be custom. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john.crossan at valleypres.org Thu Feb 3 21:42:25 2005 From: john.crossan at valleypres.org (John Crossan) Date: Thu Jan 12 21:28:25 2006 Subject: Duplicate Message ID's Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have MailScanner and Mailwatch for MailScanner running. We are running MailScanner, SpamAssassin, postfix, ClamAV, and Mailwatch. I could not use mailwatch to release a message from quarantine today (February 3) because it had the same ID as a message received in December. I had to release it manually. Is there a fix for this? Thanks John Crossan Systems Administrator Valley Presbyterian Hospital Message ID: C3F6017C3BC Message Headers: Received: from adsl-63-196-151-90.dsl.lsan03.pacbell.net (firewall.valleypres.org [192.6.1.253]) by clamav.valleypres.org (Postfix) with ESMTP id C3F6017C3BC for ; Mon, 20 Dec 2004 10:42:01 -0800 (PST) Received: from smtp.jiscmail.ac.uk ([130.246.192.55]) by adsl-63-196-151-90.dsl.lsan03.pacbell.net with esmtp (Exim 3.13 #5) id 1CgSTp-0007Nu-00 for john.crossan@VALLEYPRES.ORG; Mon, 20 Dec 2004 10:42:01 -0800 Received: from LISTSERV.JISCMAIL.AC.UK (jiscmail.ac.uk) by smtp.jiscmail.ac.uk (LSMTP for Windows NT v1.1b) with SMTP id <7.0019BDC2@smtp.jiscmail.ac.uk>; Mon, 20 Dec 2004 18:40:59 +0000 Received: from JISCMAIL.AC.UK by JISCMAIL.AC.UK (LISTSERV-TCP/IP release 1.8e) Message ID:C3F6017C3BC Message Headers: Received: from mail.valleypres.org (firewall.valleypres.org [192.6.1.253]) by clamav.valleypres.org (Postfix) with ESMTP id C3F6017C3BC for ; Thu, 3 Feb 2005 12:10:57 -0800 (PST) Received: from 64-171-32-163.ded.pacbell.net ([64.171.32.163] helo=nts-1.triageconsulting.com) by mail.valleypres.org with esmtp (Exim 3.13 #5) id 1CwnJZ-0000jV-00 for tracey.talley@valleypres.org; Thu, 03 Feb 2005 12:10:57 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----_=_NextPart_001_01C50A2C.789D9C4A" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MHewryk at SYMCOR.COM Thu Feb 3 21:46:57 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:25 2006 Subject: SA & 50_scores.cf Message-ID: I did. Will see if it helps. Thanks! debug: diag: module installed: DBI, version 1.47 debug: diag: module installed: DB_File, version 1.808 debug: diag: module installed: Digest::SHA1, version 2.10 debug: diag: module installed: IO::Socket::UNIX, version 1.21 debug: diag: module installed: MIME::Base64, version 3.05 debug: diag: module installed: Net::DNS, version 0.48 debug: diag: module installed: Net::LDAP, version 0.32 debug: diag: module installed: Razor2::Client::Agent, version 2.40 debug: diag: module installed: Storable, version 2.13 debug: diag: module installed: URI, version 1.35 Thanks, Magda Peter Bonivart To Sent by: MAILSCANNER@JISCMAIL.AC.UK MailScanner cc mailing list Re: SA & 50_scores.cf 02/03/2005 04:02 PM Please respond to MailScanner mailing list Magda Hewryk wrote: > Does anybody have the following points in the 50_scores.cf? > Should I make them higher? > > How can I tune SP to use scores from the second (last column?). It looks > like on my system it uses the numbers from the first column. > > # URIDNSBL > ifplugin Mail::SpamAssassin::Plugin::URIDNSBL > score URIBL_AB_SURBL 0 2.007 0 0.417 > score URIBL_OB_SURBL 0 1.996 0 3.213 > score URIBL_PH_SURBL 0 0.839 0 2.000 > score URIBL_SBL 0 0.629 0 0.996 > score URIBL_SC_SURBL 0 3.897 0 4.263 > score URIBL_WS_SURBL 0 0.539 0 1.462 > endif # Mail::SpamAssassin::Plugin::URIDNSBL What column it uses depends on your configuration, the last column is for network checks and Bayes, they usually score the highest. It's all explained on the SA web site. Fix your DBI installation and start using Bayes. That will help. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Thu Feb 3 21:52:02 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:25 2006 Subject: SP scoring Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kettler wrote: > At 03:21 PM 2/3/2005, Magda Hewryk wrote: > >> Anybody can answer why option A)is scored so low comparing to option B)? >> What I'm missing in the SA config that the scoring is so inaccurate? >> >> A) >> not spam, SpamAssassin (score=1.318, required 4.9, autolearn=disabled, >> > RAZOR2_CHECK 0.15, URIBL_SBL 0.63, URIBL_WS_SURBL 0.54)" >> >> vs. >> >> B) >> score=5.36, required 5, BAYES_00 -2.60, BIZ_TLD 2.29, URIBL_OB_SURBL >> 3.21, >> URIBL_SBL 1.00, URIBL_WS_SURBL 1.46 > > > Looks like B) is using hand-edited non-standard scores for the SURBL > rules.. They are higher than any of the scoresets in the standard > distribution, thus must be custom. No, it's the standard scores for bayes+network, A is just network without bayes. Both A and B look standard to me. This is from one of my installations, it's the same as on the SA web site. score URIBL_AB_SURBL 0 2.007 0 0.417 score URIBL_OB_SURBL 0 1.996 0 3.213 score URIBL_PH_SURBL 0 0.839 0 2.000 score URIBL_SBL 0 0.629 0 0.996 score URIBL_SC_SURBL 0 3.897 0 4.263 score URIBL_WS_SURBL 0 0.539 0 1.462 -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Thu Feb 3 21:54:21 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:25 2006 Subject: SA & 50_scores.cf Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Magda Hewryk wrote: > I did. Will see if it helps. > Thanks! Good, note that it will not use the fourth column of scores until it has analyzed 200 spam and 200 non spam messages. Then it will kick in. You can see how many it is at right now with "sa-learn --dump=magic". -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Feb 3 22:21:16 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:25 2006 Subject: SP scoring Message-ID: At 04:52 PM 2/3/2005, Peter Bonivart wrote: > > Looks like B) is using hand-edited non-standard scores for the SURBL > > rules.. They are higher than any of the scoresets in the standard > > distribution, thus must be custom. > >No, it's the standard scores for bayes+network, A is just network >without bayes. Both A and B look standard to me. You're right.. I mis-read the numbers.. Ick. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brad at BECKENHAUER.COM Thu Feb 3 22:22:22 2005 From: brad at BECKENHAUER.COM (Brad Beckenhauer) Date: Thu Jan 12 21:28:25 2006 Subject: Duplicate Message ID's Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] John, Start with giving us some version information. MailScanner v. SpamAssassin v. Postfix v. ClamAV v. Mailwatch v. Also, Julian added some postfix changes in v4.37.6 released in December 04 that may be relevant to your issue. From MHewryk at SYMCOR.COM Thu Feb 3 22:27:57 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:25 2006 Subject: SA & 50_scores.cf -- D CCifd Message-ID: Thanks! Last question: DCCifd - do we need it? debug: DCCifd is not available: no r/w dccifd socket found. debug: executable for dccproc was found at /usr/local/bin/dccproc debug: DCC is available: /usr/local/bin/dccproc Thanks, Magda Hewryk -------------------------------- Mid-Range Systems 905-273-1637 (Office) 416-554-0743 (Cell) Peter Bonivart To Sent by: MAILSCANNER@JISCMAIL.AC.UK MailScanner cc mailing list Re: SA & 50_scores.cf 02/03/2005 04:54 PM Please respond to MailScanner mailing list Magda Hewryk wrote: > I did. Will see if it helps. > Thanks! Good, note that it will not use the fourth column of scores until it has analyzed 200 spam and 200 non spam messages. Then it will kick in. You can see how many it is at right now with "sa-learn --dump=magic". -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MHewryk at SYMCOR.COM Thu Feb 3 22:35:15 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:25 2006 Subject: SA & 50_scores.cf - bayes db version2 is not able to be used Message-ID: Anybody saw this error before? # sa-learn --dump=magic bayes: bayes db version 2 is not able to be used, aborting! at /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/BayesStore/DBM.pm line 160. bayes: bayes db version 2 is not able to be used, aborting! at /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/BayesStore/DBM.pm line 160. ERROR: Bayes dump returned an error, please re-run with -D for more information Thanks, Magda Hewryk -------------------------------- Mid-Range Systems 905-273-1637 (Office) 416-554-0743 (Cell) Peter Bonivart To Sent by: MAILSCANNER@JISCMAIL.AC.UK MailScanner cc mailing list Re: SA & 50_scores.cf 02/03/2005 04:54 PM Please respond to MailScanner mailing list Magda Hewryk wrote: > I did. Will see if it helps. > Thanks! Good, note that it will not use the fourth column of scores until it has analyzed 200 spam and 200 non spam messages. Then it will kick in. You can see how many it is at right now with "sa-learn --dump=magic". -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Thu Feb 3 22:37:06 2005 From: steve.swaney at FSL.COM (Steve Swaney) Date: Thu Jan 12 21:28:25 2006 Subject: SA & 50_scores.cf -- D CCifd Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Magda Hewryk > Sent: Thursday, February 03, 2005 5:28 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: SA & 50_scores.cf -- D CCifd > > Thanks! > Last question: DCCifd - do we need it? > > debug: DCCifd is not available: no r/w dccifd socket found. > debug: executable for dccproc was found at /usr/local/bin/dccproc > debug: DCC is available: /usr/local/bin/dccproc > > > Thanks, > > Magda Hewryk Magda, No. Unless you're cprcessing +100,000 emails a day. I quote from the DCC FAQ: "--------------- Do I need to run a DCC server? A mail system that processes fewer than 100,000 mail messages per day uses less of its own bandwidth and the bandwidth of other DCC servers by using the public DCC servers. Each mail message needs a DCC transaction that requires about 100 bytes, and so 100,000 mail messages/day imply about 10 MBytes/day of DCC client-server traffic. Each DCC server needs to exchange "floods" or streams of checksms with 4 other servers. Each flood is currently about 100 MBytes/day for a current total of about 400 MBytes/day. When normally installed by the included Makefiles, DCC clients are configured to use the public DCC servers without any additional configuration, except to open firewalls to port 6277. Mail systems that process more than 100,000 mail messages per day need local DCC servers connected to the global network of DCC servers. The public DCC servers include denial of service defenses which ignore requests in excess of about 240,000 per day per client. ---------------" Steve Steve Swaney steve@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Thu Feb 3 22:42:20 2005 From: steve.swaney at FSL.COM (Steve Swaney) Date: Thu Jan 12 21:28:25 2006 Subject: SA & 50_scores.cf - bayes db version2 is not able to be used Message-ID: www.fsl.com steve.swaney@fsl.com > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Magda Hewryk > Sent: Thursday, February 03, 2005 5:35 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: SA & 50_scores.cf - bayes db version2 is not able to be used > > Anybody saw this error before? > > # sa-learn --dump=magic > > bayes: bayes db version 2 is not able to be used, aborting! at > /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/BayesStore/DBM.pm line > 160. > bayes: bayes db version 2 is not able to be used, aborting! at > /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/BayesStore/DBM.pm line > 160. > ERROR: Bayes dump returned an error, please re-run with -D for more > information > > > Thanks, > > Magda Hewryk I quote from the UPGRADE field shipped with SpamAssassin 3.X.X. "-------------------------- - The Bayesian storage modules have been completely re-written and now include Berkeley DB (DBM) storage as well as SQL based storage (see sql/README.bayes for more information). In addition, a new format has been introduced for the bayes database that stores tokens in fixed length hashes (Bayes v3). All DBM databases should be automatically converted to this new format the first time they are opened for write. You can manually perform the upgrade by running "sa-learn --sync" from the command line. --------------------------" Shutdown MailScanner and run: sa-learn --sync -p /etc/Mailscanner/spam.assassin.prefs.conf You may need to modify the if you're not running on a Linux system. Steve Steve Swaney President Fortress Systems Ltd. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Thu Feb 3 22:46:27 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:25 2006 Subject: SA & 50_scores.cf -- D CCifd Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steve Swaney wrote: >>Behalf Of Magda Hewryk >> >>Thanks! >>Last question: DCCifd - do we need it? >> >>debug: DCCifd is not available: no r/w dccifd socket found. >>debug: executable for dccproc was found at /usr/local/bin/dccproc >>debug: DCC is available: /usr/local/bin/dccproc > > Magda, > > No. Unless you're cprcessing +100,000 emails a day. I quote from the DCC > FAQ: > > "--------------- > Do I need to run a DCC server? But dccifd is not the server, it's the daemon version of dccproc. Magda: you don't need it and you will probably not gain much performance by using it but it doesn't hurt. It's not a problem though, SA checks for it first and automatically falls back to dccproc. No worries. Look here for help on setting up dccifd: http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/312.html -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Thu Feb 3 22:50:18 2005 From: steve.swaney at FSL.COM (Steve Swaney) Date: Thu Jan 12 21:28:25 2006 Subject: SA & 50_scores.cf -- D CCifd Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Peter Bonivart > Sent: Thursday, February 03, 2005 5:46 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: SA & 50_scores.cf -- D CCifd > > Steve Swaney wrote: > >>Behalf Of Magda Hewryk > >> > >>Thanks! > >>Last question: DCCifd - do we need it? > >> > >>debug: DCCifd is not available: no r/w dccifd socket found. > >>debug: executable for dccproc was found at /usr/local/bin/dccproc > >>debug: DCC is available: /usr/local/bin/dccproc > > > > Magda, > > > > No. Unless you're cprcessing +100,000 emails a day. I quote from the DCC > > FAQ: > > > > "--------------- > > Do I need to run a DCC server? > > But dccifd is not the server, it's the daemon version of dccproc. > > Magda: you don't need it and you will probably not gain much performance > by using it but it doesn't hurt. It's not a problem though, SA checks > for it first and automatically falls back to dccproc. No worries. > > Look here for help on setting up dccifd: > > http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/312.html > > -- > /Peter Bonivart > Peter, Thanks, You just proved that (especially in my case) you're never too old to learn something new ":) Steve Steve Swaney President Fortress Systems Ltd. www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john.crossan at valleypres.org Thu Feb 3 22:53:17 2005 From: john.crossan at valleypres.org (John Crossan) Date: Thu Jan 12 21:28:25 2006 Subject: Duplicate Message ID's Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] MailScanner v. 4.35.11 SpamAssassin v. 3.0.1 Postfix v. 2.1.4 ClamAV v. 0.80/699 Mailwatch v. 0.5.1 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Brad Beckenhauer Sent: Thursday, February 03, 2005 2:22 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Duplicate Message ID's John, Start with giving us some version information. MailScanner v. SpamAssassin v. Postfix v. ClamAV v. Mailwatch v. Also, Julian added some postfix changes in v4.37.6 released in December 04 that may be relevant to your issue. >From the Change Log: - Changed Postfix handling so that "Archive Mail" feature creates files with unique names so that re-used message-ids don't cause overwriting of older files in the same day with the same message-id. Brad >>> John Crossan 2/3/2005 3:42:25 PM >>> I have MailScanner and Mailwatch for MailScanner running. We are running MailScanner, SpamAssassin, postfix, ClamAV, and Mailwatch. I could not use mailwatch to release a message from quarantine today (February 3) because it had the same ID as a message received in December. I had to release it manually. Is there a fix for this? Thanks John Crossan Systems Administrator Valley Presbyterian Hospital Message ID: C3F6017C3BC Message Headers: Received: from adsl-63-196-151-90.dsl.lsan03.pacbell.net (firewall.valleypres.org [192.6.1.253]) by clamav.valleypres.org (Postfix) with ESMTP id C3F6017C3BC for ; Mon, 20 Dec 2004 10:42:01 -0800 (PST) Received: from smtp.jiscmail.ac.uk ([130.246.192.55]) by adsl-63-196-151-90.dsl.lsan03.pacbell.net with esmtp (Exim 3.13 #5) id 1CgSTp-0007Nu-00 for john.crossan@VALLEYPRES.ORG; Mon, 20 Dec 2004 10:42:01 -0800 Received: from LISTSERV.JISCMAIL.AC.UK (jiscmail.ac.uk) by smtp.jiscmail.ac.uk (LSMTP for Windows NT v1.1b) with SMTP id <7.0019BDC2@smtp.jiscmail.ac.uk>; Mon, 20 Dec 2004 18:40:59 +0000 Received: from JISCMAIL.AC.UK by JISCMAIL.AC.UK (LISTSERV-TCP/IP release 1.8e) Message ID:C3F6017C3BC Message Headers: Received: from mail.valleypres.org (firewall.valleypres.org [192.6.1.253]) by clamav.valleypres.org (Postfix) with ESMTP id C3F6017C3BC for ; Thu, 3 Feb 2005 12:10:57 -0800 (PST) Received: from 64-171-32-163.ded.pacbell.net ([64.171.32.163] helo=nts-1.triageconsulting.com) by mail.valleypres.org with esmtp (Exim 3.13 #5) id 1CwnJZ-0000jV-00 for tracey.talley@valleypres.org; Thu, 03 Feb 2005 12:10:57 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----_=_NextPart_001_01C50A2C.789D9C4A" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Thu Feb 3 23:04:21 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:28:25 2006 Subject: Duplicate Message ID's Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] John Crossan writes: > I have MailScanner and Mailwatch for MailScanner running. > We are running MailScanner, SpamAssassin, postfix, ClamAV, and Mailwatch. > I could not use mailwatch to release a message from quarantine today > (February 3) because it had the same ID as a message received in December. > I had to release it manually. Is there a fix for this? > This is a known issue for some postfix users.. from the postfix docs, postfix can and will reuse queue / message ids.. Julian fixed this a few minor versions back so if you upgrade (assuming you haven't already) this should be fixed. This has also to do with the fact that your /var and /var/spool may not be on the same partition. Read the mailscanner archives for november / december 2004 for a better explanation. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Thu Feb 3 23:08:14 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:28:25 2006 Subject: High CPU load, RCPT TO: Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Drew Marshall writes: > Ed Bruce wrote: > >> Ok, I've seen a number of answers like this, as long as you use >> sendmail. Well we're using postfix. Does this not work with postfix? > > No > Actually 4.38 onwards Julian and Rakesh introduced postfix support in the IPBlock code.. An upgrade of the customconfig.pm should allow this (if not a complete upgrade). You will however need to use the check_client_access parameter under smtpd_client_restrictions in your main.cf, rest being the same as that for sendmail. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john.crossan at valleypres.org Thu Feb 3 23:08:32 2005 From: john.crossan at valleypres.org (John Crossan) Date: Thu Jan 12 21:28:25 2006 Subject: Duplicate Message ID's Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] /var and /var/spool are on the same partition. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Dhawal Doshy Sent: Thursday, February 03, 2005 3:04 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Duplicate Message ID's John Crossan writes: > I have MailScanner and Mailwatch for MailScanner running. > We are running MailScanner, SpamAssassin, postfix, ClamAV, and Mailwatch. > I could not use mailwatch to release a message from quarantine today > (February 3) because it had the same ID as a message received in December. > I had to release it manually. Is there a fix for this? > This is a known issue for some postfix users.. from the postfix docs, postfix can and will reuse queue / message ids.. Julian fixed this a few minor versions back so if you upgrade (assuming you haven't already) this should be fixed. This has also to do with the fact that your /var and /var/spool may not be on the same partition. Read the mailscanner archives for november / december 2004 for a better explanation. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Thu Feb 3 23:13:36 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:25 2006 Subject: High CPU load, RCPT TO: Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dhawal Doshy wrote: > Drew Marshall writes: > >> Ed Bruce wrote: >> >>> Ok, I've seen a number of answers like this, as long as you use >>> sendmail. Well we're using postfix. Does this not work with postfix? >> >> >> No >> > > Actually 4.38 onwards Julian and Rakesh introduced postfix support in the > IPBlock code.. An upgrade of the customconfig.pm should allow this (if > not a > complete upgrade). Oops, you are right, I had forgotten :-( . Thanks for correcting me :-) > > You will however need to use the check_client_access parameter under > smtpd_client_restrictions in your main.cf, rest being the same as that > for > sendmail. Indeed. As mentioned before all the smtpd_ functions can still be used with Postfix/ MailScanner combination. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Thu Feb 3 23:28:54 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:28:25 2006 Subject: Duplicate Message ID's Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] John Crossan writes: > /var and /var/spool are on the same partition. > Hmm, in any case upgrade.. if you are interested in knowing more, then start here http://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind04&L=mailscanner&D=0&I=0&P= 2093670 and follow the topic. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brad at BECKENHAUER.COM Thu Feb 3 23:35:32 2005 From: brad at BECKENHAUER.COM (Brad Beckenhauer) Date: Thu Jan 12 21:28:25 2006 Subject: Duplicate Message ID's Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] John, Since you've already released the problem message, update MailScanner, the update includes the fix for your issue. - Brad >>> John Crossan 2/3/2005 5:08:32 PM >>> /var and /var/spool are on the same partition. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Dhawal Doshy Sent: Thursday, February 03, 2005 3:04 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Duplicate Message ID's John Crossan writes: > I have MailScanner and Mailwatch for MailScanner running. > We are running MailScanner, SpamAssassin, postfix, ClamAV, and Mailwatch. > I could not use mailwatch to release a message from quarantine today > (February 3) because it had the same ID as a message received in December. > I had to release it manually. Is there a fix for this? > This is a known issue for some postfix users.. from the postfix docs, postfix can and will reuse queue / message ids.. Julian fixed this a few minor versions back so if you upgrade (assuming you haven't already) this should be fixed. This has also to do with the fact that your /var and /var/spool may not be on the same partition. Read the mailscanner archives for november / december 2004 for a better explanation. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Feb 3 23:39:50 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:25 2006 Subject: OT Taking care of mail errors and dnsreport.com Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Billy Pumphrey wrote: >>-----Original Message----- >>From: Kevin Miller [mailto:Kevin_Miller@CI.JUNEAU.AK.US] >>Sent: Wednesday, February 02, 2005 2:43 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: OT Taking care of mail errors and dnsreport.com >> >>Dave Duffner - NWCWEB.com wrote: >> >>>Greetings, >>> >>> Just as a side note on this thread I've been >> >>watching... The >> >>>last 2 weeks I've had very strange reports from both dnsreports and >>>dnsstuff that don't match. dnsreports keeps giving false >> >>errors that >> >>>dnsstuff shows as being OK. >>> >>> So this may not even be a true error being chased down, may >>>want to run tests through other points and see if you get the same >>>results! >> >>I just sent a note off to postmaster@woodmaclaw.com, but then >>doublechecked dnsreports. It looks like it's >>backup.mywebmailserver.com that's misconfigured, not >>mail.woodmaclaw.com. All my original comments apply still, I >>think, but the addresses in the mailer-table might be >>different depending on his IP layout. >> >>Dnsreport message: >>------------------- >>ERROR: One or more of your mailservers does not accept mail >>to postmaster@woodmaclaw.com. Mailservers are required (RFC822 6.3, >>RFC1123 5.2.7, and RFC2821 4.5.1) to accept mail to postmaster. >>backup.mywebmailserver.com's postmaster response: >>^^^^^^ >> >>>>>RCPT TO: <<< 550 5.7.1 ... we do not >>>>>relay <> >> >>------------------- >> >>S'later... >> >>...Kevin >>-- >>Kevin Miller Registered Linux User No: 307357 >>CBJ MIS Dept. Network Systems Admin., Mail Admin. >>155 South Seward Street ph: (907) 586-0242 >>Juneau, Alaska 99801 fax: (907 586-4500 >> > > > I did receive your email that you sent to postmaster@woodmaclaw.com. I get > confused because of how our web site is being hosted. It is being resaled > who knows how many times and I can barely find out the company that actually > host it. > > Mail.woodmaclaw.com is only a A record that points to our IP address. My > router then forwards the smtp traffic to the mailscanner.woodmaclaw.com <-- > I did change the name to .com. Mailscanner.woodmaclaw.com is a local > machine with a local IP address. My exchange server name is > woodendc.woodmaclaw.local and of course is a local machine. So > mail.woodmaclaw.com is not a machine. > > The way that the web site is hosted makes me want to change it so that at > the least I have charge of the DNS, but yet again I could do without that > responsibility. That machine called backup.mywebmailserver.com, I have no > clue what that machines function is other than to confuse me :). > > In other words I don't really know the path of the email from the beginning. > You send me an email, goes to ns1.mydnsserver.com, ns1 says goto > 68.74.55.130 (my ip address), and then the process starts from where we have > talked about. So seems like maybe some of these errors from emails are > getting bounced or error "we do not relay" because of > backup.mywebmailserver.com? > It takes some time to get things going right. I just spent a week trying to get MCI to give me control of my reverse dns, and 3 days to get it to work. Most of your problems seem to point to your backup MX which needs the alias from postmaster to whatever user you want to get such mail. It also gives a different name then the DNS records think. backup.mywebmailserver.com claims to be host email07.mywebmailserver.com. Also, your nameservers seem to respond sporadically -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Fri Feb 4 00:21:50 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:26 2006 Subject: [Fwd: too suspicious by half?] Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Daniel Bird wrote: > Found this quite humorous, but am not quite sure why this happened. A > good use for the phishing whitelist me thinks , until I can figure out > why.... > > Dan > > -------- Original Message -------- > Subject: too suspicious by half? > Date: Thu, 03 Feb 2005 12:00:55 +0000 > From: Dominick McIntyre <*****@******> > To: Daniel Bird > > > > Nice to see your email filter doesn't even trust itself... > >> > ------ End of Forwarded Message >> > >> > -- >> > This message has been scanned for viruses and >> > dangerous content by MailScanner *MailScanner has detected a possible > > fraud attempt from "www.mailscanner.info" claiming to be* > , and is > >> > believed to be clean. >> > MailScanner thanks transtec Computers *MailScanner has detected a > > possible fraud attempt from "www.transtec.co.uk" claiming to be* > for Are you sure you have a current version? This seems to be one of the initial "teething" problems of choking on the last backslash. -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Fri Feb 4 00:39:18 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:26 2006 Subject: SA & 50_scores.cf Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Bonivart wrote: > Magda Hewryk wrote: > >> I did. Will see if it helps. >> Thanks! > > > Good, note that it will not use the fourth column of scores until it has > analyzed 200 spam and 200 non spam messages. Then it will kick in. Or you can use the starter database at Fortress Systems http://www.fsl.com/support/index.html -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MHewryk at SYMCOR.COM Fri Feb 4 03:26:04 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:26 2006 Subject: SA & 50_scores.cf - bayes db version2 is not able to be used (fixed) Message-ID: Thanks! Works! #root# sa-learn --sync -p /etc/Mailscanner/spam.assassin.prefs.conf synced Bayes databases from journal in 1 seconds: 950 unique entries (1253 total entries) #root# sa-learn --dump=magic 0.000 0 3 0 non-token data: bayes db version 0.000 0 2051 0 non-token data: nspam 0.000 0 53957 0 non-token data: nham 0.000 0 160368 0 non-token data: ntokens 0.000 0 1105352034 0 non-token data: oldest atime 0.000 0 1107487222 0 non-token data: newest atime 0.000 0 1107487416 0 non-token data: last journal sync atime 0.000 0 1107470240 0 non-token data: last expiry atime 0.000 0 345600 0 non-token data: last expire atime delta 0.000 0 6980 0 non-token data: last expire reduction count Thanks, Magda Steve Swaney To Sent by: MAILSCANNER@JISCMAIL.AC.UK MailScanner cc mailing list Re: SA & 50_scores.cf - bayes db version2 is not able to be used 02/03/2005 05:42 PM Please respond to MailScanner mailing list www.fsl.com steve.swaney@fsl.com > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Magda Hewryk > Sent: Thursday, February 03, 2005 5:35 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: SA & 50_scores.cf - bayes db version2 is not able to be used > > Anybody saw this error before? > > # sa-learn --dump=magic > > bayes: bayes db version 2 is not able to be used, aborting! at > /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/BayesStore/DBM.pm line > 160. > bayes: bayes db version 2 is not able to be used, aborting! at > /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/BayesStore/DBM.pm line > 160. > ERROR: Bayes dump returned an error, please re-run with -D for more > information > > > Thanks, > > Magda Hewryk I quote from the UPGRADE field shipped with SpamAssassin 3.X.X. "-------------------------- - The Bayesian storage modules have been completely re-written and now include Berkeley DB (DBM) storage as well as SQL based storage (see sql/README.bayes for more information). In addition, a new format has been introduced for the bayes database that stores tokens in fixed length hashes (Bayes v3). All DBM databases should be automatically converted to this new format the first time they are opened for write. You can manually perform the upgrade by running "sa-learn --sync" from the command line. --------------------------" Shutdown MailScanner and run: sa-learn --sync -p /etc/Mailscanner/spam.assassin.prefs.conf You may need to modify the if you're not running on a Linux system. Steve Steve Swaney President Fortress Systems Ltd. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Fri Feb 4 09:01:56 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:26 2006 Subject: Phishing Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I still thing there sould have a way of blocking phishing mails like there is with spam. Now that we have the phishing white list, would be great to forward all the other phishing mails to one account, like I already do with spam. A boy in my city (a small city with 65.000 habitants, in south Brazil), with 19 years old, was arrested this week with US$ 2.500.000 that he obtained with phishing mails... In my opinion, blocking this kind of messages would be the more efetive way of avoiding the frauds.. Regards Roger Jochem ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From housey at SME-ECOM.CO.UK Fri Feb 4 09:39:00 2005 From: housey at SME-ECOM.CO.UK (Paul Houselander) Date: Thu Jan 12 21:28:26 2006 Subject: Failed to link message body between queues Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi I seem to get a few of these each day MailScanner[5322]: Failed to link message body between queues (/var/spool/mqueue/dfj1101h4t008448 --> /var/spool/mqueue.in/dfj1101h4t008448) I was thinking it maybe to do with locking, Mailscanner.conf reads Lock Type = Which I think means it defaults to flock. Im running sendmail-8.12.11-4.6 (Fedora Core 2 box) so I dont think I need to change this to posix. Im running Mailscanner version 4.35.11 Anyone have any ideals or what else to check? Paul ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michael at NOMENNESCIO.NET Fri Feb 4 10:11:45 2005 From: michael at NOMENNESCIO.NET (Mike) Date: Thu Jan 12 21:28:26 2006 Subject: Failed to link message body between queues Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Paul Houselander > >I was thinking it maybe to do with locking, Mailscanner.conf reads > >Lock Type = > >Which I think means it defaults to flock. Im running sendmail-8.12.11-4.6 >(Fedora Core 2 box) so I dont think I need to change this to posix. You do have to change it. Sendmail 8.12.11 (from 8.12.10 I think) needs the posix locking. >Paul Mike. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dh at UPTIME.AT Fri Feb 4 10:25:12 2005 From: dh at UPTIME.AT ([ISO-8859-1] David Höhn) Date: Thu Jan 12 21:28:26 2006 Subject: Failed to link message body between queues Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Mike wrote: |>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On |>Behalf Of Paul Houselander |> |>I was thinking it maybe to do with locking, Mailscanner.conf reads |> |>Lock Type = |> |>Which I think means it defaults to flock. Im running sendmail-8.12.11-4.6 |>(Fedora Core 2 box) so I dont think I need to change this to posix. | | | You do have to change it. Sendmail 8.12.11 (from 8.12.10 I think) needs the posix locking. | Actually all redhat based versions (and that is where fedora core comes from) use FLOCK and not posix locking. You can easiyl check wheter your sendmail was compiled with posix though by outputting the compile flags - -d - -- nee anata wo mitsukete soshite nidoto wasurezu ~ donna ni munega itakutemo soba ni iru no ~ zutto...zutto...zutto Key fingerprint = FD77 F0B7 5C65 F546 EB08 A4EC 3CCA 1A32 7E24 291E -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (Darwin) iD8DBQFCA02IPMoaMn4kKR4RAxnyAJ0Z8Xlk5j3DwHQTovl/Fkp/3CuknwCeK964 TNcMB64zQkf2xQuVpED3V48= =Jw9b -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Feb 4 10:32:30 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:26 2006 Subject: Duplicate Message ID's Message-ID: As is (hopefully) abundantly clear in the archives (both MS and MW) the "duplicate problem" is severely increased by having /var/spool as a separate filesystem, but the behaviour is there even if it isn't. It's a question of probabilities of inode reuse, and hitting the same microsecond:-). The original patch from Julian is in the archive (in a mail to me), and it'll apply without errors to a vanilla 4.35.11 IIRC. But best is to upgrade. Do clamav while you're at it;-). -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Dhawal Doshy > Sent: den 4 februari 2005 00:29 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Duplicate Message ID's > > > John Crossan writes: > > > /var and /var/spool are on the same partition. > > > > Hmm, in any case upgrade.. if you are interested in knowing > more, then start > here > http://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind04&L=mailscan ner&D=0&I=0&P= 2093670 and follow the topic. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From housey at SME-ECOM.CO.UK Fri Feb 4 10:44:09 2005 From: housey at SME-ECOM.CO.UK (Paul Houselander) Date: Thu Jan 12 21:28:26 2006 Subject: Failed to link message body between queues {Scanned by VITANIUM} Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Thanks for the replies. I ran sendmail -d0.10 and HASFLOCK appeared in the OS Defines. Does that mean sendmail uses FLOCK locking? If thats the case any other ideas what might be causing this problem? Thanks Paul -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of David Höhn Sent: 04 February 2005 10:25 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Failed to link message body between queues {Scanned by VITANIUM} -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Mike wrote: |>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On |>Behalf Of Paul Houselander |> |>I was thinking it maybe to do with locking, Mailscanner.conf reads |> |>Lock Type = |> |>Which I think means it defaults to flock. Im running sendmail-8.12.11-4.6 |>(Fedora Core 2 box) so I dont think I need to change this to posix. | | | You do have to change it. Sendmail 8.12.11 (from 8.12.10 I think) needs the posix locking. | Actually all redhat based versions (and that is where fedora core comes from) use FLOCK and not posix locking. You can easiyl check wheter your sendmail was compiled with posix though by outputting the compile flags - -d - -- nee anata wo mitsukete soshite nidoto wasurezu ~ donna ni munega itakutemo soba ni iru no ~ zutto...zutto...zutto Key fingerprint = FD77 F0B7 5C65 F546 EB08 A4EC 3CCA 1A32 7E24 291E -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (Darwin) iD8DBQFCA02IPMoaMn4kKR4RAxnyAJ0Z8Xlk5j3DwHQTovl/Fkp/3CuknwCeK964 TNcMB64zQkf2xQuVpED3V48= =Jw9b -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This message has been scanned for unacceptable content by 'VITANIUM' the industry leading email virus and content management service from Vitanium Systems. Contact details are available at www.vitanium.com. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rvitoria at CI.UCP.PT Fri Feb 4 10:47:58 2005 From: rvitoria at CI.UCP.PT (Rui Vitoria) Date: Thu Jan 12 21:28:26 2006 Subject: Problem with new version of Mailscanner Message-ID: Hi can`t anybody help me please. I`ve this error on my sistem, when i restart de service. Shutting down MailScanner daemons: MailScanner: [FAILED] incoming sendmail: [ OK ] outgoing sendmail: [ OK ] Starting MailScanner daemons: incoming sendmail: [ OK ] outgoing sendmail: [ OK ] MailScanner: Can't locate HTML/Tagset.pm in @INC (@INC contains: /usr/lib/MailScanner /usr/lib/perl5/5.6.1/i386- linux /usr/lib/perl5/5.6.1 /usr/lib/perl5/site_perl/5.6.1/i386- linux /usr/lib/perl5/site_perl/5.6.1 /usr/lib/perl5/site_perl/5.6.0/i386- linux /usr/lib/perl5/site_perl/5.6.0 /usr/lib/perl5/site_perl /usr/lib/perl 5/vendor_perl/5.6.1/i386- linux /usr/lib/perl5/vendor_perl/5.6.1 /usr/lib/perl5/vendor_perl . /usr/li b/MailScanner) at /usr/lib/perl5/site_perl/5.6.1/i386- linux/HTML/TokeParser.pm line 12. BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.6.1/i386- linux/HTML/TokeParser.pm line 12. Compilation failed in require at /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 44. BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 44. Compilation failed in require at /usr/sbin/MailScanner line 73. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 73. [ OK ] ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Feb 4 10:56:17 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:26 2006 Subject: Problem with new version of Mailscanner Message-ID: Rui hmm look like problems with RPM installations. Some people can fix this by installing the perl modules from CPAN rather than the RPMs. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Rui Vitoria wrote: > Hi can`t anybody help me please. > > I`ve this error on my sistem, when i restart de service. > > Shutting down MailScanner daemons: > MailScanner: [FAILED] > incoming sendmail: [ OK ] > outgoing sendmail: [ OK ] > Starting MailScanner daemons: > incoming sendmail: [ OK ] > outgoing sendmail: [ OK ] > MailScanner: Can't locate HTML/Tagset.pm in @INC (@INC > contains: /usr/lib/MailScanner /usr/lib/perl5/5.6.1/i386- > linux /usr/lib/perl5/5.6.1 /usr/lib/perl5/site_perl/5.6.1/i386- > linux /usr/lib/perl5/site_perl/5.6.1 /usr/lib/perl5/site_perl/5.6.0/i386- > linux /usr/lib/perl5/site_perl/5.6.0 /usr/lib/perl5/site_perl /usr/lib/perl > 5/vendor_perl/5.6.1/i386- > linux /usr/lib/perl5/vendor_perl/5.6.1 /usr/lib/perl5/vendor_perl . /usr/li > b/MailScanner) at /usr/lib/perl5/site_perl/5.6.1/i386- > linux/HTML/TokeParser.pm line 12. > BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.6.1/i386- > linux/HTML/TokeParser.pm line 12. > Compilation failed in require > at /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 44. > BEGIN failed--compilation aborted > at /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 44. > Compilation failed in require at /usr/sbin/MailScanner line 73. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 73. > [ OK ] > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at DFK-SYSTEMS.COM Fri Feb 4 11:24:26 2005 From: mailscanner at DFK-SYSTEMS.COM (Mark Waterhouse - Mailing Lists) Date: Thu Jan 12 21:28:26 2006 Subject: Mail unscanned when sent to multiple users Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have MailScanner setup to scan multiple domains on one box and then feed the resulting email to their destination server. I also have MailScanner to selectively scan messages sent to domain users. I have spam/virus checking based upon a ruleset....domain.filter.rules I have set my rules up as FromOrTo: *@mydomain1.com no FromOrTo: *@mydomain2.com yes FromOrTo: user@mydomain3.com no FromOrTo: default yes If a mail is sent to user@mydomain3.com, it isnt scanned.....desired behaviour If a mail is sent to user2@mydomain3.com, it is scanned....also desired behaviour (because of the default line) However, if a message is sent to user@mydomain3.com AND user2@mydomain3.com, neither message is scanned. If I alter the rule to include a YES statement for user2@mydomain3.com, it works as desired. I know the default rule is working as messages sent only to user2@domain3.com are scanned. Can anyone offer a reason for this and has anyone else seen this behaviour. Thanks Mark Waterhouse DFK Systems Limited ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Feb 4 11:43:16 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:26 2006 Subject: Mail unscanned when sent to multiple users Message-ID: Mark MS only checks the initial 'to' user, there's no way for it to resolve multiple 'to','cc','bcc' recipients and somehow figure out what it should do (ie for one user the result might need to be 'yes' and for another it might be 'no', so what should it do?). A way around this (if you're using sendmail or Exim) is to split the message into individual messages for the individual recipients then the rules are nice and simple. There's an exmaple of to setup sendmail and exim to do this in the Quarantine report MS addition at http://www.fsl.com/support/QuarantineReport.tar.gz From what I understand you can't do this with Postfix, but if anyone's figured it out please let the list know so Steve Swaney can update the Quarantine Report instructions.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Mark Waterhouse - Mailing Lists wrote: > I have MailScanner setup to scan multiple domains on one box and then feed > the resulting email to their destination server. > I also have MailScanner to selectively scan messages sent to domain users. > > I have spam/virus checking based upon a ruleset....domain.filter.rules > > I have set my rules up as > > FromOrTo: *@mydomain1.com no > FromOrTo: *@mydomain2.com yes > FromOrTo: user@mydomain3.com no > FromOrTo: default yes > > If a mail is sent to user@mydomain3.com, it isnt scanned.....desired > behaviour > If a mail is sent to user2@mydomain3.com, it is scanned....also desired > behaviour (because of the default line) > > However, if a message is sent to user@mydomain3.com AND > user2@mydomain3.com, > neither message is scanned. > > If I alter the rule to include a YES statement for user2@mydomain3.com, it > works as desired. > > I know the default rule is working as messages sent only to > user2@domain3.com are scanned. > > > Can anyone offer a reason for this and has anyone else seen this behaviour. > > Thanks > Mark Waterhouse > DFK Systems Limited > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at DFK-SYSTEMS.COM Fri Feb 4 11:51:24 2005 From: mailscanner at DFK-SYSTEMS.COM (Mark Waterhouse - Mailing Lists) Date: Thu Jan 12 21:28:26 2006 Subject: Mail unscanned when sent to multiple users Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Wow...surely the recipient lines could get split using some perl code and then the tests performed on that... ----- Original Message ----- From: "Martin Hepworth" To: Sent: Friday, February 04, 2005 11:43 AM Subject: Re: Mail unscanned when sent to multiple users > Mark > > MS only checks the initial 'to' user, there's no way for it to resolve > multiple 'to','cc','bcc' recipients and somehow figure out what it > should do (ie for one user the result might need to be 'yes' and for > another it might be 'no', so what should it do?). > > A way around this (if you're using sendmail or Exim) is to split the > message into individual messages for the individual recipients then the > rules are nice and simple. There's an exmaple of to setup sendmail and > exim to do this in the Quarantine report MS addition at > http://www.fsl.com/support/QuarantineReport.tar.gz > > From what I understand you can't do this with Postfix, but if anyone's > figured it out please let the list know so Steve Swaney can update the > Quarantine Report instructions.. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Mark Waterhouse - Mailing Lists wrote: >> I have MailScanner setup to scan multiple domains on one box and then >> feed >> the resulting email to their destination server. >> I also have MailScanner to selectively scan messages sent to domain >> users. >> >> I have spam/virus checking based upon a ruleset....domain.filter.rules >> >> I have set my rules up as >> >> FromOrTo: *@mydomain1.com no >> FromOrTo: *@mydomain2.com yes >> FromOrTo: user@mydomain3.com no >> FromOrTo: default yes >> >> If a mail is sent to user@mydomain3.com, it isnt scanned.....desired >> behaviour >> If a mail is sent to user2@mydomain3.com, it is scanned....also desired >> behaviour (because of the default line) >> >> However, if a message is sent to user@mydomain3.com AND >> user2@mydomain3.com, >> neither message is scanned. >> >> If I alter the rule to include a YES statement for user2@mydomain3.com, >> it >> works as desired. >> >> I know the default rule is working as messages sent only to >> user2@domain3.com are scanned. >> >> >> Can anyone offer a reason for this and has anyone else seen this >> behaviour. >> >> Thanks >> Mark Waterhouse >> DFK Systems Limited >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Fri Feb 4 11:52:57 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:28:26 2006 Subject: Mail unscanned when sent to multiple users Message-ID: Hi there, > > A way around this (if you're using sendmail or Exim) is to split the > message into individual messages for the individual recipients then the > rules are nice and simple. There's an exmaple of to setup sendmail and > exim to do this in the Quarantine report MS addition at > http://www.fsl.com/support/QuarantineReport.tar.gz > i mentioned this behaviour before, and shortly after that Julian fixed the Problem ;) this means, he wrote a workaround for sendmail, which splits the mails for each recipient itself. So i did not need to change a bit on my sendmail-conf itself. Maybe you should upgrade to some kind of more fresher version of MS? ;) Greetings Marcel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Feb 4 12:05:15 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:26 2006 Subject: Mail unscanned when sent to multiple users Message-ID: Mark See marcels email on this - can't see I saw anything in the change logs about this though.... Best for the MTA to do it currenly, unless Julian has any bright ideas when he gets back from holidays in a couple of weeks... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Mark Waterhouse - Mailing Lists wrote: > Wow...surely the recipient lines could get split using some perl code and > then the tests performed on that... > > ----- Original Message ----- > From: "Martin Hepworth" > To: > Sent: Friday, February 04, 2005 11:43 AM > Subject: Re: Mail unscanned when sent to multiple users > > >> Mark >> >> MS only checks the initial 'to' user, there's no way for it to resolve >> multiple 'to','cc','bcc' recipients and somehow figure out what it >> should do (ie for one user the result might need to be 'yes' and for >> another it might be 'no', so what should it do?). >> >> A way around this (if you're using sendmail or Exim) is to split the >> message into individual messages for the individual recipients then the >> rules are nice and simple. There's an exmaple of to setup sendmail and >> exim to do this in the Quarantine report MS addition at >> http://www.fsl.com/support/QuarantineReport.tar.gz >> >> From what I understand you can't do this with Postfix, but if anyone's >> figured it out please let the list know so Steve Swaney can update the >> Quarantine Report instructions.. >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >> Mark Waterhouse - Mailing Lists wrote: >> >>> I have MailScanner setup to scan multiple domains on one box and then >>> feed >>> the resulting email to their destination server. >>> I also have MailScanner to selectively scan messages sent to domain >>> users. >>> >>> I have spam/virus checking based upon a ruleset....domain.filter.rules >>> >>> I have set my rules up as >>> >>> FromOrTo: *@mydomain1.com no >>> FromOrTo: *@mydomain2.com yes >>> FromOrTo: user@mydomain3.com no >>> FromOrTo: default yes >>> >>> If a mail is sent to user@mydomain3.com, it isnt scanned.....desired >>> behaviour >>> If a mail is sent to user2@mydomain3.com, it is scanned....also desired >>> behaviour (because of the default line) >>> >>> However, if a message is sent to user@mydomain3.com AND >>> user2@mydomain3.com, >>> neither message is scanned. >>> >>> If I alter the rule to include a YES statement for user2@mydomain3.com, >>> it >>> works as desired. >>> >>> I know the default rule is working as messages sent only to >>> user2@domain3.com are scanned. >>> >>> >>> Can anyone offer a reason for this and has anyone else seen this >>> behaviour. >>> >>> Thanks >>> Mark Waterhouse >>> DFK Systems Limited >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> >> ********************************************************************** >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please notify >> the system manager. >> >> This footnote confirms that this email message has been swept >> for the presence of computer viruses and is believed to be clean. >> >> ********************************************************************** >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From carinus.carelse at MRC.AC.ZA Fri Feb 4 12:32:30 2005 From: carinus.carelse at MRC.AC.ZA (Carinus Carelse) Date: Thu Jan 12 21:28:26 2006 Subject: QuarantineReport Query Message-ID: I have just built my new MailScanner system with the new version of exim and I have everything working but everytime i try to release a message from the quarantine using the QuaratineReport utility I get the message below. Any help would be appreciated. Releasing email message 1CwbkG-0002j7-KK.mht to user@domain.com 1CwbkG-0002j7-KK.mht, user@domain.com, or 20050202 is not legitimate format! Carinus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Fri Feb 4 12:34:43 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:28:26 2006 Subject: High CPU load, RCPT TO: (solved) Message-ID: Hi there again, currently i am testing the IPBlock-Routine with MailScanner. Seems to do its job..but..(there is always a but, isnt it?) The Scripts changes the access.db directly.. but as i am using the access-file to create spam-protections also, i do edit the file access and then create the new access.db with makemap. So, if i do this, the entries created by mailscanner would be gone. Maybe it should be better, if the Routine would add those entries into the access-file, and then create the access.db on itself with the makemap command? As working with ViSpan for example.. So, every person just looking through the access-file would see and notice the change, and maybe could delete those entries on his/her own. Just my 2 cent.. Greetings Marcel PS: Julian..thanks for MailScanner again..and for the hidden routines ;) IPBlock seems to work though.. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Feb 4 12:42:05 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:26 2006 Subject: QuarantineReport Query Message-ID: Carinus .mht is an odd extension for Exim ... queue files are normall -D -H maybe it's an rfc-822 format with wierd extension. Maybe Mr Swaney can shed some like on the code??? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Carinus Carelse wrote: > I have just built my new MailScanner system with the new version of exim > > and I have everything working but everytime i try to release a message > from the quarantine using the QuaratineReport utility I get the message > below. Any help would be appreciated. > > Releasing email message 1CwbkG-0002j7-KK.mht to user@domain.com > > 1CwbkG-0002j7-KK.mht, user@domain.com, or 20050202 is not legitimate > format! > > > Carinus > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From carinus.carelse at MRC.AC.ZA Fri Feb 4 13:03:26 2005 From: carinus.carelse at MRC.AC.ZA (Carinus Carelse) Date: Thu Jan 12 21:28:26 2006 Subject: QuarantineReport Query Message-ID: i just had a look and it appears to only be a symbolic link to actual mail file in another directory. Carinus Martin Hepworth wrote: > Carinus > > .mht is an odd extension for Exim ... queue files are normall -D -H > > maybe it's an rfc-822 format with wierd extension. > > Maybe Mr Swaney can shed some like on the code??? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > Carinus Carelse wrote: > > I have just built my new MailScanner system with the new version of exim > > > > and I have everything working but everytime i try to release a message > > from the quarantine using the QuaratineReport utility I get the message > > below. Any help would be appreciated. > > > > Releasing email message 1CwbkG-0002j7-KK.mht to user@domain.com > > > > 1CwbkG-0002j7-KK.mht, user@domain.com, or 20050202 is not legitimate > > format! > > > > > > Carinus > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Fri Feb 4 14:25:24 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:28:26 2006 Subject: QuarantineReport Query Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Carinus Carelse > Sent: Friday, February 04, 2005 8:03 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: QuarantineReport Query > > i just had a look and it appears to only be a symbolic link to actual mail > file in another directory. > > Carinus > > > Martin Hepworth wrote: > > > Carinus > > > > .mht is an odd extension for Exim ... queue files are normall -D -H > > > > maybe it's an rfc-822 format with wierd extension. > > > > Maybe Mr Swaney can shed some like on the code??? > > Unfortunately my co-worker who wrote the code and I are very busy right now and not able to support the Quarantine report code as well as we would like to. There will probably be a rewrite later this month to add features but I know that the code we provide will only be supporting sendmail and Linux as that's what the majority of our customers use. If anyone wants to take on a project or work on versions for other MTAs or operating systems we'd be happy to work with them. Steve Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Feb 4 14:30:08 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:26 2006 Subject: QuarantineReport Query Message-ID: Stephen Swaney wrote: >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Carinus Carelse >>Sent: Friday, February 04, 2005 8:03 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: QuarantineReport Query >> >>i just had a look and it appears to only be a symbolic link to actual mail >>file in another directory. >> >>Carinus >> >> >>Martin Hepworth wrote: >> >> >>>Carinus >>> >>>.mht is an odd extension for Exim ... queue files are normall -D -H >>> >>>maybe it's an rfc-822 format with wierd extension. >>> >>>Maybe Mr Swaney can shed some like on the code??? >>> > > > Unfortunately my co-worker who wrote the code and I are very busy right now > and not able to support the Quarantine report code as well as we would like > to. > > There will probably be a rewrite later this month to add features but I know > that the code we provide will only be supporting sendmail and Linux as > that's what the majority of our customers use. > > If anyone wants to take on a project or work on versions for other MTAs or > operating systems we'd be happy to work with them. > > Steve > > Steve Swaney > President > Fortress Systems Ltd. > www.fsl.com > steve.swaney@fsl.com > Steve I think you need to alter the instructions etc in order to remove the comments about exim etc. I'd be willing to help with testing for Exim... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at DFK-SYSTEMS.COM Fri Feb 4 14:35:29 2005 From: mailscanner at DFK-SYSTEMS.COM (Mark Waterhouse - Mailing Lists) Date: Thu Jan 12 21:28:26 2006 Subject: Mail unscanned when sent to multiple users Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I'm actually running MS 4.37.7-1. I upgraded it on 01/27 and the problem is still there. I know there have been some releases since then but these, as Martin has stated, dont mention this change in the changelog. Mark ----- Original Message ----- From: "Martin Hepworth" To: Sent: Friday, February 04, 2005 12:05 PM Subject: Re: Mail unscanned when sent to multiple users > Mark > > See marcels email on this - can't see I saw anything in the change logs > about this though.... > > Best for the MTA to do it currenly, unless Julian has any bright ideas > when he gets back from holidays in a couple of weeks... > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Mark Waterhouse - Mailing Lists wrote: >> Wow...surely the recipient lines could get split using some perl code and >> then the tests performed on that... >> >> ----- Original Message ----- >> From: "Martin Hepworth" >> To: >> Sent: Friday, February 04, 2005 11:43 AM >> Subject: Re: Mail unscanned when sent to multiple users >> >> >>> Mark >>> >>> MS only checks the initial 'to' user, there's no way for it to resolve >>> multiple 'to','cc','bcc' recipients and somehow figure out what it >>> should do (ie for one user the result might need to be 'yes' and for >>> another it might be 'no', so what should it do?). >>> >>> A way around this (if you're using sendmail or Exim) is to split the >>> message into individual messages for the individual recipients then the >>> rules are nice and simple. There's an exmaple of to setup sendmail and >>> exim to do this in the Quarantine report MS addition at >>> http://www.fsl.com/support/QuarantineReport.tar.gz >>> >>> From what I understand you can't do this with Postfix, but if anyone's >>> figured it out please let the list know so Steve Swaney can update the >>> Quarantine Report instructions.. >>> >>> -- >>> Martin Hepworth >>> Snr Systems Administrator >>> Solid State Logic >>> Tel: +44 (0)1865 842300 >>> >>> >>> Mark Waterhouse - Mailing Lists wrote: >>> >>>> I have MailScanner setup to scan multiple domains on one box and then >>>> feed >>>> the resulting email to their destination server. >>>> I also have MailScanner to selectively scan messages sent to domain >>>> users. >>>> >>>> I have spam/virus checking based upon a ruleset....domain.filter.rules >>>> >>>> I have set my rules up as >>>> >>>> FromOrTo: *@mydomain1.com no >>>> FromOrTo: *@mydomain2.com yes >>>> FromOrTo: user@mydomain3.com no >>>> FromOrTo: default yes >>>> >>>> If a mail is sent to user@mydomain3.com, it isnt scanned.....desired >>>> behaviour >>>> If a mail is sent to user2@mydomain3.com, it is scanned....also desired >>>> behaviour (because of the default line) >>>> >>>> However, if a message is sent to user@mydomain3.com AND >>>> user2@mydomain3.com, >>>> neither message is scanned. >>>> >>>> If I alter the rule to include a YES statement for user2@mydomain3.com, >>>> it >>>> works as desired. >>>> >>>> I know the default rule is working as messages sent only to >>>> user2@domain3.com are scanned. >>>> >>>> >>>> Can anyone offer a reason for this and has anyone else seen this >>>> behaviour. >>>> >>>> Thanks >>>> Mark Waterhouse >>>> DFK Systems Limited >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> >>> ********************************************************************** >>> >>> This email and any files transmitted with it are confidential and >>> intended solely for the use of the individual or entity to whom they >>> are addressed. If you have received this email in error please notify >>> the system manager. >>> >>> This footnote confirms that this email message has been swept >>> for the presence of computer viruses and is believed to be clean. >>> >>> ********************************************************************** >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at DFK-SYSTEMS.COM Fri Feb 4 14:37:14 2005 From: mailscanner at DFK-SYSTEMS.COM (Mark Waterhouse - Mailing Lists) Date: Thu Jan 12 21:28:26 2006 Subject: Mail unscanned when sent to multiple users Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hang on....too many beers at lunch are kicking in here. My first post.... >>>> If a mail is sent to user@mydomain3.com, it isnt scanned.....desired >>>> behaviour >>>> If a mail is sent to user2@mydomain3.com, it is scanned....also desired >>>> behaviour (because of the default line) >>>> >>>> However, if a message is sent to user@mydomain3.com AND >>>> user2@mydomain3.com, >>>> neither message is scanned. >>>> >>>> If I alter the rule to include a YES statement for user2@mydomain3.com, >>>> it >>>> works as desired. >>>> So, by adding in the user in the domain.filter.rules file, it works.....isnt that what the default is supposed to do. Mark ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From carinus.carelse at MRC.AC.ZA Fri Feb 4 14:37:36 2005 From: carinus.carelse at MRC.AC.ZA (Carinus Carelse) Date: Thu Jan 12 21:28:26 2006 Subject: QuarantineReport Query Message-ID: Oh damn and I just got the exim to work and have been very impressed with it. I was hoping this was a quick fix. I can help with the testing for exim as well. It just seems to be expecting something that's not there. Maybe I could just then generate a list of emails that without the link in? Carinus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Fri Feb 4 14:49:51 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:28:26 2006 Subject: QuarantineReport Query Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Martin Hepworth > Sent: Friday, February 04, 2005 9:30 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: QuarantineReport Query > > Stephen Swaney wrote: > >>-----Original Message----- > >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > >>Behalf Of Carinus Carelse > >>Sent: Friday, February 04, 2005 8:03 AM > >>To: MAILSCANNER@JISCMAIL.AC.UK > >>Subject: Re: QuarantineReport Query > >> > >>i just had a look and it appears to only be a symbolic link to actual > mail > >>file in another directory. > >> > >>Carinus > >> > >> > >>Martin Hepworth wrote: > >> > >> > >>>Carinus > >>> > >>>.mht is an odd extension for Exim ... queue files are normall -D -H > >>> > >>>maybe it's an rfc-822 format with wierd extension. > >>> > >>>Maybe Mr Swaney can shed some like on the code??? > >>> > > > > > > Unfortunately my co-worker who wrote the code and I are very busy right > now > > and not able to support the Quarantine report code as well as we would > like > > to. > > > > There will probably be a rewrite later this month to add features but I > know > > that the code we provide will only be supporting sendmail and Linux as > > that's what the majority of our customers use. > > > > If anyone wants to take on a project or work on versions for other MTAs > or > > operating systems we'd be happy to work with them. > > > > Steve > > > > Steve Swaney > > President > > Fortress Systems Ltd. > > www.fsl.com > > steve.swaney@fsl.com > > > Steve > > I think you need to alter the instructions etc in order to remove the > comments about exim etc. > > I'd be willing to help with testing for Exim... Martin, Thanks for the offer as we have no Exim systems to test on. I have altered the instructions to say that. "--------------- ... the application is essentially unsupported code. Also note that these Instructions will apply only to sendmail, Red Hat and RH clone Linux systems. You will need to modify the installation, the scripts and modules to install on other operating systems or use with other MTAs." ---------------" We will be working on the code later this month and I will keep you up to date on events. BTW I have nothing against Exim and wish I had more time to become more conversant with it :) Regards, Steve Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Fri Feb 4 14:53:47 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:28:26 2006 Subject: QuarantineReport Query Message-ID: Hi there, > Oh damn and I just got the exim to work and have been very impressed with it. I > was hoping this was a quick fix. I can help with the testing for exim as well. It > just seems to be expecting something that's not there. Maybe I could just then > generate a list of emails that without the link in? > had the same problem..due to the fact, that the script is creating links to the original files but those files where not readable by the webserver. So, i just changed the code in LinkQuarantine from the ln -s into cp... then i had to change the group, which is in the original script apache i guess into the group the webserver is running with.. (on my site this is www) So, now the script copies the file to the dir, creates the report (remember to change the url in the File Emails.pm) and then the users are able to send the mail to themselve.. oh..you should not forget to say mailscanner (and spamassassin if you are calling it on yourself) not to scan mails coming from postmaster@yourlocalmaschine, as those mails will be send by postmaster...and else these mails would be caught as spam again ;) these where the steps i had to do on my system.. Greetings Marcel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Fri Feb 4 14:59:36 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:28:26 2006 Subject: Mail unscanned when sent to multiple users Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Mark Waterhouse - Mailing Lists > Sent: Friday, February 04, 2005 9:35 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Mail unscanned when sent to multiple users > > I'm actually running MS 4.37.7-1. I upgraded it on 01/27 and the problem > is > still there. I know there have been some releases since then but these, as > Martin has stated, dont mention this change in the changelog. > > Mark > > ----- Original Message ----- > From: "Martin Hepworth" > To: > Sent: Friday, February 04, 2005 12:05 PM > Subject: Re: Mail unscanned when sent to multiple users > > > > Mark > > > > See marcels email on this - can't see I saw anything in the change logs > > about this though.... > > > > Best for the MTA to do it currenly, unless Julian has any bright ideas > > when he gets back from holidays in a couple of weeks... > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > The code that Julian added a while back was to support the: Use Default Rules With Multiple Recipients = no Configuration Value. I quote below from MailScanner.conf: "------------ # When trying to work out the value of configuration parameters which are # using a ruleset, this controls the behaviour when a rule is checking the # "To:" addresses. # If this option is set to "yes", then the following happens when checking # the ruleset: # a) 1 recipient. Same behaviour as normal. # b) Several recipients, but all in the same domain (domain.com for example). # The rules are checked for one that matches the string "*@domain.com". # c) Several recipients, not all in the same domain. # The rules are checked for one that matches the string "*@*". # # If this option is set to "no", then some rules will use the result they # get from the first matching rule for any of the recipients of a message, # so the exact value cannot be predicted for messages with more than 1 # recipient. # # This value *cannot* be the filename of a ruleset. Use Default Rules With Multiple Recipients = no ------------" Since: 1. I'm pretty sure that Julian regards the splitting of email to multiple recipients into individual messages should be the task of the MTA. 2. From previous threads on this topic I'm pretty sure that Postfix can perform this task and I know that Sendmail and Exim can do this. I wouldn't expect that this will become a MailScanner feature. Be aware that splitting email to multiple recipients into individual messages can add substantially to your gateway load. I've seen reports of +30% load imposed by adding this feature. Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com > > Mark Waterhouse - Mailing Lists wrote: > >> Wow...surely the recipient lines could get split using some perl code > and > >> then the tests performed on that... > >> > >> ----- Original Message ----- > >> From: "Martin Hepworth" > >> To: > >> Sent: Friday, February 04, 2005 11:43 AM > >> Subject: Re: Mail unscanned when sent to multiple users > >> > >> > >>> Mark > >>> > >>> MS only checks the initial 'to' user, there's no way for it to resolve > >>> multiple 'to','cc','bcc' recipients and somehow figure out what it > >>> should do (ie for one user the result might need to be 'yes' and for > >>> another it might be 'no', so what should it do?). > >>> > >>> A way around this (if you're using sendmail or Exim) is to split the > >>> message into individual messages for the individual recipients then > the > >>> rules are nice and simple. There's an exmaple of to setup sendmail and > >>> exim to do this in the Quarantine report MS addition at > >>> http://www.fsl.com/support/QuarantineReport.tar.gz > >>> > >>> From what I understand you can't do this with Postfix, but if anyone's > >>> figured it out please let the list know so Steve Swaney can update the > >>> Quarantine Report instructions.. > >>> > >>> -- > >>> Martin Hepworth > >>> Snr Systems Administrator > >>> Solid State Logic > >>> Tel: +44 (0)1865 842300 > >>> > >>> > >>> Mark Waterhouse - Mailing Lists wrote: > >>> > >>>> I have MailScanner setup to scan multiple domains on one box and then > >>>> feed > >>>> the resulting email to their destination server. > >>>> I also have MailScanner to selectively scan messages sent to domain > >>>> users. > >>>> > >>>> I have spam/virus checking based upon a > ruleset....domain.filter.rules > >>>> > >>>> I have set my rules up as > >>>> > >>>> FromOrTo: *@mydomain1.com no > >>>> FromOrTo: *@mydomain2.com yes > >>>> FromOrTo: user@mydomain3.com no > >>>> FromOrTo: default yes > >>>> > >>>> If a mail is sent to user@mydomain3.com, it isnt scanned.....desired > >>>> behaviour > >>>> If a mail is sent to user2@mydomain3.com, it is scanned....also > desired > >>>> behaviour (because of the default line) > >>>> > >>>> However, if a message is sent to user@mydomain3.com AND > >>>> user2@mydomain3.com, > >>>> neither message is scanned. > >>>> > >>>> If I alter the rule to include a YES statement for > user2@mydomain3.com, > >>>> it > >>>> works as desired. > >>>> > >>>> I know the default rule is working as messages sent only to > >>>> user2@domain3.com are scanned. > >>>> > >>>> > >>>> Can anyone offer a reason for this and has anyone else seen this > >>>> behaviour. > >>>> > >>>> Thanks > >>>> Mark Waterhouse > >>>> DFK Systems Limited > >>>> > >>>> ------------------------ MailScanner list ------------------------ > >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>> 'leave mailscanner' in the body of the email. > >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>>> > >>>> Support MailScanner development - buy the book off the website! > >>> > >>> > >>> ********************************************************************** > >>> > >>> This email and any files transmitted with it are confidential and > >>> intended solely for the use of the individual or entity to whom they > >>> are addressed. If you have received this email in error please notify > >>> the system manager. > >>> > >>> This footnote confirms that this email message has been swept > >>> for the presence of computer viruses and is believed to be clean. > >>> > >>> ********************************************************************** > >>> > >>> ------------------------ MailScanner list ------------------------ > >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>> 'leave mailscanner' in the body of the email. > >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>> > >>> Support MailScanner development - buy the book off the website! > >>> > >> > >> ------------------------ MailScanner list ------------------------ > >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >> 'leave mailscanner' in the body of the email. > >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >> Support MailScanner development - buy the book off the website! > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From carinus.carelse at MRC.AC.ZA Fri Feb 4 14:59:31 2005 From: carinus.carelse at MRC.AC.ZA (Carinus Carelse) Date: Thu Jan 12 21:28:26 2006 Subject: QuarantineReport Query Message-ID: Marcel you are my hero. Just a quick one when yo say the original script where you changed the user which one do you mean? Carinus Marcel Blenkers wrote: > Hi there, > > > Oh damn and I just got the exim to work and have been very impressed with it. I > > was hoping this was a quick fix. I can help with the testing for exim as well. It > > just seems to be expecting something that's not there. Maybe I could just then > > generate a list of emails that without the link in? > > > had the same problem..due to the fact, that the script is creating links > to the original files but those files where not readable by the webserver. > > So, i just changed the code in LinkQuarantine from the ln -s into cp... > > then i had to change the group, which is in the original script apache i > guess into the group the webserver is running with.. (on my site this is > www) > > So, now the script copies the file to the dir, creates the report > (remember to change the url in the File Emails.pm) and then the users are > able to send the mail to themselve.. > > oh..you should not forget to say mailscanner (and spamassassin if you are > calling it on yourself) not to scan mails coming from > postmaster@yourlocalmaschine, as those mails will be send by > postmaster...and else these mails would be caught as spam again ;) > > these where the steps i had to do on my system.. > > Greetings > > Marcel > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MHewryk at SYMCOR.COM Fri Feb 4 15:18:31 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:26 2006 Subject: SA socres check Message-ID: Would somebody confirm the scores for the spam below? What was your score? "not spam, SpamAssassin (score=4.278, required 4.9, autolearn=spam, BAYES_00 -2.60, PYZOR_CHECK 3.45, RCVD_HELO_IP_MISMATCH 2.18, RCVD_NUMERIC_HELO 1.25)" Thanks, Magda Hewryk -------------------------------- Mid-Range Systems 905-273-1637 (Office) 416-554-0743 (Cell) ----- Forwarded by Magdalena Hewryk/TOR/SYM on 02/04/2005 10:16 AM ----- "Christoper Mccain" cc 02/04/2005 09:09 AM Subject Technica| p|ay in m0tiOn 0n penny st0ck THIS STOCK IS UNDISCOVERED STOCK GEM - Just starting to trade Millennium National Events, Inc. - Symbol: MNEI Millenniums current roster of event sponsors inc|udes such names as: WM Wrig|ey, American Express, Office Depot, Verizon, Ita|ian Rose, TWA, Power Sports, Pizza Hut, Coca-Cola, Samuel Adams, C|ear Channe| Communications, Viacom, Infinity Broadcasting, Budweiser, COX Broadcasting, NBC |ocal affiliates, Brown Foreman (Jack Danie|s), Southern Wine & Spirits, Viking Ovens and Bergwater Vineyards. And just read the News... Read the entire news be|ow NEWS>>>..Mi||ennium announced that it has entered into an agreement to acquire al| of the outstanding shares of Mi||ennium National Imports, Inc., a Texas Company. Yes you read it right - this is serious company with some serious business Symbo|: MNEI Current Price: $0.45 1-2 weeks specu|ative targer price: SKY IS THE LIMIT ON THIS STOCK $2-3 is real|y possibe (if you look at |eve|2 you wi|| see why) Mi||ennium Nationa| Events, Inc. (MNEI) is an event company that is currently transforming the wor|d of specia| events and corporate sponsorship. The Company is a fu||y integrated event promoter which owns, partially or entire|y, and/or operates a diversified network of events and event promoters in the states of F|orida, New York, Indiana, Colorado, California and Washington DC. Through its diverse segments, Mi||ennium's footprint is expanding in live entertainment, including sports and music. While Mi|lennium Nationa| Events owns and is constant|y acquiring existing events, our upcoming ca|endar inc|udes events with IMG, Clear Channe|, SFX, the ATP, NFL, PGA, LPGA, and NASCAR. Symbol: MNEI Current Price: $O.45 1-2 weeks speculative targer price: SKY IS THE LIMIT ON THIS STOCK $2-3 is rea||y possibe (if you |ook at leve|2 you wil| see why) NEWS DELRAY BEACH, Fla., Jan 21 /PRNewswire-FirstCa|l/ -- Mil|ennium National Events (OTC Pink Sheets: MNEI) today announced that it has entered into negotiations to acquire al| or part of a working interest in Match Point, Inc., the owner of the ATP sanctioned event known as the Mi||ennium Internationa| Tennis Tournament. Millennium earlier became the title sponsor of the Match Point, Inc. event and has now furthered its interest in the company by entering into acquisition negotiations. Both |ocal Delray Beach-based companies cou|d integrate the two entities. "Basical|y we're both from the same industry, and together I believe we cou|d be bigger and accomp|ish more than as stand-alone companies," said Robert McAl|ister, CEO & President of Mi||ennium National Events. Mark Baron, President of Match Point, Inc., says of the negotiations, "We are considering Millennium's offers and be|ieve that there cou|d be a possib|e f i t here for our company and our share holders." McA||ister also fee|s the purchase of Match Point is a good move for both Mi|lennium shareholders and Match Point. "This acquisition is consistent with our overa|| business plan. It has a|ways been our intent to target and acquire successful, high-profi|e events and their promoters; we've had our eye on Match Point for a|most one year now. Consolidation is the key, not only to our bottom line, but also to the success of each individua| event." Exact terms have been not yet been announced, but Mi|lennium sees the Match Point acquisition ultimate|y being ab|e to bring net revenues to MNEI's bottom |ine. MNEI sees both the internationa| te|evision audience and the ability to attract a Fortune 5O0 as a potentia| source of even greater, and as of yet, untapped revenue. McAl|ister expects the dea| to be consummated in this quarter. The ATP tournament is being held Jan. 31 - Feb. 6 at the Delray Beach Tennis Center. The draw for the 13th annual Millennium ITC inc|udes top Americans Vince Spadea, current|y No. 19 in the world, two-time ITC champion Jan-Michael Gambil| and James Blake. Also entered in the tournament are Jiri Novak (Czech Republic), current|y at No. 25, two-time Mil|ennium ITC fina|ist Xavier Malisse (Belgium) and defending champion Ricardo Me||o (Brazi|). The tournament stil| ho|ds two wildcards that can be offered to other top p|ayers in the weeks |eading up to the event. read this |ega| info Information within this emai| contains "forward |ooking statements" within the meaning of Section 27A of the Securities Act of 1933 and Section 21B of the Securities Exchange Act of 1934. Any statements that express or invo|ve discussions with respect to predictions, goa|s, expectations, be|iefs, p|ans, projections, objectives, assumptions or future events or performance are not statements of historica| fact and may be "forward looking statements." Forward |ooking statements are based on expectations, estimates and projections at the time the statements are made that involve a number of risks and uncertainties which cou|d cause actual results or events to differ material|y from those present|y anticipated. Forward |ooking statements in this action may be identified through the use of words such as: "projects", "foresee", "expects", "estimates," "believes," "understands" "will," "part of: "anticipates," or that by statements indicating certain actions "may," "cou|d," or "might" occur. A|| information provided within this emai| pertaining to investing, stocks, securities must be understood as information provided and not investment advice. Emerging Equity A|ert advises all readers and subscribers to seek advice from a registered professiona| securities representative before deciding to trade in stocks featured within this emai|. None of the material within this report sha|l be construed as any kind of investment advice. P|ease have in mind that the interpretation of the witer of this news|etter about the news pub|ished by the company does not represent the company officia| statement and in fact may differ from the rea| meaning of what the news re|ease meant to say. Look the news release by yourse|f and judge by yourse|f about the details in it.

In compliance with Section 17(b), we disc|ose the ho|ding of MNEI shares prior to the publication of this report. Be aware of an inherent conf|ict of interest resulting from such holdings due to our intent to profit from the |iquidation of these shares. Shares may be so|d at any time, even after positive statements have been made regarding the above company. Since we own shares, there is an inherent conflict of interest in our statements and opinions. Readers of this pub|ication are cautioned not to place undue reliance on forward-looking statements, which are based on certain assumptions and expectations involving various risks and uncertainties, that cou|d cause results to differ material|y from those set forth in the forward- |ooking statements. Please be advised that nothing within this emai| sha|l constitute a solicitation or an invitation to get position in or se|l any security mentioned herein. This newsletter is neither a registered investment advisor nor affiliated with any broker or dealer. This news|etter was paid $52600 from third party to send this report. Al| statements made are our express opinion on|y and shou|d be treated as such. We may own, take position and sell any securities mentioned at any time. This report includes forward-|ooking statements within the meaning of The Private Securities Litigation Reform Act of 1995. These statements may inc|ude terms as "expect", "believe", "may", "wi||", "move","underva|ued" and "intend" or simi|ar terms. If you wish to stop future mailings, or if you feel you have been wrongfu|ly p|aced in our list, p|ease go here (-stox0011@yahoo.com-) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Feb 4 15:25:47 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:26 2006 Subject: SA socres check Message-ID: Magda lots.. 46.8 Spam Report: 0.00 BAYES_50 Bayesian spam probability is 40 to 60% 2.29 BIZ_TLD Contains an URL in the BIZ top-level domain 3.02 FB_FORWARD 0.50 FB_INVEST_ADVICE 1.20 FB_ST0CK 1.10 FM_MULTI_ODD2 1.40 FU_TLD_BIZ 0.60 J_CHICKENPOX_12 {1}Letter - punctuation - {2}Letter 0.60 J_CHICKENPOX_13 {1}Letter - punctuation - {3}Letter 0.60 J_CHICKENPOX_14 {1}Letter - punctuation - {4}Letter 0.60 J_CHICKENPOX_15 {1}Letter - punctuation - {5}Letter 0.60 J_CHICKENPOX_21 {2}Letter - punctuation - {1}Letter 0.60 J_CHICKENPOX_22 {2}Letter - punctuation - {2}Letter 0.60 J_CHICKENPOX_24 {2}Letter - punctuation - {4}Letter 0.60 J_CHICKENPOX_25 {2}Letter - punctuation - {5}Letter 0.60 J_CHICKENPOX_27 {2}Letter - punctuation - {7}Letter 0.60 J_CHICKENPOX_31 {3}Letter - punctuation - {1}Letter 0.60 J_CHICKENPOX_33 {3}Letter - punctuation - {3}Letter 0.60 J_CHICKENPOX_34 {3}Letter - punctuation - {4}Letter 0.60 J_CHICKENPOX_35 {3}Letter - punctuation - {5}Letter 0.60 J_CHICKENPOX_36 {3}Letter - punctuation - {6}Letter 0.60 J_CHICKENPOX_37 {3}Letter - punctuation - {7}Letter 0.60 J_CHICKENPOX_41 {4}Letter - punctuation - {1}Letter 0.60 J_CHICKENPOX_42 {4}Letter - punctuation - {2}Letter 0.60 J_CHICKENPOX_43 {4}Letter - punctuation - {3}Letter 0.60 J_CHICKENPOX_45 {4}Letter - punctuation - {5}Letter 0.60 J_CHICKENPOX_55 {5}Letter - punctuation - {5}Letter 0.60 J_CHICKENPOX_61 {6}Letter - punctuation - {1}Letter 0.60 J_CHICKENPOX_63 {6}Letter - punctuation - {3}Letter 0.60 J_CHICKENPOX_71 {7}Letter - punctuation - {1}Letter 0.60 J_CHICKENPOX_72 {7}Letter - punctuation - {2}Letter 0.60 J_CHICKENPOX_81 {8}Letter - punctuation - {1}Letter 2.30 MANGLED_BELOW mangled below 2.30 MANGLED_FULL mangled full 2.30 MANGLED_LIST mangled list 2.30 MANGLED_LOW mangled low 2.30 MANGLED_OFF mangled off 2.30 MANGLED_PLEASE mangled please 2.30 MANGLED_REALLY mangled really 2.30 MANGLED_SPCALS mangled special(s) 2.30 MANGLED_STOCK mangled stock(s) 1.67 SARE_FWDLOOK Forward looking statements about stocks -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Magda Hewryk wrote: > Would somebody confirm the scores for the spam below? What was your score? > > "not spam, SpamAssassin (score=4.278, required 4.9, autolearn=spam, > BAYES_00 -2.60, PYZOR_CHECK 3.45, RCVD_HELO_IP_MISMATCH 2.18, > RCVD_NUMERIC_HELO 1.25)" > > > > Thanks, > > Magda Hewryk > -------------------------------- > Mid-Range Systems > 905-273-1637 (Office) > 416-554-0743 (Cell) > ----- Forwarded by Magdalena Hewryk/TOR/SYM on 02/04/2005 10:16 AM ----- > > "Christoper > Mccain" > .com> > cc > 02/04/2005 09:09 > AM Subject > Technica| p|ay in m0tiOn 0n penny > st0ck > > > > > > > > > > > THIS STOCK IS UNDISCOVERED STOCK GEM - Just starting to trade > > > Millennium National Events, Inc. - Symbol: MNEI > > Millenniums current roster of event sponsors inc|udes such names as: WM > Wrig|ey, American Express, Office Depot, Verizon, Ita|ian Rose, TWA, > Power Sports, Pizza Hut, Coca-Cola, Samuel Adams, C|ear Channe| > Communications, Viacom, Infinity Broadcasting, Budweiser, COX > Broadcasting, NBC > |ocal affiliates, Brown Foreman (Jack Danie|s), Southern Wine & > Spirits, Viking Ovens and Bergwater Vineyards. > > > And just read the News... Read the entire news be|ow > > NEWS>>>..Mi||ennium announced that it has entered into an agreement to > acquire > al| of the outstanding shares of Mi||ennium National Imports, Inc., a > Texas Company. > > > Yes you read it right - this is serious company with some serious > business > > > Symbo|: MNEI > Current Price: $0.45 > 1-2 weeks specu|ative targer price: SKY IS THE LIMIT ON THIS STOCK $2-3 > is real|y > possibe (if you look at |eve|2 you wi|| see why) > > > Mi||ennium Nationa| Events, Inc. (MNEI) is an event company that is > currently transforming the wor|d of specia| events and corporate > sponsorship. The Company is a fu||y integrated event promoter which > owns, > partially or entire|y, and/or operates a diversified network of events > and > event promoters in the states of F|orida, New York, Indiana, Colorado, > California and Washington DC. > > Through its diverse segments, Mi||ennium's footprint is expanding in > live entertainment, including sports and music. While Mi|lennium > Nationa| > Events owns and is constant|y acquiring existing events, our upcoming > ca|endar inc|udes events with IMG, Clear Channe|, SFX, the ATP, NFL, > PGA, LPGA, and NASCAR. > > > Symbol: MNEI > Current Price: $O.45 > 1-2 weeks speculative targer price: SKY IS THE LIMIT ON THIS STOCK $2-3 > is rea||y > possibe (if you |ook at leve|2 you wil| see why) > > > NEWS > > DELRAY BEACH, Fla., Jan 21 /PRNewswire-FirstCa|l/ -- Mil|ennium > National Events (OTC Pink Sheets: MNEI) today announced that it has > entered > into negotiations to acquire al| or part of a working interest in Match > Point, Inc., the owner of the ATP sanctioned event known as the > Mi||ennium Internationa| Tennis Tournament. > > > Millennium earlier became the title sponsor of the Match Point, Inc. > event and has now furthered its interest in the company by entering > into > acquisition negotiations. > > Both |ocal Delray Beach-based companies cou|d integrate the two > entities. "Basical|y we're both from the same industry, and together I > believe > we cou|d be bigger and accomp|ish more than as stand-alone companies," > said Robert McAl|ister, CEO & President of Mi||ennium National Events. > > Mark Baron, President of Match Point, Inc., says of the negotiations, > "We are considering Millennium's offers and be|ieve that there cou|d be > a possib|e f i t here for our company and our share holders." > > McA||ister also fee|s the purchase of Match Point is a good move for > both Mi|lennium shareholders and Match Point. "This acquisition is > consistent with our overa|| business plan. It has a|ways been our > intent to > target and acquire successful, high-profi|e events and their promoters; > we've had our eye on Match Point for a|most one year now. Consolidation > is the key, not only to our bottom line, but also to the success of > each individua| event." > > Exact terms have been not yet been announced, but Mi|lennium sees the > Match Point acquisition ultimate|y being ab|e to bring net revenues to > MNEI's bottom |ine. > > MNEI sees both the internationa| te|evision audience and the ability to > attract a Fortune 5O0 as a potentia| source of even greater, and as of > yet, untapped revenue. McAl|ister expects the dea| to be consummated in > this quarter. > > The ATP tournament is being held Jan. 31 - Feb. 6 at the Delray Beach > Tennis Center. The draw for the 13th annual Millennium ITC inc|udes top > Americans Vince Spadea, current|y No. 19 in the world, two-time ITC > champion Jan-Michael Gambil| and James Blake. Also entered in the > tournament are Jiri Novak (Czech Republic), current|y at No. 25, > two-time > Mil|ennium ITC fina|ist Xavier Malisse (Belgium) and defending champion > Ricardo Me||o (Brazi|). The tournament stil| ho|ds two wildcards that > can > be offered to other top p|ayers in the weeks |eading up to the event. > > > > read this |ega| info > > Information within this emai| contains "forward |ooking statements" > within the meaning of Section 27A of the Securities Act of 1933 and > Section 21B of the Securities Exchange Act of 1934. Any statements that > express or invo|ve discussions with respect to predictions, goa|s, > expectations, be|iefs, p|ans, projections, objectives, assumptions or > future > events or performance are not statements of historica| fact and may be > "forward looking statements." Forward |ooking statements are based on > expectations, estimates and projections at the time the statements are > made > that involve a number of risks and uncertainties which cou|d cause > actual results or events to differ material|y from those present|y > anticipated. Forward |ooking statements in this action may be > identified > through the use of words such as: "projects", "foresee", "expects", > "estimates," "believes," "understands" "will," "part of: "anticipates," > or that > by statements indicating certain actions "may," "cou|d," or "might" > occur. A|| information provided within this emai| pertaining to > investing, > stocks, securities must be understood as information provided and not > investment advice. Emerging Equity A|ert advises all readers and > subscribers to seek advice from a registered professiona| securities > representative before deciding to trade in stocks featured within this > emai|. > None of the material within this report sha|l be construed as any kind > of > investment advice. P|ease have in mind that the interpretation of the > witer of this news|etter about the news pub|ished by the company does > not represent the company officia| statement and in fact may differ > from > the rea| meaning of what the news re|ease meant to say. Look the news > release by yourse|f and judge by yourse|f about the details in it.

> > In compliance with Section 17(b), we disc|ose the ho|ding of MNEI > shares prior to the publication of this report. Be aware of an inherent > conf|ict of interest resulting from such holdings due to our intent to > profit from the |iquidation of these shares. Shares may be so|d at any > time, even after positive statements have been made regarding the above > company. Since we own shares, there is an inherent conflict of interest > in > our statements and opinions. Readers of this pub|ication are cautioned > not to place undue reliance on forward-looking statements, which are > based on certain assumptions and expectations involving various risks > and > uncertainties, that cou|d cause results to differ material|y from those > set forth in the forward- |ooking statements. > > Please be advised that nothing within this emai| sha|l constitute a > solicitation or an invitation to get position in or se|l any security > mentioned herein. This newsletter is neither a registered investment > advisor nor affiliated with any broker or dealer. This news|etter was > paid > $52600 from third party to send this report. Al| statements made are > our > express opinion on|y and shou|d be treated as such. We may own, take > position and sell any securities mentioned at any time. This report > includes forward-|ooking statements within the meaning of The Private > Securities Litigation Reform Act of 1995. These statements may inc|ude > terms > as "expect", "believe", "may", "wi||", "move","underva|ued" and > "intend" or simi|ar terms. > > > If you wish to stop future mailings, or if you feel you have been > wrongfu|ly p|aced in our list, p|ease go here > (-stox0011@yahoo.com-) > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Fri Feb 4 15:44:12 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:28:26 2006 Subject: SA socres check Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin, Are the rules you have available somewhere for download? I could use some more rules to add to my SA install. Thanks, Rodney Martin Hepworth wrote: > Magda > > lots.. > > 46.8 > > Spam Report: > 0.00 BAYES_50 Bayesian spam probability is 40 to 60% > 2.29 BIZ_TLD Contains an URL in the BIZ top-level domain > 3.02 FB_FORWARD > 0.50 FB_INVEST_ADVICE > 1.20 FB_ST0CK > 1.10 FM_MULTI_ODD2 > 1.40 FU_TLD_BIZ > 0.60 J_CHICKENPOX_12 {1}Letter - punctuation - {2}Letter > 0.60 J_CHICKENPOX_13 {1}Letter - punctuation - {3}Letter > 0.60 J_CHICKENPOX_14 {1}Letter - punctuation - {4}Letter > 0.60 J_CHICKENPOX_15 {1}Letter - punctuation - {5}Letter > 0.60 J_CHICKENPOX_21 {2}Letter - punctuation - {1}Letter > 0.60 J_CHICKENPOX_22 {2}Letter - punctuation - {2}Letter > 0.60 J_CHICKENPOX_24 {2}Letter - punctuation - {4}Letter > 0.60 J_CHICKENPOX_25 {2}Letter - punctuation - {5}Letter > 0.60 J_CHICKENPOX_27 {2}Letter - punctuation - {7}Letter > 0.60 J_CHICKENPOX_31 {3}Letter - punctuation - {1}Letter > 0.60 J_CHICKENPOX_33 {3}Letter - punctuation - {3}Letter > 0.60 J_CHICKENPOX_34 {3}Letter - punctuation - {4}Letter > 0.60 J_CHICKENPOX_35 {3}Letter - punctuation - {5}Letter > 0.60 J_CHICKENPOX_36 {3}Letter - punctuation - {6}Letter > 0.60 J_CHICKENPOX_37 {3}Letter - punctuation - {7}Letter > 0.60 J_CHICKENPOX_41 {4}Letter - punctuation - {1}Letter > 0.60 J_CHICKENPOX_42 {4}Letter - punctuation - {2}Letter > 0.60 J_CHICKENPOX_43 {4}Letter - punctuation - {3}Letter > 0.60 J_CHICKENPOX_45 {4}Letter - punctuation - {5}Letter > 0.60 J_CHICKENPOX_55 {5}Letter - punctuation - {5}Letter > 0.60 J_CHICKENPOX_61 {6}Letter - punctuation - {1}Letter > 0.60 J_CHICKENPOX_63 {6}Letter - punctuation - {3}Letter > 0.60 J_CHICKENPOX_71 {7}Letter - punctuation - {1}Letter > 0.60 J_CHICKENPOX_72 {7}Letter - punctuation - {2}Letter > 0.60 J_CHICKENPOX_81 {8}Letter - punctuation - {1}Letter > 2.30 MANGLED_BELOW mangled below > 2.30 MANGLED_FULL mangled full > 2.30 MANGLED_LIST mangled list > 2.30 MANGLED_LOW mangled low > 2.30 MANGLED_OFF mangled off > 2.30 MANGLED_PLEASE mangled please > 2.30 MANGLED_REALLY mangled really > 2.30 MANGLED_SPCALS mangled special(s) > 2.30 MANGLED_STOCK mangled stock(s) > 1.67 SARE_FWDLOOK Forward looking statements about stocks > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Magda Hewryk wrote: > >> Would somebody confirm the scores for the spam below? What was your >> score? >> >> "not spam, SpamAssassin (score=4.278, required 4.9, autolearn=spam, >> BAYES_00 -2.60, PYZOR_CHECK 3.45, RCVD_HELO_IP_MISMATCH 2.18, >> RCVD_NUMERIC_HELO 1.25)" >> >> >> >> Thanks, >> >> Magda Hewryk >> -------------------------------- >> Mid-Range Systems >> 905-273-1637 (Office) >> 416-554-0743 (Cell) >> ----- Forwarded by Magdalena Hewryk/TOR/SYM on 02/04/2005 10:16 AM ----- >> >> "Christoper >> Mccain" >> >> > .com> >> >> cc >> 02/04/2005 09:09 >> AM >> Subject >> Technica| p|ay in m0tiOn 0n penny >> st0ck >> >> >> >> >> >> >> >> >> >> >> THIS STOCK IS UNDISCOVERED STOCK GEM - Just starting to trade >> >> >> Millennium National Events, Inc. - Symbol: MNEI >> >> Millenniums current roster of event sponsors inc|udes such names as: WM >> Wrig|ey, American Express, Office Depot, Verizon, Ita|ian Rose, TWA, >> Power Sports, Pizza Hut, Coca-Cola, Samuel Adams, C|ear Channe| >> Communications, Viacom, Infinity Broadcasting, Budweiser, COX >> Broadcasting, NBC >> |ocal affiliates, Brown Foreman (Jack Danie|s), Southern Wine & >> Spirits, Viking Ovens and Bergwater Vineyards. >> >> >> And just read the News... Read the entire news be|ow >> >> NEWS>>>..Mi||ennium announced that it has entered into an agreement to >> acquire >> al| of the outstanding shares of Mi||ennium National Imports, Inc., a >> Texas Company. >> >> >> Yes you read it right - this is serious company with some serious >> business >> >> >> Symbo|: MNEI >> Current Price: $0.45 >> 1-2 weeks specu|ative targer price: SKY IS THE LIMIT ON THIS STOCK $2-3 >> is real|y >> possibe (if you look at |eve|2 you wi|| see why) >> >> >> Mi||ennium Nationa| Events, Inc. (MNEI) is an event company that is >> currently transforming the wor|d of specia| events and corporate >> sponsorship. The Company is a fu||y integrated event promoter which >> owns, >> partially or entire|y, and/or operates a diversified network of events >> and >> event promoters in the states of F|orida, New York, Indiana, Colorado, >> California and Washington DC. >> >> Through its diverse segments, Mi||ennium's footprint is expanding in >> live entertainment, including sports and music. While Mi|lennium >> Nationa| >> Events owns and is constant|y acquiring existing events, our upcoming >> ca|endar inc|udes events with IMG, Clear Channe|, SFX, the ATP, NFL, >> PGA, LPGA, and NASCAR. >> >> >> Symbol: MNEI >> Current Price: $O.45 >> 1-2 weeks speculative targer price: SKY IS THE LIMIT ON THIS STOCK $2-3 >> is rea||y >> possibe (if you |ook at leve|2 you wil| see why) >> >> >> NEWS >> >> DELRAY BEACH, Fla., Jan 21 /PRNewswire-FirstCa|l/ -- Mil|ennium >> National Events (OTC Pink Sheets: MNEI) today announced that it has >> entered >> into negotiations to acquire al| or part of a working interest in Match >> Point, Inc., the owner of the ATP sanctioned event known as the >> Mi||ennium Internationa| Tennis Tournament. >> >> >> Millennium earlier became the title sponsor of the Match Point, Inc. >> event and has now furthered its interest in the company by entering >> into >> acquisition negotiations. >> >> Both |ocal Delray Beach-based companies cou|d integrate the two >> entities. "Basical|y we're both from the same industry, and together I >> believe >> we cou|d be bigger and accomp|ish more than as stand-alone companies," >> said Robert McAl|ister, CEO & President of Mi||ennium National Events. >> >> Mark Baron, President of Match Point, Inc., says of the negotiations, >> "We are considering Millennium's offers and be|ieve that there cou|d be >> a possib|e f i t here for our company and our share holders." >> >> McA||ister also fee|s the purchase of Match Point is a good move for >> both Mi|lennium shareholders and Match Point. "This acquisition is >> consistent with our overa|| business plan. It has a|ways been our >> intent to >> target and acquire successful, high-profi|e events and their promoters; >> we've had our eye on Match Point for a|most one year now. Consolidation >> is the key, not only to our bottom line, but also to the success of >> each individua| event." >> >> Exact terms have been not yet been announced, but Mi|lennium sees the >> Match Point acquisition ultimate|y being ab|e to bring net revenues to >> MNEI's bottom |ine. >> >> MNEI sees both the internationa| te|evision audience and the ability to >> attract a Fortune 5O0 as a potentia| source of even greater, and as of >> yet, untapped revenue. McAl|ister expects the dea| to be consummated in >> this quarter. >> >> The ATP tournament is being held Jan. 31 - Feb. 6 at the Delray Beach >> Tennis Center. The draw for the 13th annual Millennium ITC inc|udes top >> Americans Vince Spadea, current|y No. 19 in the world, two-time ITC >> champion Jan-Michael Gambil| and James Blake. Also entered in the >> tournament are Jiri Novak (Czech Republic), current|y at No. 25, >> two-time >> Mil|ennium ITC fina|ist Xavier Malisse (Belgium) and defending champion >> Ricardo Me||o (Brazi|). The tournament stil| ho|ds two wildcards that >> can >> be offered to other top p|ayers in the weeks |eading up to the event. >> >> >> >> read this |ega| info >> >> Information within this emai| contains "forward |ooking statements" >> within the meaning of Section 27A of the Securities Act of 1933 and >> Section 21B of the Securities Exchange Act of 1934. Any statements that >> express or invo|ve discussions with respect to predictions, goa|s, >> expectations, be|iefs, p|ans, projections, objectives, assumptions or >> future >> events or performance are not statements of historica| fact and may be >> "forward looking statements." Forward |ooking statements are based on >> expectations, estimates and projections at the time the statements are >> made >> that involve a number of risks and uncertainties which cou|d cause >> actual results or events to differ material|y from those present|y >> anticipated. Forward |ooking statements in this action may be >> identified >> through the use of words such as: "projects", "foresee", "expects", >> "estimates," "believes," "understands" "will," "part of: "anticipates," >> or that >> by statements indicating certain actions "may," "cou|d," or "might" >> occur. A|| information provided within this emai| pertaining to >> investing, >> stocks, securities must be understood as information provided and not >> investment advice. Emerging Equity A|ert advises all readers and >> subscribers to seek advice from a registered professiona| securities >> representative before deciding to trade in stocks featured within this >> emai|. >> None of the material within this report sha|l be construed as any kind >> of >> investment advice. P|ease have in mind that the interpretation of the >> witer of this news|etter about the news pub|ished by the company does >> not represent the company officia| statement and in fact may differ >> from >> the rea| meaning of what the news re|ease meant to say. Look the news >> release by yourse|f and judge by yourse|f about the details in it.

>> >> In compliance with Section 17(b), we disc|ose the ho|ding of MNEI >> shares prior to the publication of this report. Be aware of an inherent >> conf|ict of interest resulting from such holdings due to our intent to >> profit from the |iquidation of these shares. Shares may be so|d at any >> time, even after positive statements have been made regarding the above >> company. Since we own shares, there is an inherent conflict of interest >> in >> our statements and opinions. Readers of this pub|ication are cautioned >> not to place undue reliance on forward-looking statements, which are >> based on certain assumptions and expectations involving various risks >> and >> uncertainties, that cou|d cause results to differ material|y from those >> set forth in the forward- |ooking statements. >> >> Please be advised that nothing within this emai| sha|l constitute a >> solicitation or an invitation to get position in or se|l any security >> mentioned herein. This newsletter is neither a registered investment >> advisor nor affiliated with any broker or dealer. This news|etter was >> paid >> $52600 from third party to send this report. Al| statements made are >> our >> express opinion on|y and shou|d be treated as such. We may own, take >> position and sell any securities mentioned at any time. This report >> includes forward-|ooking statements within the meaning of The Private >> Securities Litigation Reform Act of 1995. These statements may inc|ude >> terms >> as "expect", "believe", "may", "wi||", "move","underva|ued" and >> "intend" or simi|ar terms. >> >> >> If you wish to stop future mailings, or if you feel you have been >> wrongfu|ly p|aced in our list, p|ease go here >> (-stox0011@yahoo.com-) >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Rodney Green Network/Security Administrator Trayer Products, Inc. E-Mail: rgreen@trayerproducts.com Phone: 607-734-8124 Ext. 343 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From carinus.carelse at MRC.AC.ZA Fri Feb 4 15:43:17 2005 From: carinus.carelse at MRC.AC.ZA (Carinus Carelse) Date: Thu Jan 12 21:28:26 2006 Subject: QuarantineReport Query Message-ID: Ok I have got it to copy the original message and the rights are ok but i still get the Error Releasing email message 1CwbkG-0002j7-KK to user@domain.com 1CwbkG-0002j7-KK, user@domain.com, or 20050202 is not legitimate format! Well i guess that's that unless someone has another suggestion. Carinus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Feb 4 15:51:41 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:26 2006 Subject: SA socres check Message-ID: Rodney www.rulesemporium.com/rules.htm -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Rodney Green wrote: > Martin, > > Are the rules you have available somewhere for download? I could use > some more rules to add to my SA install. > > Thanks, > Rodney > > Martin Hepworth wrote: > >> Magda >> >> lots.. >> >> 46.8 >> >> Spam Report: >> 0.00 BAYES_50 Bayesian spam probability is 40 to 60% >> 2.29 BIZ_TLD Contains an URL in the BIZ top-level domain >> 3.02 FB_FORWARD >> 0.50 FB_INVEST_ADVICE >> 1.20 FB_ST0CK >> 1.10 FM_MULTI_ODD2 >> 1.40 FU_TLD_BIZ >> 0.60 J_CHICKENPOX_12 {1}Letter - punctuation - {2}Letter >> 0.60 J_CHICKENPOX_13 {1}Letter - punctuation - {3}Letter >> 0.60 J_CHICKENPOX_14 {1}Letter - punctuation - {4}Letter >> 0.60 J_CHICKENPOX_15 {1}Letter - punctuation - {5}Letter >> 0.60 J_CHICKENPOX_21 {2}Letter - punctuation - {1}Letter >> 0.60 J_CHICKENPOX_22 {2}Letter - punctuation - {2}Letter >> 0.60 J_CHICKENPOX_24 {2}Letter - punctuation - {4}Letter >> 0.60 J_CHICKENPOX_25 {2}Letter - punctuation - {5}Letter >> 0.60 J_CHICKENPOX_27 {2}Letter - punctuation - {7}Letter >> 0.60 J_CHICKENPOX_31 {3}Letter - punctuation - {1}Letter >> 0.60 J_CHICKENPOX_33 {3}Letter - punctuation - {3}Letter >> 0.60 J_CHICKENPOX_34 {3}Letter - punctuation - {4}Letter >> 0.60 J_CHICKENPOX_35 {3}Letter - punctuation - {5}Letter >> 0.60 J_CHICKENPOX_36 {3}Letter - punctuation - {6}Letter >> 0.60 J_CHICKENPOX_37 {3}Letter - punctuation - {7}Letter >> 0.60 J_CHICKENPOX_41 {4}Letter - punctuation - {1}Letter >> 0.60 J_CHICKENPOX_42 {4}Letter - punctuation - {2}Letter >> 0.60 J_CHICKENPOX_43 {4}Letter - punctuation - {3}Letter >> 0.60 J_CHICKENPOX_45 {4}Letter - punctuation - {5}Letter >> 0.60 J_CHICKENPOX_55 {5}Letter - punctuation - {5}Letter >> 0.60 J_CHICKENPOX_61 {6}Letter - punctuation - {1}Letter >> 0.60 J_CHICKENPOX_63 {6}Letter - punctuation - {3}Letter >> 0.60 J_CHICKENPOX_71 {7}Letter - punctuation - {1}Letter >> 0.60 J_CHICKENPOX_72 {7}Letter - punctuation - {2}Letter >> 0.60 J_CHICKENPOX_81 {8}Letter - punctuation - {1}Letter >> 2.30 MANGLED_BELOW mangled below >> 2.30 MANGLED_FULL mangled full >> 2.30 MANGLED_LIST mangled list >> 2.30 MANGLED_LOW mangled low >> 2.30 MANGLED_OFF mangled off >> 2.30 MANGLED_PLEASE mangled please >> 2.30 MANGLED_REALLY mangled really >> 2.30 MANGLED_SPCALS mangled special(s) >> 2.30 MANGLED_STOCK mangled stock(s) >> 1.67 SARE_FWDLOOK Forward looking statements about stocks >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >> Magda Hewryk wrote: >> >>> Would somebody confirm the scores for the spam below? What was your >>> score? >>> >>> "not spam, SpamAssassin (score=4.278, required 4.9, autolearn=spam, >>> BAYES_00 -2.60, PYZOR_CHECK 3.45, RCVD_HELO_IP_MISMATCH 2.18, >>> RCVD_NUMERIC_HELO 1.25)" >>> >>> >>> >>> Thanks, >>> >>> Magda Hewryk >>> -------------------------------- >>> Mid-Range Systems >>> 905-273-1637 (Office) >>> 416-554-0743 (Cell) >>> ----- Forwarded by Magdalena Hewryk/TOR/SYM on 02/04/2005 10:16 AM ----- >>> >>> "Christoper >>> Mccain" >>> >>> >> .com> >>> >>> cc >>> 02/04/2005 09:09 >>> AM >>> Subject >>> Technica| p|ay in m0tiOn 0n penny >>> st0ck >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> THIS STOCK IS UNDISCOVERED STOCK GEM - Just starting to trade >>> >>> >>> Millennium National Events, Inc. - Symbol: MNEI >>> >>> Millenniums current roster of event sponsors inc|udes such names as: WM >>> Wrig|ey, American Express, Office Depot, Verizon, Ita|ian Rose, TWA, >>> Power Sports, Pizza Hut, Coca-Cola, Samuel Adams, C|ear Channe| >>> Communications, Viacom, Infinity Broadcasting, Budweiser, COX >>> Broadcasting, NBC >>> |ocal affiliates, Brown Foreman (Jack Danie|s), Southern Wine & >>> Spirits, Viking Ovens and Bergwater Vineyards. >>> >>> >>> And just read the News... Read the entire news be|ow >>> >>> NEWS>>>..Mi||ennium announced that it has entered into an agreement to >>> acquire >>> al| of the outstanding shares of Mi||ennium National Imports, Inc., a >>> Texas Company. >>> >>> >>> Yes you read it right - this is serious company with some serious >>> business >>> >>> >>> Symbo|: MNEI >>> Current Price: $0.45 >>> 1-2 weeks specu|ative targer price: SKY IS THE LIMIT ON THIS STOCK $2-3 >>> is real|y >>> possibe (if you look at |eve|2 you wi|| see why) >>> >>> >>> Mi||ennium Nationa| Events, Inc. (MNEI) is an event company that is >>> currently transforming the wor|d of specia| events and corporate >>> sponsorship. The Company is a fu||y integrated event promoter which >>> owns, >>> partially or entire|y, and/or operates a diversified network of events >>> and >>> event promoters in the states of F|orida, New York, Indiana, Colorado, >>> California and Washington DC. >>> >>> Through its diverse segments, Mi||ennium's footprint is expanding in >>> live entertainment, including sports and music. While Mi|lennium >>> Nationa| >>> Events owns and is constant|y acquiring existing events, our upcoming >>> ca|endar inc|udes events with IMG, Clear Channe|, SFX, the ATP, NFL, >>> PGA, LPGA, and NASCAR. >>> >>> >>> Symbol: MNEI >>> Current Price: $O.45 >>> 1-2 weeks speculative targer price: SKY IS THE LIMIT ON THIS STOCK $2-3 >>> is rea||y >>> possibe (if you |ook at leve|2 you wil| see why) >>> >>> >>> NEWS >>> >>> DELRAY BEACH, Fla., Jan 21 /PRNewswire-FirstCa|l/ -- Mil|ennium >>> National Events (OTC Pink Sheets: MNEI) today announced that it has >>> entered >>> into negotiations to acquire al| or part of a working interest in Match >>> Point, Inc., the owner of the ATP sanctioned event known as the >>> Mi||ennium Internationa| Tennis Tournament. >>> >>> >>> Millennium earlier became the title sponsor of the Match Point, Inc. >>> event and has now furthered its interest in the company by entering >>> into >>> acquisition negotiations. >>> >>> Both |ocal Delray Beach-based companies cou|d integrate the two >>> entities. "Basical|y we're both from the same industry, and together I >>> believe >>> we cou|d be bigger and accomp|ish more than as stand-alone companies," >>> said Robert McAl|ister, CEO & President of Mi||ennium National Events. >>> >>> Mark Baron, President of Match Point, Inc., says of the negotiations, >>> "We are considering Millennium's offers and be|ieve that there cou|d be >>> a possib|e f i t here for our company and our share holders." >>> >>> McA||ister also fee|s the purchase of Match Point is a good move for >>> both Mi|lennium shareholders and Match Point. "This acquisition is >>> consistent with our overa|| business plan. It has a|ways been our >>> intent to >>> target and acquire successful, high-profi|e events and their promoters; >>> we've had our eye on Match Point for a|most one year now. Consolidation >>> is the key, not only to our bottom line, but also to the success of >>> each individua| event." >>> >>> Exact terms have been not yet been announced, but Mi|lennium sees the >>> Match Point acquisition ultimate|y being ab|e to bring net revenues to >>> MNEI's bottom |ine. >>> >>> MNEI sees both the internationa| te|evision audience and the ability to >>> attract a Fortune 5O0 as a potentia| source of even greater, and as of >>> yet, untapped revenue. McAl|ister expects the dea| to be consummated in >>> this quarter. >>> >>> The ATP tournament is being held Jan. 31 - Feb. 6 at the Delray Beach >>> Tennis Center. The draw for the 13th annual Millennium ITC inc|udes top >>> Americans Vince Spadea, current|y No. 19 in the world, two-time ITC >>> champion Jan-Michael Gambil| and James Blake. Also entered in the >>> tournament are Jiri Novak (Czech Republic), current|y at No. 25, >>> two-time >>> Mil|ennium ITC fina|ist Xavier Malisse (Belgium) and defending champion >>> Ricardo Me||o (Brazi|). The tournament stil| ho|ds two wildcards that >>> can >>> be offered to other top p|ayers in the weeks |eading up to the event. >>> >>> >>> >>> read this |ega| info >>> >>> Information within this emai| contains "forward |ooking statements" >>> within the meaning of Section 27A of the Securities Act of 1933 and >>> Section 21B of the Securities Exchange Act of 1934. Any statements that >>> express or invo|ve discussions with respect to predictions, goa|s, >>> expectations, be|iefs, p|ans, projections, objectives, assumptions or >>> future >>> events or performance are not statements of historica| fact and may be >>> "forward looking statements." Forward |ooking statements are based on >>> expectations, estimates and projections at the time the statements are >>> made >>> that involve a number of risks and uncertainties which cou|d cause >>> actual results or events to differ material|y from those present|y >>> anticipated. Forward |ooking statements in this action may be >>> identified >>> through the use of words such as: "projects", "foresee", "expects", >>> "estimates," "believes," "understands" "will," "part of: "anticipates," >>> or that >>> by statements indicating certain actions "may," "cou|d," or "might" >>> occur. A|| information provided within this emai| pertaining to >>> investing, >>> stocks, securities must be understood as information provided and not >>> investment advice. Emerging Equity A|ert advises all readers and >>> subscribers to seek advice from a registered professiona| securities >>> representative before deciding to trade in stocks featured within this >>> emai|. >>> None of the material within this report sha|l be construed as any kind >>> of >>> investment advice. P|ease have in mind that the interpretation of the >>> witer of this news|etter about the news pub|ished by the company does >>> not represent the company officia| statement and in fact may differ >>> from >>> the rea| meaning of what the news re|ease meant to say. Look the news >>> release by yourse|f and judge by yourse|f about the details in it.

>>> >>> In compliance with Section 17(b), we disc|ose the ho|ding of MNEI >>> shares prior to the publication of this report. Be aware of an inherent >>> conf|ict of interest resulting from such holdings due to our intent to >>> profit from the |iquidation of these shares. Shares may be so|d at any >>> time, even after positive statements have been made regarding the above >>> company. Since we own shares, there is an inherent conflict of interest >>> in >>> our statements and opinions. Readers of this pub|ication are cautioned >>> not to place undue reliance on forward-looking statements, which are >>> based on certain assumptions and expectations involving various risks >>> and >>> uncertainties, that cou|d cause results to differ material|y from those >>> set forth in the forward- |ooking statements. >>> >>> Please be advised that nothing within this emai| sha|l constitute a >>> solicitation or an invitation to get position in or se|l any security >>> mentioned herein. This newsletter is neither a registered investment >>> advisor nor affiliated with any broker or dealer. This news|etter was >>> paid >>> $52600 from third party to send this report. Al| statements made are >>> our >>> express opinion on|y and shou|d be treated as such. We may own, take >>> position and sell any securities mentioned at any time. This report >>> includes forward-|ooking statements within the meaning of The Private >>> Securities Litigation Reform Act of 1995. These statements may inc|ude >>> terms >>> as "expect", "believe", "may", "wi||", "move","underva|ued" and >>> "intend" or simi|ar terms. >>> >>> >>> If you wish to stop future mailings, or if you feel you have been >>> wrongfu|ly p|aced in our list, p|ease go here >>> (-stox0011@yahoo.com-) >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> >> >> ********************************************************************** >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please notify >> the system manager. >> >> This footnote confirms that this email message has been swept >> for the presence of computer viruses and is believed to be clean. >> >> ********************************************************************** >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Rodney Green > Network/Security Administrator > Trayer Products, Inc. > E-Mail: rgreen@trayerproducts.com > Phone: 607-734-8124 Ext. 343 > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Fri Feb 4 15:59:42 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:26 2006 Subject: I have been trying to change the spam score in MailScanner and have been having some problems with s Message-ID: I have been trying to change the spam score in MailScanner and have been having some problems with some. I did not have a score in the spam.assassin.prefs.conf for AWL. I added "score AWL 1.393 1.320 1.613 1.02". It still shows in the log as AWL -1.61. Am I missing something??? Do I have rules in spamassassin some place else that I am missing??? Thanks, Dave Feb 4 10:55:42 spamfilter MailScanner[3773]: Message 917E516F54F.517ED from 65.205.157.199 (cash@earningsavenue.com) to sbschools.net is spam, SBL+XBL, SpamAssassin (score=9.36, required 4.3, AWL -1.61, BAYES_50 0.00, BE_BOSS 1.65, HTML_80_90 0.15, HTML_IMAGE_ONLY_16 1.05, HTML_IMAGE_RATIO_02 0.02, HTML_MESSAGE 0.00, HTML_NONELEMENT_00_10 0.00, HTML_WEB_BUGS 0.04, MIME_HTML_ONLY 0.18, MSGID_FROM_MTA_ID 1.72, RCVD_IN_SBL 0.50, URIBL_OB_SURBL 3.21, URIBL_SBL 1.00, URIBL_WS_SURBL 1.46) This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MHewryk at SYMCOR.COM Fri Feb 4 16:03:28 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:26 2006 Subject: SA socres check Message-ID: Such a shame the same spam was scored for me at 4.2 and you got 46 points for it! I will definitely use the extra rules. Did anybody got the below spam flagged with URIBL_SBL and URIBL_WS_SURBL??? I did not. Thanks, Magda Martin Hepworth To Sent by: MAILSCANNER@JISCMAIL.AC.UK MailScanner cc mailing list Re: SA socres check 02/04/2005 10:51 AM Please respond to MailScanner mailing list Rodney www.rulesemporium.com/rules.htm -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Rodney Green wrote: > Martin, > > Are the rules you have available somewhere for download? I could use > some more rules to add to my SA install. > > Thanks, > Rodney > > Martin Hepworth wrote: > >> Magda >> >> lots.. >> >> 46.8 >> >> Spam Report: >> 0.00 BAYES_50 Bayesian spam probability is 40 to 60% >> 2.29 BIZ_TLD Contains an URL in the BIZ top-level domain >> 3.02 FB_FORWARD >> 0.50 FB_INVEST_ADVICE >> 1.20 FB_ST0CK >> 1.10 FM_MULTI_ODD2 >> 1.40 FU_TLD_BIZ >> 0.60 J_CHICKENPOX_12 {1}Letter - punctuation - {2}Letter >> 0.60 J_CHICKENPOX_13 {1}Letter - punctuation - {3}Letter >> 0.60 J_CHICKENPOX_14 {1}Letter - punctuation - {4}Letter >> 0.60 J_CHICKENPOX_15 {1}Letter - punctuation - {5}Letter >> 0.60 J_CHICKENPOX_21 {2}Letter - punctuation - {1}Letter >> 0.60 J_CHICKENPOX_22 {2}Letter - punctuation - {2}Letter >> 0.60 J_CHICKENPOX_24 {2}Letter - punctuation - {4}Letter >> 0.60 J_CHICKENPOX_25 {2}Letter - punctuation - {5}Letter >> 0.60 J_CHICKENPOX_27 {2}Letter - punctuation - {7}Letter >> 0.60 J_CHICKENPOX_31 {3}Letter - punctuation - {1}Letter >> 0.60 J_CHICKENPOX_33 {3}Letter - punctuation - {3}Letter >> 0.60 J_CHICKENPOX_34 {3}Letter - punctuation - {4}Letter >> 0.60 J_CHICKENPOX_35 {3}Letter - punctuation - {5}Letter >> 0.60 J_CHICKENPOX_36 {3}Letter - punctuation - {6}Letter >> 0.60 J_CHICKENPOX_37 {3}Letter - punctuation - {7}Letter >> 0.60 J_CHICKENPOX_41 {4}Letter - punctuation - {1}Letter >> 0.60 J_CHICKENPOX_42 {4}Letter - punctuation - {2}Letter >> 0.60 J_CHICKENPOX_43 {4}Letter - punctuation - {3}Letter >> 0.60 J_CHICKENPOX_45 {4}Letter - punctuation - {5}Letter >> 0.60 J_CHICKENPOX_55 {5}Letter - punctuation - {5}Letter >> 0.60 J_CHICKENPOX_61 {6}Letter - punctuation - {1}Letter >> 0.60 J_CHICKENPOX_63 {6}Letter - punctuation - {3}Letter >> 0.60 J_CHICKENPOX_71 {7}Letter - punctuation - {1}Letter >> 0.60 J_CHICKENPOX_72 {7}Letter - punctuation - {2}Letter >> 0.60 J_CHICKENPOX_81 {8}Letter - punctuation - {1}Letter >> 2.30 MANGLED_BELOW mangled below >> 2.30 MANGLED_FULL mangled full >> 2.30 MANGLED_LIST mangled list >> 2.30 MANGLED_LOW mangled low >> 2.30 MANGLED_OFF mangled off >> 2.30 MANGLED_PLEASE mangled please >> 2.30 MANGLED_REALLY mangled really >> 2.30 MANGLED_SPCALS mangled special(s) >> 2.30 MANGLED_STOCK mangled stock(s) >> 1.67 SARE_FWDLOOK Forward looking statements about stocks >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >> Magda Hewryk wrote: >> >>> Would somebody confirm the scores for the spam below? What was your >>> score? >>> >>> "not spam, SpamAssassin (score=4.278, required 4.9, autolearn=spam, >>> BAYES_00 -2.60, PYZOR_CHECK 3.45, RCVD_HELO_IP_MISMATCH 2.18, >>> RCVD_NUMERIC_HELO 1.25)" >>> >>> >>> >>> Thanks, >>> >>> Magda Hewryk >>> -------------------------------- >>> Mid-Range Systems >>> 905-273-1637 (Office) >>> 416-554-0743 (Cell) >>> ----- Forwarded by Magdalena Hewryk/TOR/SYM on 02/04/2005 10:16 AM ----- >>> >>> "Christoper >>> Mccain" >>> >>> >> .com> >>> >>> cc >>> 02/04/2005 09:09 >>> AM >>> Subject >>> Technica| p|ay in m0tiOn 0n penny >>> st0ck >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> THIS STOCK IS UNDISCOVERED STOCK GEM - Just starting to trade >>> >>> >>> Millennium National Events, Inc. - Symbol: MNEI >>> >>> Millenniums current roster of event sponsors inc|udes such names as: WM >>> Wrig|ey, American Express, Office Depot, Verizon, Ita|ian Rose, TWA, >>> Power Sports, Pizza Hut, Coca-Cola, Samuel Adams, C|ear Channe| >>> Communications, Viacom, Infinity Broadcasting, Budweiser, COX >>> Broadcasting, NBC >>> |ocal affiliates, Brown Foreman (Jack Danie|s), Southern Wine & >>> Spirits, Viking Ovens and Bergwater Vineyards. >>> >>> >>> And just read the News... Read the entire news be|ow >>> >>> NEWS>>>..Mi||ennium announced that it has entered into an agreement to >>> acquire >>> al| of the outstanding shares of Mi||ennium National Imports, Inc., a >>> Texas Company. >>> >>> >>> Yes you read it right - this is serious company with some serious >>> business >>> >>> >>> Symbo|: MNEI >>> Current Price: $0.45 >>> 1-2 weeks specu|ative targer price: SKY IS THE LIMIT ON THIS STOCK $2-3 >>> is real|y >>> possibe (if you look at |eve|2 you wi|| see why) >>> >>> >>> Mi||ennium Nationa| Events, Inc. (MNEI) is an event company that is >>> currently transforming the wor|d of specia| events and corporate >>> sponsorship. The Company is a fu||y integrated event promoter which >>> owns, >>> partially or entire|y, and/or operates a diversified network of events >>> and >>> event promoters in the states of F|orida, New York, Indiana, Colorado, >>> California and Washington DC. >>> >>> Through its diverse segments, Mi||ennium's footprint is expanding in >>> live entertainment, including sports and music. While Mi|lennium >>> Nationa| >>> Events owns and is constant|y acquiring existing events, our upcoming >>> ca|endar inc|udes events with IMG, Clear Channe|, SFX, the ATP, NFL, >>> PGA, LPGA, and NASCAR. >>> >>> >>> Symbol: MNEI >>> Current Price: $O.45 >>> 1-2 weeks speculative targer price: SKY IS THE LIMIT ON THIS STOCK $2-3 >>> is rea||y >>> possibe (if you |ook at leve|2 you wil| see why) >>> >>> >>> NEWS >>> >>> DELRAY BEACH, Fla., Jan 21 /PRNewswire-FirstCa|l/ -- Mil|ennium >>> National Events (OTC Pink Sheets: MNEI) today announced that it has >>> entered >>> into negotiations to acquire al| or part of a working interest in Match >>> Point, Inc., the owner of the ATP sanctioned event known as the >>> Mi||ennium Internationa| Tennis Tournament. >>> >>> >>> Millennium earlier became the title sponsor of the Match Point, Inc. >>> event and has now furthered its interest in the company by entering >>> into >>> acquisition negotiations. >>> >>> Both |ocal Delray Beach-based companies cou|d integrate the two >>> entities. "Basical|y we're both from the same industry, and together I >>> believe >>> we cou|d be bigger and accomp|ish more than as stand-alone companies," >>> said Robert McAl|ister, CEO & President of Mi||ennium National Events. >>> >>> Mark Baron, President of Match Point, Inc., says of the negotiations, >>> "We are considering Millennium's offers and be|ieve that there cou|d be >>> a possib|e f i t here for our company and our share holders." >>> >>> McA||ister also fee|s the purchase of Match Point is a good move for >>> both Mi|lennium shareholders and Match Point. "This acquisition is >>> consistent with our overa|| business plan. It has a|ways been our >>> intent to >>> target and acquire successful, high-profi|e events and their promoters; >>> we've had our eye on Match Point for a|most one year now. Consolidation >>> is the key, not only to our bottom line, but also to the success of >>> each individua| event." >>> >>> Exact terms have been not yet been announced, but Mi|lennium sees the >>> Match Point acquisition ultimate|y being ab|e to bring net revenues to >>> MNEI's bottom |ine. >>> >>> MNEI sees both the internationa| te|evision audience and the ability to >>> attract a Fortune 5O0 as a potentia| source of even greater, and as of >>> yet, untapped revenue. McAl|ister expects the dea| to be consummated in >>> this quarter. >>> >>> The ATP tournament is being held Jan. 31 - Feb. 6 at the Delray Beach >>> Tennis Center. The draw for the 13th annual Millennium ITC inc|udes top >>> Americans Vince Spadea, current|y No. 19 in the world, two-time ITC >>> champion Jan-Michael Gambil| and James Blake. Also entered in the >>> tournament are Jiri Novak (Czech Republic), current|y at No. 25, >>> two-time >>> Mil|ennium ITC fina|ist Xavier Malisse (Belgium) and defending champion >>> Ricardo Me||o (Brazi|). The tournament stil| ho|ds two wildcards that >>> can >>> be offered to other top p|ayers in the weeks |eading up to the event. >>> >>> >>> >>> read this |ega| info >>> >>> Information within this emai| contains "forward |ooking statements" >>> within the meaning of Section 27A of the Securities Act of 1933 and >>> Section 21B of the Securities Exchange Act of 1934. Any statements that >>> express or invo|ve discussions with respect to predictions, goa|s, >>> expectations, be|iefs, p|ans, projections, objectives, assumptions or >>> future >>> events or performance are not statements of historica| fact and may be >>> "forward looking statements." Forward |ooking statements are based on >>> expectations, estimates and projections at the time the statements are >>> made >>> that involve a number of risks and uncertainties which cou|d cause >>> actual results or events to differ material|y from those present|y >>> anticipated. Forward |ooking statements in this action may be >>> identified >>> through the use of words such as: "projects", "foresee", "expects", >>> "estimates," "believes," "understands" "will," "part of: "anticipates," >>> or that >>> by statements indicating certain actions "may," "cou|d," or "might" >>> occur. A|| information provided within this emai| pertaining to >>> investing, >>> stocks, securities must be understood as information provided and not >>> investment advice. Emerging Equity A|ert advises all readers and >>> subscribers to seek advice from a registered professiona| securities >>> representative before deciding to trade in stocks featured within this >>> emai|. >>> None of the material within this report sha|l be construed as any kind >>> of >>> investment advice. P|ease have in mind that the interpretation of the >>> witer of this news|etter about the news pub|ished by the company does >>> not represent the company officia| statement and in fact may differ >>> from >>> the rea| meaning of what the news re|ease meant to say. Look the news >>> release by yourse|f and judge by yourse|f about the details in it.

>>> >>> In compliance with Section 17(b), we disc|ose the ho|ding of MNEI >>> shares prior to the publication of this report. Be aware of an inherent >>> conf|ict of interest resulting from such holdings due to our intent to >>> profit from the |iquidation of these shares. Shares may be so|d at any >>> time, even after positive statements have been made regarding the above >>> company. Since we own shares, there is an inherent conflict of interest >>> in >>> our statements and opinions. Readers of this pub|ication are cautioned >>> not to place undue reliance on forward-looking statements, which are >>> based on certain assumptions and expectations involving various risks >>> and >>> uncertainties, that cou|d cause results to differ material|y from those >>> set forth in the forward- |ooking statements. >>> >>> Please be advised that nothing within this emai| sha|l constitute a >>> solicitation or an invitation to get position in or se|l any security >>> mentioned herein. This newsletter is neither a registered investment >>> advisor nor affiliated with any broker or dealer. This news|etter was >>> paid >>> $52600 from third party to send this report. Al| statements made are >>> our >>> express opinion on|y and shou|d be treated as such. We may own, take >>> position and sell any securities mentioned at any time. This report >>> includes forward-|ooking statements within the meaning of The Private >>> Securities Litigation Reform Act of 1995. These statements may inc|ude >>> terms >>> as "expect", "believe", "may", "wi||", "move","underva|ued" and >>> "intend" or simi|ar terms. >>> >>> >>> If you wish to stop future mailings, or if you feel you have been >>> wrongfu|ly p|aced in our list, p|ease go here >>> (-stox0011@yahoo.com-) >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> >> >> ********************************************************************** >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please notify >> the system manager. >> >> This footnote confirms that this email message has been swept >> for the presence of computer viruses and is believed to be clean. >> >> ********************************************************************** >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Rodney Green > Network/Security Administrator > Trayer Products, Inc. > E-Mail: rgreen@trayerproducts.com > Phone: 607-734-8124 Ext. 343 > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From carinus.carelse at MRC.AC.ZA Fri Feb 4 16:15:57 2005 From: carinus.carelse at MRC.AC.ZA (Carinus Carelse) Date: Thu Jan 12 21:28:26 2006 Subject: QuarantineReport Query command line works web interface doesn't Message-ID: I can copy the command line out of the quarnatine release file and it will send with now problem. just not via the browser interface. I wonder if i have'nt forgotten something in my php install. Carinus Carinus Carelse wrote: > Ok I have got it to copy the original message and the rights are ok but i still get the > Error > > Releasing email message 1CwbkG-0002j7-KK to user@domain.com > > 1CwbkG-0002j7-KK, user@domain.com, or 20050202 is not legitimate format! > > Well i guess that's that unless someone has another suggestion. > > Carinus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Feb 4 16:33:11 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:26 2006 Subject: SA socres check Message-ID: Magda no URL's in the email s othe URI-RBL's won't pick up anything.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Magda Hewryk wrote: > Such a shame the same spam was scored for me at 4.2 and you got 46 points > for it! I will definitely use the extra rules. > > Did anybody got the below spam flagged with URIBL_SBL and > URIBL_WS_SURBL??? I did not. > > > Thanks, > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Fri Feb 4 16:36:32 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:28:26 2006 Subject: QuarantineReport Query command line works web interface doesn't Message-ID: Hi, maybe the directory for the ReleaseQuarantine.php is not found? Check your dir-settings on the webserver..and if you are able to get the php-file itself.. this also means the spam-dir etc. Greetings Marcel On Fri, 4 Feb 2005, Carinus Carelse wrote: > I can copy the command line out of the quarnatine release file and it > will send with now > problem. just not via the browser interface. I wonder if i have'nt > forgotten something in > my php install. > > Carinus > > > Carinus Carelse wrote: > > > Ok I have got it to copy the original message and the rights are ok > but i still get the > > Error > > > > Releasing email message 1CwbkG-0002j7-KK to user@domain.com > > > > 1CwbkG-0002j7-KK, user@domain.com, or 20050202 is not legitimate > format! > > > > Well i guess that's that unless someone has another suggestion. > > > > Carinus > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MHewryk at SYMCOR.COM Fri Feb 4 16:42:15 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:26 2006 Subject: Fw: SA socres check Message-ID: Thanks Martin! Few question about the custom SA rules. I've already downloaded the rules_du_jour script & made some basic variable changes. I have also created the /etc/rulesdujour/config file. It looks like below. Is this a correct configuration setting? Is this all I need? /etc/rulesdujour/config: " TRUSTED_RULESETS=" Thanks, Magda ----- Forwarded by Magdalena Hewryk/TOR/SYM on 02/04/2005 11:37 AM ----- Martin Hepworth To Sent by: MAILSCANNER@JISCMAIL.AC.UK MailScanner cc mailing list Re: SA socres check 02/04/2005 11:33 AM Please respond to MailScanner mailing list Magda no URL's in the email s othe URI-RBL's won't pick up anything.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Magda Hewryk wrote: > Such a shame the same spam was scored for me at 4.2 and you got 46 points > for it! I will definitely use the extra rules. > > Did anybody got the below spam flagged with URIBL_SBL and > URIBL_WS_SURBL??? I did not. > > > Thanks, > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From carinus.carelse at MRC.AC.ZA Fri Feb 4 16:44:38 2005 From: carinus.carelse at MRC.AC.ZA (Carinus Carelse) Date: Thu Jan 12 21:28:26 2006 Subject: QuarantineReport Query command line works web interface doesn't Message-ID: Ja i can access the php file with no hassle and the spamdir. Carinus Marcel Blenkers wrote: > Hi, > > maybe the directory for the ReleaseQuarantine.php is not found? > > Check your dir-settings on the webserver..and if you are able to get the > php-file itself.. > > this also means the spam-dir etc. > > Greetings > > Marcel > > On Fri, 4 Feb 2005, Carinus Carelse wrote: > > > I can copy the command line out of the quarnatine release file and it > > will send with now > > problem. just not via the browser interface. I wonder if i have'nt > > forgotten something in > > my php install. > > > > Carinus > > > > > > Carinus Carelse wrote: > > > > > Ok I have got it to copy the original message and the rights are ok > > but i still get the > > > Error > > > > > > Releasing email message 1CwbkG-0002j7-KK to user@domain.com > > > > > > 1CwbkG-0002j7-KK, user@domain.com, or 20050202 is not legitimate > > format! > > > > > > Well i guess that's that unless someone has another suggestion. > > > > > > Carinus > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From carinus.carelse at MRC.AC.ZA Fri Feb 4 16:50:34 2005 From: carinus.carelse at MRC.AC.ZA (Carinus Carelse) Date: Thu Jan 12 21:28:26 2006 Subject: QuarantineReport Query command line works web interface doesn't Message-ID: For interests sake what version of php and what webserver are you running. How did you install your php. Carinus Carinus Carelse wrote: > Ja i can access the php file with no hassle and the spamdir. > > Carinus > > Marcel Blenkers wrote: > > > Hi, > > > > maybe the directory for the ReleaseQuarantine.php is not found? > > > > Check your dir-settings on the webserver..and if you are able to get the > > php-file itself.. > > > > this also means the spam-dir etc. > > > > Greetings > > > > Marcel > > > > On Fri, 4 Feb 2005, Carinus Carelse wrote: > > > > > I can copy the command line out of the quarnatine release file and it > > > will send with now > > > problem. just not via the browser interface. I wonder if i have'nt > > > forgotten something in > > > my php install. > > > > > > Carinus > > > > > > > > > Carinus Carelse wrote: > > > > > > > Ok I have got it to copy the original message and the rights are ok > > > but i still get the > > > > Error > > > > > > > > Releasing email message 1CwbkG-0002j7-KK to user@domain.com > > > > > > > > 1CwbkG-0002j7-KK, user@domain.com, or 20050202 is not legitimate > > > format! > > > > > > > > Well i guess that's that unless someone has another suggestion. > > > > > > > > Carinus > > > > > > ------------------------ MailScanner list ------------------------ > > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > 'leave mailscanner' in the body of the email. > > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cconn at ABACOM.COM Fri Feb 4 16:52:02 2005 From: cconn at ABACOM.COM (Chris Conn) Date: Thu Jan 12 21:28:26 2006 Subject: Missing BAYES??? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] score=6.893, requis xxx, FROM_ENDS_IN_NUMS 0.99, HTML_MESSAGE 0.10, HTML_TAG_BALANCE_A0.20, LONGWORD 0.30, MR_BAD_QUOTE_1 1.00, MR_BAD_QUOTE_2 1.00, MR_STRANGE_QUESTION 1.50, NO_RDNS2 0.01, RCVD_IN_SORBS 1.00, SARE_HTML_NO_HTML1 0.79, UPPERCASE_25_50 0.00) Hello, From time to time I spot messages that SpamAssassin matches rules to as above (an example), but no Bayes is included in the report and therefore no negative scoring occurs. What can cause this, and what steps can I use to limit or remedy this behaviour???? I thank you in advance, Chris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From webalizer at NWCWEB.COM Fri Feb 4 16:53:07 2005 From: webalizer at NWCWEB.COM (Dave Duffner - NWCWEB.com) Date: Thu Jan 12 21:28:26 2006 Subject: SA scores check Message-ID: And with this question I have another related to it: Got the same thing in place, works just fine but because we're using an Ensim-based server setup the only .cf file it recognizes is the local.cf. So while the rules_du_jour does it's thing for updating, it places the new .cf files in the proper directory and that's it. From that point, unless I manually import them into the local.cf file, they're ignored. Any way to automate this process or change settings in the rules_du_jour scripting to possibly import these into the local.cf file without doing it on every update we get? Thanks! David J. Duffner VP Operations NWC Corporation www.nwcxpress.com > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Magda Hewryk > Sent: Friday, February 04, 2005 11:42 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Fw: SA socres check > > > Thanks Martin! > > Few question about the custom SA rules. > I've already downloaded the rules_du_jour script & made some > basic variable changes. I have also created the > /etc/rulesdujour/config file. It looks like below. > Is this a correct configuration setting? Is this all I need? > > /etc/rulesdujour/config: > > " TRUSTED_RULESETS=" > > > > Thanks, > > Magda -- Message scanned by MailScanner, and is believed to be clean. CONFIDENTIALITY NOTICE: This transmission intended for the specified destination and person. If this is not you, this e-mail must be deleted immediately. www.nwcweb.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nmeverde at NP.K12.MN.US Fri Feb 4 17:12:24 2005 From: nmeverde at NP.K12.MN.US (Nick Meverden) Date: Thu Jan 12 21:28:26 2006 Subject: Missing BAYES??? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > From time to time I spot messages that SpamAssassin matches rules to as > above (an example), but no Bayes is included in the report and therefore > no negative scoring occurs. What can cause this, and what steps can I > use to limit or remedy this behaviour???? > Check permissions on the bayes database. And the path to bayes database in spam.assassin.prefs.conf. Also run spamassassin -D --lint --prefs-file=/path/to/spam.assassin.prefs.conf > /tmp/spam.log 2>&1 check /tmp/spam.log for bayes errors. - Nick ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cconn at ABACOM.COM Fri Feb 4 17:02:04 2005 From: cconn at ABACOM.COM (Chris Conn) Date: Thu Jan 12 21:28:26 2006 Subject: Missing BAYES??? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Nick Meverden wrote: >> From time to time I spot messages that SpamAssassin matches rules to as >>above (an example), but no Bayes is included in the report and therefore >>no negative scoring occurs. What can cause this, and what steps can I >>use to limit or remedy this behaviour???? >> > > > Check permissions on the bayes database. And the path to bayes database > in spam.assassin.prefs.conf. Also run spamassassin -D --lint > --prefs-file=/path/to/spam.assassin.prefs.conf > /tmp/spam.log 2>&1 > check /tmp/spam.log for bayes errors. Hello, Just to be clear, 98% of the time the BAYES_XX score is there. Occasionally, it is not. The lint does not report any configuration errors or bayes problems, and the final spamscore of the lint shows BAYES scoring. Thanks, Chris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Feb 4 17:01:59 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:26 2006 Subject: Fw: SA socres check Message-ID: Magda I use the my_rules_du_jour wrapper script so I can add in my own rules and get RDJ to fetch them , but yes you probably just need to put in your required RULE_Set names (see the main RDJ file for those) into that line and it will automagically download them, --lint then and if fine restart MS (change the restart config line) for you... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Magda Hewryk wrote: > Thanks Martin! > > Few question about the custom SA rules. > I've already downloaded the rules_du_jour script & made some basic variable > changes. > I have also created the /etc/rulesdujour/config file. It looks like below. > Is this a correct configuration setting? Is this all I need? > > /etc/rulesdujour/config: > > " TRUSTED_RULESETS=" > > > > Thanks, > > Magda > ----- Forwarded by Magdalena Hewryk/TOR/SYM on 02/04/2005 11:37 AM ----- > > Martin Hepworth > ATE-LOGIC.COM> To > Sent by: MAILSCANNER@JISCMAIL.AC.UK > MailScanner cc > mailing list > MAIL.AC.UK> Re: SA socres check > > > 02/04/2005 11:33 > AM > > > Please respond to > MailScanner > mailing list > MAIL.AC.UK> > > > > > > > Magda > no URL's in the email s othe URI-RBL's won't pick up anything.. > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Magda Hewryk wrote: > >>Such a shame the same spam was scored for me at 4.2 and you got 46 points >>for it! I will definitely use the extra rules. >> >>Did anybody got the below spam flagged with URIBL_SBL and >>URIBL_WS_SURBL??? I did not. >> >> >>Thanks, >> > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nmeverde at NP.K12.MN.US Fri Feb 4 17:33:47 2005 From: nmeverde at NP.K12.MN.US (Nick Meverden) Date: Thu Jan 12 21:28:26 2006 Subject: Missing BAYES??? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Just to be clear, 98% of the time the BAYES_XX score is there. > Occasionally, it is not. > > The lint does not report any configuration errors or bayes problems, and > the final spamscore of the lint shows BAYES scoring. > Sounds like bayes is working fine then, someone else on the list may have a more "technical" sounding answer for this, but bayes will only speakup and score a message when it has something to say. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Feb 4 17:24:45 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:26 2006 Subject: Missing BAYES??? Message-ID: Nick Meverden wrote: >>Just to be clear, 98% of the time the BAYES_XX score is there. >>Occasionally, it is not. >> >>The lint does not report any configuration errors or bayes problems, and >>the final spamscore of the lint shows BAYES scoring. >> > > Sounds like bayes is working fine then, someone else on the list may have > a more "technical" sounding answer for this, but bayes will only speakup > and score a message when it has something to say. > Nick not in my experiance. the bayes system should tag all emails. I'd make sure MS is doing the re-sync of the bayes DB itself and an outside cron isn't trying to do this... In MainScanner.conf its the rebuild bayes options you need to set correctly and make sure it's set to wait while this happens as well. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cconn at ABACOM.COM Fri Feb 4 17:37:34 2005 From: cconn at ABACOM.COM (Chris Conn) Date: Thu Jan 12 21:28:26 2006 Subject: Missing BAYES??? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > > not in my experiance. the bayes system should tag all emails. > > I'd make sure MS is doing the re-sync of the bayes DB itself and an > outside cron isn't trying to do this... > > In MainScanner.conf its the rebuild bayes options you need to set > correctly and make sure it's set to wait while this happens as well. Hello, This is what I have: Rebuild Bayes Every = 259200 Wait During Bayes Rebuild = yes Out of 4975 messages marked as possible spam today, only 4842 had BAYES_XXX scores attached, the rest having a bunch of spamassassin scores but no BAYES. Chris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nmeverde at NP.K12.MN.US Fri Feb 4 17:54:10 2005 From: nmeverde at NP.K12.MN.US (Nick Meverden) Date: Thu Jan 12 21:28:26 2006 Subject: Missing BAYES??? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Out of 4975 messages marked as possible spam today, only 4842 had > BAYES_XXX scores attached, the rest having a bunch of spamassassin > scores but no BAYES. > Chris, your bayes is working fine, every once and a while I'll have an email not have a bayes score because there was nothing in the email that bayes has be taught to score. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Feb 4 17:40:56 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:26 2006 Subject: Missing BAYES??? Message-ID: Chris I've been corrected by someone on the IRC channel, who states that if the Bayes DB find no tokens that match it's DB then it will indeed have nothing to say about the email and therefore not contribute to the score. Sounds logical. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Chris Conn wrote: >> >> not in my experiance. the bayes system should tag all emails. >> >> I'd make sure MS is doing the re-sync of the bayes DB itself and an >> outside cron isn't trying to do this... >> >> In MainScanner.conf its the rebuild bayes options you need to set >> correctly and make sure it's set to wait while this happens as well. > > > Hello, > > This is what I have: > > Rebuild Bayes Every = 259200 > > Wait During Bayes Rebuild = yes > > Out of 4975 messages marked as possible spam today, only 4842 had > BAYES_XXX scores attached, the rest having a bunch of spamassassin > scores but no BAYES. > > Chris > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kodak at FRONTIERHOMEMORTGAGE.COM Fri Feb 4 18:28:05 2005 From: kodak at FRONTIERHOMEMORTGAGE.COM (Jason Balicki) Date: Thu Jan 12 21:28:26 2006 Subject: Slightly OT: virtual hosting Message-ID: Hello all, First of all, if this is too OT, let me know (preferably with a suggestion as where to take the discussion -- this is the only list I know of that has a good size community of mail admins that use all sorts of different MTA setups.) I've been a faithful MailScanner user for years now, and I love the package. However, I'm trying to consolidate several separate mail servers that I maintain under one roof (so to speak) and it seems like every virtual hosting solution has severe drawbacks. The options are limitless, but here's what I've considered so far: Webmin+Virtualmin (and the associated mailscanner webmin component). I like this, and I've had it partially set up, but the one drawback that I see is that I have to give people funky pop/imap logins, and for some reason I find that quite distasteful. The same as above, but without Webmin. Same drawbacks, plus I'd have to maintain the virtual user table by hand. qmail+vpopper+clamav+spamassassin. This would allow me to use sane usernames, but 1) I've heard it's a pain to get running (small, but my frustration level is high enough now :) and 2) I'd be ditching MailScanner. I know I could run Mailscanner on a separate box, but I'd be doubling the number of servers needed, plus I don't know if I could get the MailScanner box to drop unknown users. Well, that's about all I've seriously considered at this point. I'd like to continue to use MailScanner, as I like the all in one anti-spam and anti-virus capabilities, as well as the wonderful community, but it looks like I may have to switch out, and I'm not liking that possibility. Some other considerations: 1) someone else may have to administer this at some point. 2) I may add more domains, especially since I'll have the infrastructure in place. 3) I have absolutely no budget right now. I have a few spare desktops that I can sacrifice to be servers, but new hardware is not an option right now. (My boss won't even let me convert the 5 desktop-cased servers into rackmounts right now, even though I have a nearly empty relay-rack.) If you're running a virtual hosting solution, what are you using? Are you happy with it? If not what would you change? Is there anything I've missed that I should be considering? Also, I'm most familiar with Linux based solutions, but I'm not opposed to *bsd. However, I've tried to standardize on WhiteBox Enterprise Linux (where I can) to make things easy on myself. Thanks a lot for any input. If you think this isn't a good discussion for the list, please email me directly. --J(K) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Fri Feb 4 19:02:26 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:28:26 2006 Subject: Missing BAYES??? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Chris Conn wrote: >> >> not in my experiance. the bayes system should tag all emails. >> >> I'd make sure MS is doing the re-sync of the bayes DB itself and an >> outside cron isn't trying to do this... >> >> In MainScanner.conf its the rebuild bayes options you need to set >> correctly and make sure it's set to wait while this happens as well. > > > Hello, > > This is what I have: > > Rebuild Bayes Every = 259200 > > Wait During Bayes Rebuild = yes > > Out of 4975 messages marked as possible spam today, only 4842 had > BAYES_XXX scores attached, the rest having a bunch of spamassassin > scores but no BAYES. > Chris, I had one yesterday out of 16946 spam emails. So far I have none today. Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From campbell at cnpapers.com Fri Feb 4 19:14:43 2005 From: campbell at cnpapers.com (Steve Campbell) Date: Thu Jan 12 21:28:26 2006 Subject: Slightly OT: virtual hosting Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] ----- Original Message ----- From: "Jason Balicki" To: Sent: Friday, February 04, 2005 1:28 PM Subject: Slightly OT: virtual hosting > Hello all, > > First of all, if this is too OT, let me know (preferably > with a suggestion as where to take the discussion -- > this is the only list I know of that has a good size > community of mail admins that use all sorts of different > MTA setups.) > > I've been a faithful MailScanner user for years now, > and I love the package. > > However, I'm trying to consolidate several separate > mail servers that I maintain under one roof (so > to speak) and it seems like every virtual hosting > solution has severe drawbacks. > > The options are limitless, but here's what I've > considered so far: > > Webmin+Virtualmin (and the associated mailscanner > webmin component). I like this, and I've had it > partially set up, but the one drawback that I see > is that I have to give people funky pop/imap logins, > and for some reason I find that quite distasteful. > > The same as above, but without Webmin. Same > drawbacks, plus I'd have to maintain the > virtual user table by hand. > > qmail+vpopper+clamav+spamassassin. This would allow > me to use sane usernames, but 1) I've heard it's > a pain to get running (small, but my frustration > level is high enough now :) and 2) I'd be ditching > MailScanner. I know I could run Mailscanner on > a separate box, but I'd be doubling the number > of servers needed, plus I don't know if I could > get the MailScanner box to drop unknown users. > > Well, that's about all I've seriously considered > at this point. > > I'd like to continue to use MailScanner, as I like > the all in one anti-spam and anti-virus capabilities, > as well as the wonderful community, but it looks like > I may have to switch out, and I'm not liking that > possibility. > > Some other considerations: > > 1) someone else may have to administer this at some > point. > > 2) I may add more domains, especially since I'll have > the infrastructure in place. > > 3) I have absolutely no budget right now. I have > a few spare desktops that I can sacrifice to be > servers, but new hardware is not an option right > now. (My boss won't even let me convert the 5 > desktop-cased servers into rackmounts right now, > even though I have a nearly empty relay-rack.) > > If you're running a virtual hosting solution, what > are you using? Are you happy with it? If not what > would you change? Is there anything I've missed > that I should be considering? > > Also, I'm most familiar with Linux based solutions, > but I'm not opposed to *bsd. However, I've tried > to standardize on WhiteBox Enterprise Linux (where > I can) to make things easy on myself. > > Thanks a lot for any input. If you think this isn't > a good discussion for the list, please email me > directly. > > --J(K) Jason, I use two different solutions here for different domain combinations. The first is linuxconf. It allows you just about anything you want with virtual domains - one server to handle multiple domains, common user names across domains (usr1@domain1.com and usr1@domain2.com), and the likes. It requires a few changes to your xinetd pop entries, but MailScanner works flawlessly with the end result. It uses its own virtual server pop daemon, I think, called vserver. It's very easy to move domains around from one machine to another. The second is webmin. I switched from linuxconf to webmin for the opposite reason for which you are asking - I wanted to split up domains to different servers. The down side to each: Linuxconf is getting old, and a lot of the default uses older sendmail stubs. You can make it work with the newer sendmail stuff, and get the advantages of the latest sendmail with a little(?) work. There is a new version of LC 2 that has been mentioned on their list, but I wouldn't hold my breath. I use the console gui for most of my admin work, and it's OK, and there is a web based gui if you just have to have it. Webmin could possibly do all, but after using LC for so long, Webmin has a small learning curve to it. I like it very much. But it requires you to know sendmail (If this is your MTA of choice). Fortunately, Webmin also acts as a very good tutor, which, due to the way LC interacts with what it does, cannot always do that. This is just my opinions based on what I know about each. Once you learn the particulars of each, they both become second hand stuff. Steve Campbell campbell@cnpapers.com Charleston Newspapers ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rpoe at PLATTESHERIFF.ORG Fri Feb 4 20:25:19 2005 From: rpoe at PLATTESHERIFF.ORG (Rob Poe) Date: Thu Jan 12 21:28:26 2006 Subject: Slightly OT: virtual hosting Message-ID: Just thought I'd mention, CentOS is the same thing as Whitebox, however where Whitebox is a one-man show, CentOS relies on community support. CentOS generally gets patches a little faster than Whitebox. I'm not trying to start anything here, just thought I'd mention it. It's quite simple to "upgrade" to CentOS from WhiteBox. Basically installing a new *-release file in your /etc and changing the yum.conf to point to the CentOS site/mirrors. Then yum upgrade, if I'm not mistaken. Rob >Also, I'm most familiar with Linux based solutions, >but I'm not opposed to *bsd. However, I've tried >to standardize on WhiteBox Enterprise Linux (where >I can) to make things easy on myself. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Fri Feb 4 20:43:53 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:27 2006 Subject: Slightly OT: virtual hosting Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jason Balicki wrote: >Hello all, > >First of all, if this is too OT, let me know (preferably >with a suggestion as where to take the discussion -- >this is the only list I know of that has a good size >community of mail admins that use all sorts of different >MTA setups.) > >I've been a faithful MailScanner user for years now, >and I love the package. > >However, I'm trying to consolidate several separate >mail servers that I maintain under one roof (so >to speak) and it seems like every virtual hosting >solution has severe drawbacks. > > Well, assuming you have enough bits to make one decent enough machine (Lots of RAM particularly) I would suggest having a look at a Postfix (Or indeed Exim but I have no experience with that), Courier-IMAP (Which also does POP!) and MailScanner all controlled by a MySQL database and use something like phpMyAdmin to edit the database. There is an excellent how to here http://www.gentoo.org/doc/en/virt-mail-howto.xml which although is based on Gentoo, it will be a synch to change the details for your OS. The only bit the guide doesn't cover is MailScanner but that is easy enough as you are familiar with MS anyway :-) . The advantage is that you only have to edit one database and it will scale really easily when your boss has a sudden moment of weakness and drops his tight hold of the cheque book :-) HTH Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cparker at SWATGEAR.COM Fri Feb 4 21:16:15 2005 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:28:27 2006 Subject: What does this strange email mean? Message-ID: Hello, I found two emails in my /var/spool/mqueue.in that are ~95KB of the following: MCBvYmo8PC9UeXBlL0ZvbnQvRW5jb2RpbmcgNTkgMCBSL0Jhc2VGb250L0dISk1JRStBcmlh bE1U L0ZpcnN0Q2hhciAzMi9MYXN0Q2hhciAxNDQvU3VidHlwZS9UeXBlMS9Ub1VuaWNvZGUgNjAg MCBS L0ZvbnREZXNjcmlwdG9yIDYyIDAgUi9XaWR0aHNbMjc4IDc1MCAzNTUgNzUwIDc1MCA4ODkg NzUw IDc1MCAzMzMgMzMzIDc1MCA3NTAgMjc4IDMzMyAyNzggMjc4IDU1NiA1NTYgNTU2IDU1NiA1 NTYg NTU2IDU1NiA1NTYgNTU2IDU1NiAyNzggNzUwIDc1MCA3NTAgNzUwIDc1MCA3NTAgNjY3IDY2 NyA3 MjIgNzIyIDY2NyA2MTEgNzc4IDcyMiAyNzggNTAwIDY2NyA1NTYgODMzIDcyMiA3NzggNjY3 IDc3 OCA3MjIgNjY3IDYxMSA3MjIgNjY3IDk0NCA2NjcgNjY3IDYxMSA3NTAgNzUwIDc1MCA3NTAg NzUw That's just a small sample of what the file contains. There are no normal mail headers or anything like that. The entire file looks like the above. Thanks, Chris. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at ELIQUID.COM Fri Feb 4 21:22:57 2005 From: mailscanner at ELIQUID.COM (Wess Bechard) Date: Thu Jan 12 21:28:27 2006 Subject: What does this strange email mean? Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Looks like base64 data to me. On Fri, 2005-02-04 at 16:16, Chris W. Parker wrote: Hello, I found two emails in my /var/spool/mqueue.in that are ~95KB of the following: MCBvYmo8PC9UeXBlL0ZvbnQvRW5jb2RpbmcgNTkgMCBSL0Jhc2VGb250L0dISk1JRStBcmlh bE1U L0ZpcnN0Q2hhciAzMi9MYXN0Q2hhciAxNDQvU3VidHlwZS9UeXBlMS9Ub1VuaWNvZGUgNjAg MCBS L0ZvbnREZXNjcmlwdG9yIDYyIDAgUi9XaWR0aHNbMjc4IDc1MCAzNTUgNzUwIDc1MCA4ODkg NzUw IDc1MCAzMzMgMzMzIDc1MCA3NTAgMjc4IDMzMyAyNzggMjc4IDU1NiA1NTYgNTU2IDU1NiA1 NTYg NTU2IDU1NiA1NTYgNTU2IDU1NiAyNzggNzUwIDc1MCA3NTAgNzUwIDc1MCA3NTAgNjY3IDY2 NyA3 MjIgNzIyIDY2NyA2MTEgNzc4IDcyMiAyNzggNTAwIDY2NyA1NTYgODMzIDcyMiA3NzggNjY3 IDc3 OCA3MjIgNjY3IDYxMSA3MjIgNjY3IDk0NCA2NjcgNjY3IDYxMSA3NTAgNzUwIDc1MCA3NTAg NzUw That's just a small sample of what the file contains. There are no normal mail headers or anything like that. The entire file looks like the above. Thanks, Chris. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! Wess Bechard System Administrator eliquidMEDIA International www.eliquid.com MailScanner on IRC Community Support irc.freenode.net #mailscanner ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Fri Feb 4 21:29:42 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:28:27 2006 Subject: Volunteers to convert FAQ to a Wiki? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, To everyone who offered their help for the FAQ -> Wiki migration, please contact me off list. Thanks, >> Julian Field wrote: >> >>> If I were to install a Wiki on the MailScanner site, would someone (or >>> several of you) be prepared to take on the job of converting the current ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From svigano at BOOTHCREEK.COM Fri Feb 4 21:49:35 2005 From: svigano at BOOTHCREEK.COM (Stefffan Vigano) Date: Thu Jan 12 21:28:27 2006 Subject: MCP - Chewing up resources even though it's off Message-ID: Searched the archives and couldn't find anything... so I hope this isn't a repeat. We recently upgraded to 4.37.7 and I've noticed overall load and processing times have gone up. Looking at the logs, it seems that although I have MCP checks set to no, MS is still processing MCP checks. Here'a a snippet of our log: Feb 4 13:34:44 patrol MailScanner[32776]: MCP Checks completed at 52254 bytes per second Feb 4 13:34:49 patrol MailScanner[32776]: Spam Checks completed at 10450 bytes per second Feb 4 13:34:51 patrol MailScanner[32776]: Virus Scanning completed at 26127 bytes per second Feb 4 13:34:52 patrol MailScanner[32776]: Virus Processing completed at 52254 bytes per second Feb 4 13:34:52 patrol MailScanner[32776]: Disinfection completed at 52254 bytes per second Feb 4 13:34:52 patrol MailScanner[32776]: Batch completed at 6531 bytes per second (52254 / 8) Feb 4 13:34:52 patrol MailScanner[32776]: MCP Checks completed at 3636 bytes per second Feb 4 13:34:54 patrol MailScanner[32776]: Spam Checks completed at 1818 bytes per second Feb 4 13:34:56 patrol MailScanner[32776]: Virus Scanning completed at 1818 bytes per second Feb 4 13:34:56 patrol MailScanner[32776]: Virus Processing completed at 3636 bytes per second Feb 4 13:34:56 patrol MailScanner[32776]: Disinfection completed at 3636 bytes per second Feb 4 13:34:56 patrol MailScanner[32776]: Batch completed at 909 bytes per second (3636 / 4) I have the following relevant switches in our MailScanner.conf file: Keep Spam And MCP Archive Clean = no MCP Checks = no Should MS still be running them through the MCP checks if I have it explicitly turned off? Having never run the LogSpeed command before, is there any guideline on how to read this? Anything stand out as abnormal? Anything else I could contribute decreased speed to after an upgrade from 4.29.7 to 4.37.7? Thanks... keep up the great work! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Felix.Schwarz at WEB.DE Fri Feb 4 22:10:28 2005 From: Felix.Schwarz at WEB.DE (Felix Schwarz) Date: Thu Jan 12 21:28:27 2006 Subject: Slightly OT: virtual hosting Message-ID: Hi Jason, Jason Balicki wrote: > If you're running a virtual hosting solution, what are you using? > Are you happy with it? If not what would you change? Is there > anything I've missed that I should be considering? I'm using XAMS (www.xams.org). XAMS is only about email administration (no webhosting, ftp etc). It uses MySQL, Exim and Courier. Pro: + Nice usernames (email address) allthough unique usernames (e.g. "web96p1") are supported too. + web interface with multiple languages for customers available + "site" concept (domain.com and domain.net may belong to the same site so info@domain.com and info@domain.net are the same) + MailScanner may be used + Exim (my favorite mail server ;-) + May use Dovecot for POP3/Imap and get rid of the custom Courier Auth-Daemon (allthough you are loosing the Quota support) Con: + web interface too overloaded, not really what usability is all about + very slow development because the main author doesn't have the time any more (but still good support on the list and XAMS just works) + web interface uses PHP + MailScanner not really integrated (you have to write the MailScanner rules by hand) Regarding the cons: I will probably get a contract that will involve a XAMS setup. I hope they will pay me enough so that I can rewrite the web interface in Python with a more modular structure and a really nice looking interface :-) -- Felix ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Fri Feb 4 22:18:26 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:27 2006 Subject: I have been trying to change the spam score in MailScanner and have been having some problems with s Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] David Curtis wrote: > I have been trying to change the spam score in MailScanner and have been > having some problems with some. I did not have a score in the > spam.assassin.prefs.conf for AWL. I added "score AWL 1.393 1.320 1.613 > 1.02". It still shows in the log as AWL -1.61. Am I missing something??? > Do I have rules in spamassassin some place else that I am missing??? > > Thanks, > Dave > > Feb 4 10:55:42 spamfilter MailScanner[3773]: Message 917E516F54F.517ED > from 65.205.157.199 (cash@earningsavenue.com) to sbschools.net is spam, > SBL+XBL, SpamAssassin (score=9.36, required 4.3, AWL -1.61, BAYES_50 > 0.00, BE_BOSS 1.65, HTML_80_90 0.15, HTML_IMAGE_ONLY_16 1.05, > HTML_IMAGE_RATIO_02 0.02, HTML_MESSAGE 0.00, HTML_NONELEMENT_00_10 0.00, > HTML_WEB_BUGS 0.04, MIME_HTML_ONLY 0.18, MSGID_FROM_MTA_ID 1.72, > RCVD_IN_SBL 0.50, URIBL_OB_SURBL 3.21, URIBL_SBL 1.00, URIBL_WS_SURBL > 1.46) You can't score AWL manually, you can only turn it on or off by using the "use_auto_whitelist" option set to 1 or 0. Many would recommend disabling it when used with MS. I suggest you read the README file that came with SA to learn how it scores messages. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Fri Feb 4 22:27:27 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:27 2006 Subject: SA socres check Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Magda Hewryk wrote: > Would somebody confirm the scores for the spam below? What was your score? > > "not spam, SpamAssassin (score=4.278, required 4.9, autolearn=spam, > BAYES_00 -2.60, PYZOR_CHECK 3.45, RCVD_HELO_IP_MISMATCH 2.18, > RCVD_NUMERIC_HELO 1.25)" Something looks wrong when such a low scoring message is autolearned as spam. Have you tweaked the auto learn thresholds? Your message is classified as non spam but autolearned as spam even though it scores lower than the minimum of 6 points. You seem to have a lot of problems with your installation. Where did you get SA? Are you using something that came with your dist? If so, try compiling a source RPM to get a clean install. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vachanta at GMAIL.COM Fri Feb 4 22:34:30 2005 From: vachanta at GMAIL.COM (Venkata Achanta) Date: Thu Jan 12 21:28:27 2006 Subject: Detected HTML-specific exploits and the message is lost ? Message-ID: Looking at the logs there is nothing about what happened after the content checks and the users are complaining that they are missing e-mails root@test test # grep "j13NaAhx006236" /var/log/maillog.1 Feb 3 15:36:11 sendmail[6236]: j13NaAhx006236: from=, size=48073, class=0, nrcpts=1, msgid=<200502032336.j13NaAhx006236@xyz.com>, proto=ESMTP, daemon=MTA, relay=smtp.expedia.com [216.251.115.225] Feb 3 15:36:11 sendmail[6236]: j13NaAhx006236: to=, delay=00:00:01, mailer=relay, pri=78073, stat=queued Feb 3 15:36:14 MailScanner[13718]: Message j13NaAhx006236 from 216.251.115.225 (travel@expedia.com) is whitelisted Feb 3 15:36:19 MailScanner[13718]: Content Checks: Detected HTML-specific exploits in j13NaAhx006236 I'm MailScanner version 4.35.11, i know i have to upgrade and we are in the process. but still where are these e-mails going,did we loose them already? Please advise Thanks ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jd at BENTECMED.COM Fri Feb 4 23:02:01 2005 From: jd at BENTECMED.COM (JD) Date: Thu Jan 12 21:28:27 2006 Subject: Relaying Denied error. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I just installed the new sendmail 8.13.3. now for some reason im getting relaying denied ip lookup failed [192.168.1.194] when I try to telnet to it and test email. My access.db reads 192.168 RELAY mydomain.com RELAY where my email address would be name@mydomain.com am I using the wrong syntax for my access file? should it be in the form 192.168.*.* ?? -JD ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Fri Feb 4 23:05:36 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:27 2006 Subject: Relaying Denied error. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] JD wrote: > I just installed the new sendmail 8.13.3. now for some reason im getting > relaying denied ip lookup failed [192.168.1.194] when I try to telnet to it > and test email. My access.db reads 192.168 RELAY > mydomain.com RELAY And what does 192.168.1.194 resolve to from the MS server? -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jd at BENTECMED.COM Fri Feb 4 23:39:25 2005 From: jd at BENTECMED.COM (JD) Date: Thu Jan 12 21:28:27 2006 Subject: Relaying Denied error. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] umm, how do I do that? -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Peter Bonivart Sent: Friday, February 04, 2005 3:06 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Relaying Denied error. JD wrote: > I just installed the new sendmail 8.13.3. now for some reason im getting > relaying denied ip lookup failed [192.168.1.194] when I try to telnet to it > and test email. My access.db reads 192.168 RELAY > mydomain.com RELAY And what does 192.168.1.194 resolve to from the MS server? -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Fri Feb 4 23:42:07 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:27 2006 Subject: Relaying Denied error. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] JD wrote: > umm, how do I do that? On the MS server, type "nslookup 192.168.1.194". -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vlad at MAZEK.COM Sat Feb 5 02:32:45 2005 From: vlad at MAZEK.COM (Vlad Mazek) Date: Thu Jan 12 21:28:27 2006 Subject: Slightly OT: virtual hosting Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Looks like frontierhomemortgage.com is a sendmail/qpopper box. Given all your alternatives, changing the entire email system from the ground up sounds like a major overkill, compared to maintaining several flat ascii files by hand, especially in an environment with $0 budget where user count is not going to increase all that much. Leave sendmail/mailscanner as is and research dovecot a little. It will allow you to use a custom authentication (ie, their email address can be their username, and they can keep accesing the same mbox file that sendmail or procmail currently deliver mail to). Given all the tradeoffs, that seems like the least amount of work. -Vlad Mazek ExchangeDefender Jason Balicki wrote: >Hello all, > >First of all, if this is too OT, let me know (preferably >with a suggestion as where to take the discussion -- >this is the only list I know of that has a good size >community of mail admins that use all sorts of different >MTA setups.) > >I've been a faithful MailScanner user for years now, >and I love the package. > >However, I'm trying to consolidate several separate >mail servers that I maintain under one roof (so >to speak) and it seems like every virtual hosting >solution has severe drawbacks. > >The options are limitless, but here's what I've >considered so far: > >Webmin+Virtualmin (and the associated mailscanner >webmin component). I like this, and I've had it >partially set up, but the one drawback that I see >is that I have to give people funky pop/imap logins, >and for some reason I find that quite distasteful. > >The same as above, but without Webmin. Same >drawbacks, plus I'd have to maintain the >virtual user table by hand. > >qmail+vpopper+clamav+spamassassin. This would allow >me to use sane usernames, but 1) I've heard it's >a pain to get running (small, but my frustration >level is high enough now :) and 2) I'd be ditching >MailScanner. I know I could run Mailscanner on >a separate box, but I'd be doubling the number >of servers needed, plus I don't know if I could >get the MailScanner box to drop unknown users. > >Well, that's about all I've seriously considered >at this point. > >I'd like to continue to use MailScanner, as I like >the all in one anti-spam and anti-virus capabilities, >as well as the wonderful community, but it looks like >I may have to switch out, and I'm not liking that >possibility. > >Some other considerations: > >1) someone else may have to administer this at some >point. > >2) I may add more domains, especially since I'll have >the infrastructure in place. > >3) I have absolutely no budget right now. I have >a few spare desktops that I can sacrifice to be >servers, but new hardware is not an option right >now. (My boss won't even let me convert the 5 >desktop-cased servers into rackmounts right now, >even though I have a nearly empty relay-rack.) > >If you're running a virtual hosting solution, what >are you using? Are you happy with it? If not what >would you change? Is there anything I've missed >that I should be considering? > >Also, I'm most familiar with Linux based solutions, >but I'm not opposed to *bsd. However, I've tried >to standardize on WhiteBox Enterprise Linux (where >I can) to make things easy on myself. > >Thanks a lot for any input. If you think this isn't >a good discussion for the list, please email me >directly. > >--J(K) > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kodak at FRONTIERHOMEMORTGAGE.COM Sat Feb 5 05:52:41 2005 From: kodak at FRONTIERHOMEMORTGAGE.COM (Jason Balicki) Date: Thu Jan 12 21:28:27 2006 Subject: Slightly OT: virtual hosting Message-ID: Vlad Mazek <> wrote: > Looks like frontierhomemortgage.com is a sendmail/qpopper box. Given It's not. Bear with me here: frontierhomemortgage.com runs a server side package called Bynari Insight, which is made up of Cyrus+Postfix+ OpenLDAP+ some glue, which allows me to integrate with Bynari's client side, which is a MAPI plugin for outlook that allows me to store native Outlook messages in that IMAP store -- effectively fully replacing Exchange capabilities. The problem looming is that Bynari took my advice and has integrated SpamAssassin and ClamAV into their product, however they did not integrate MailScanner, as they bought into the whole "postfix doesn't work with MailScanner" (for the record: I protested. Loudly.) The final package doesn't allow for lovely things like rulesets and the like. It also doesn't allow for other AV products, rendering my Sophos license useless for that particular application. Before anyone says anything: at the time this was purchased, this was the only thing available to do what needed to be done to satisfy my users. I am happy with the product, even though I do wish there was a bit more flexibility. That, however, is the least of my worries. I have several other domains, tangently related to Frontier and otherwise (such as my domain I use at home, plus I run several domains for other clients) all of which use MailScanner+ClamAV, plus some run Sophos. All of which currently reside on separate servers, with separate MailScanner installs, etc... I'd like to virtual host some domains, and forward frontierhomemortgage.com from the virtual host/MailScanner box to the existing mail server, allowing me to upgrade to the latest version of Insight and still use MailScanner. Also, much of this is motivated by the fact that my wife and I have become dependant on my local domain, but I'm paying $60/mo for a 608k/128k crappy DSL line to host it on (low, low volume) but I can get 3.2Mb/512k cable internet for $40/mo. My boss doesn't care if I host the box at Frontier, but if I'm going to go through the trouble of doing that, I may as well make it capable of making us a little bit of money. We're not looking to be a full fledged hosting company, but you know how it goes: the bosses friend owns a business, complains about hosting... and it ends up in my lap. And yet, still no budget... :( > all your alternatives, changing the entire email system from the > ground up sounds like a major overkill, compared to maintaining > several flat ascii files by hand, especially in an environment with > $0 budget where user count is not going to increase all that much. I should have been more clear in the first email, but I didn't want to cloud it up with minutia. I guess I could have spent a little more time crafting it. Sorry. I won't be changing the existing Frontier box much, but I'd like to put a box in front of it that can virtual host domains OTHER than Frontier, yet still provide scanning for the hosted domains AND Frontier. Also, I expect the load to increase, plus (another consideration) I'd like to be able to have the individual domain owners administer as much of their stuff as possible. I've been given a lot of good suggestions, and if anyone is interested I can post either my progress through setting this up, or when I'm done (done?) I can post a summary of what I ended up with. > Leave sendmail/MailScanner as is and research dovecot a little. It I will look into dovecot. Thanks for the suggestion, that's something I've not heard of. > Given all the tradeoffs, that seems like the least amount of work. I'm not afraid of the work. I'd rather work a lot now and have things be easier later than continue fighting things as they are. --J(K) PS: I also wanted to say that Frontier is not one of the scummy spamming mortgage companies. All of our business is either local to St. Louis (or Las Vegas -- we had someone move out there) and is generated via radio ads, phone book or word of mouth. We are a no-spamming-zone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Sat Feb 5 11:45:12 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:27 2006 Subject: Detected HTML-specific exploits and the message is lost ? Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] AFAICS they should be wherever you put viruses and other bad content... If you store, then look in the quarantine;) -- Glenn -----Original Message----- From: MailScanner mailing list on behalf of Venkata Achanta Sent: Fri 2/4/2005 11:34 PM To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Detected HTML-specific exploits and the message is lost ? Looking at the logs there is nothing about what happened after the content checks and the users are complaining that they are missing e-mails root@test test # grep "j13NaAhx006236" /var/log/maillog.1 Feb 3 15:36:11 sendmail[6236]: j13NaAhx006236: from=, size=48073, class=0, nrcpts=1, msgid=<200502032336.j13NaAhx006236@xyz.com>, proto=ESMTP, daemon=MTA, relay=smtp.expedia.com [216.251.115.225] Feb 3 15:36:11 sendmail[6236]: j13NaAhx006236: to=, delay=00:00:01, mailer=relay, pri=78073, stat=queued Feb 3 15:36:14 MailScanner[13718]: Message j13NaAhx006236 from 216.251.115.225 (travel@expedia.com) is whitelisted Feb 3 15:36:19 MailScanner[13718]: Content Checks: Detected HTML-specific exploits in j13NaAhx006236 I'm MailScanner version 4.35.11, i know i have to upgrade and we are in the process. but still where are these e-mails going,did we loose them already? Please advise Thanks ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHTSOLUTIONS.COM Sat Feb 5 12:41:31 2005 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:28:27 2006 Subject: Slightly OT: virtual hosting Message-ID: I'd recommend DirectAdmin (http://www.directadmin.com) It is not free, but an internal license will only cost you about $80 It uses exim and has a few oddities, but is a very nice solution for virtual hosting. Just my 2 cents Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 http://www.blacknight.ie/specialoffers.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHTSOLUTIONS.COM Sat Feb 5 12:46:06 2005 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:28:27 2006 Subject: Out of office reples - Again! Message-ID: Would people please ensure that they DO NOT subscribe to the list using email addresses that can send out of office replies. It is extremely annoying to send a message to a mailing list and get out of office replies in response. If you are a mail admin you should know better Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 http://www.blacknight.ie/specialoffers.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dfilchak at SYMPATICO.CA Sat Feb 5 17:56:59 2005 From: dfilchak at SYMPATICO.CA (Dave Filchak) Date: Thu Jan 12 21:28:27 2006 Subject: filetype rules Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I have searched the archives and cannot find specific reference to my issue. I have the book but it is not with me at the moment. I need to set up specific file type rules for a single domain. I do not want to just allow all file types but specific ones like .zip, .wmv etc. I tried to add a new file called filetype.rules2.conf and change the MailScanner entry to point to this file. In this file I put FromOrTo: *@domain.com yes FromOrTo: default %etc-dir%/filetype.rules.conf This did not work as it gave me syntax errors in the logs. So I then renamed filetype.rules2.conf to filetype.rules and moved it into the rules directory. However, this would allow all file types to this domain and this is not what I am looking for. Can I use the same type of language in this file that is used in the filetype.rules.conf file? Or, if not, how would I approach this problem. Regards, Dave ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Sat Feb 5 18:47:33 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:27 2006 Subject: filetype rules Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dave Filchak wrote: > Hi, > > I have searched the archives and cannot find specific reference to my > issue. I have the book but it is not with me at the moment. I need to > set up specific file type rules for a single domain. I do not want to > just allow all file types but specific ones like .zip, .wmv etc. I tried > to add a new file called filetype.rules2.conf and change the MailScanner > entry to point to this file. In this file I put > > FromOrTo: *@domain.com yes > FromOrTo: default %etc-dir%/filetype.rules.conf > > This did not work as it gave me syntax errors in the logs. So I then > renamed filetype.rules2.conf to filetype.rules and moved it into the > rules directory. However, this would allow all file types to this domain > and this is not what I am looking for. Can I use the same type of > language in this file that is used in the filetype.rules.conf file? Or, > if not, how would I approach this problem. MailScanner.conf: Filetype Rules = %rules-dir%/filetype.rules filetype.rules: FromOrTo: *@domain.com %etc-dir%/filetype.rules2.conf FromOrTo: default %etc-dir%/filetype.rules.conf Then you make the changes you need in filetype.rules2.conf. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dfilchak at SYMPATICO.CA Sat Feb 5 19:22:02 2005 From: dfilchak at SYMPATICO.CA (Dave Filchak) Date: Thu Jan 12 21:28:27 2006 Subject: filetype rules Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter, Thank you. That seemed to do the trick. I now also better understand how the rules and conf files can be applied. Cheers Dave Peter Bonivart wrote: > Dave Filchak wrote: > >> Hi, >> >> I have searched the archives and cannot find specific reference to my >> issue. I have the book but it is not with me at the moment. I need to >> set up specific file type rules for a single domain. I do not want to >> just allow all file types but specific ones like .zip, .wmv etc. I tried >> to add a new file called filetype.rules2.conf and change the MailScanner >> entry to point to this file. In this file I put >> >> FromOrTo: *@domain.com yes >> FromOrTo: default %etc-dir%/filetype.rules.conf >> >> This did not work as it gave me syntax errors in the logs. So I then >> renamed filetype.rules2.conf to filetype.rules and moved it into the >> rules directory. However, this would allow all file types to this domain >> and this is not what I am looking for. Can I use the same type of >> language in this file that is used in the filetype.rules.conf file? Or, >> if not, how would I approach this problem. > > > MailScanner.conf: > Filetype Rules = %rules-dir%/filetype.rules > > filetype.rules: > FromOrTo: *@domain.com %etc-dir%/filetype.rules2.conf > FromOrTo: default %etc-dir%/filetype.rules.conf > > Then you make the changes you need in filetype.rules2.conf. > > -- > /Peter Bonivart > > --Unix lovers do it in the Sun > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mgt at STELLARCORE.NET Sat Feb 5 23:08:16 2005 From: mgt at STELLARCORE.NET (Mike Tremaine) Date: Thu Jan 12 21:28:27 2006 Subject: OT: SA 3.0.2 add on rules. Message-ID: Just wondering what other sets [IE SARE, etc] people are using with SA 3+ [3.0.2]. I upgraded most of the mail servers I control last month from 2.6 to 3.0.2 and removed all the extra .cf files I had installed just to see how it was out of the box. Other then Stock Picking spam and some Pill ads it seems to be pretty good. But I think it is time to add some extra rules again. Thanks, -- Mike Tremaine mgt@stellarcore.net http://www.stellarcore.net ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From james at GRAYONLINE.ID.AU Sun Feb 6 01:04:49 2005 From: james at GRAYONLINE.ID.AU (James Gray) Date: Thu Jan 12 21:28:27 2006 Subject: OT: SA 3.0.2 add on rules. Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Sun, 6 Feb 2005 10:08 am, Mike Tremaine wrote: > Just wondering what other sets [IE SARE, etc] people are using with SA > 3+ [3.0.2]. I upgraded most of the mail servers I control last month > from 2.6 to 3.0.2 and removed all the extra .cf files I had installed > just to see how it was out of the box. > > Other then Stock Picking spam and some Pill ads it seems to be pretty > good. But I think it is time to add some extra rules again. > > Thanks, > > -- > Mike Tremaine I've made publically available the rules we use on our company's mail gateways. 1800+ rules to pick and choose from: http://files.grayonline.id.au I'll be uploading a new ruleset this week as the one that's there has been modified a fair bit. The huuuuuge list of URI's I built into the rules will be ripped out (eventually) and replaced by my own RBL - but that's a project I'm still working on :P The other thing I'm doing (when time permits) is running stats to see which rules get hit the most, because out of the 1800-odd rules, I'm sure there's plenty that don't really need to be there any more. Stay tuned. Cheers, James ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jim at SASHBOX.NET Sun Feb 6 06:21:48 2005 From: jim at SASHBOX.NET (Jim Barry) Date: Thu Jan 12 21:28:27 2006 Subject: New Phishing technique? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Snip from the raw email. To update your account now, please follow the link below, validate your inf= ormation, and verify your acceptance of the updated agreement.

     WARNING: "signi= n.ebay.com" claims to be https://scgi.ebay.com/ws/eBayISAPI.dll= ?UpdateAgreement MailScanner sees this as and is reported as: To update your account now, please follow the link below, validate your information, and verify your acceptance of the updated agreement. WARNING: "signin.ebay.com" claims to be https://scgi.ebay.com/ws/eBayISAPI.dll?UpdateAgreement And it still looks real in a browser.. tested in IE and Firefox. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From andrew at DONEHUE.NET Sun Feb 6 09:24:28 2005 From: andrew at DONEHUE.NET (Andrew) Date: Thu Jan 12 21:28:27 2006 Subject: invalid queue file?? help! :( Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi! I started getting this message in my maillog this afternoon - MailScanner[29869]: Batch: Ignoring invalid queue file for message 1CxiUW-0007sC-6J-H (find the contents below) I am using exim 4.3.x - what could be causing this error? (nothing has changed :( ) - (I get this error for all messages). Any thought/help greatly appreciated. Thanks, Andrew. charlie:/var/spool/exim4.in/input# cat 1CxiUW-0007sC-6J-H 1CxiUW-0007sC-6J-H root 0 0 1107681244 0 -helo_name 166-82-131-156.quickclick.ctc.net -host_address 166.82.131.156.3877 -host_name 166-82-131-156.quickclick.ctc.net -interface_address x.x.x.x.25 -received_protocol smtp -acl 19 14 166.82.131.156 -body_linecount 47 -deliver_firsttime XX 3 siteops@edited.com travis@edited.com bruce@edited.com 169P Received: from 166-82-131-156.quickclick.ctc.net ([166.82.131.156]) by charlie.edited.com with smtp (Exim 4.34) id 1CxiUW-0007sC-6J; Sun, 06 Feb 2005 20:14:05 +1100 058 X-Message-Info: V68RL558TFivipw7nGEipnJY31YWJ9uRIwhmJZ462 172P Received: from dns0usvi-realestate.com ([130.229.150.111]) by zub789-7429.FSMXWAMIWITVRO@bulut.com with Microsoft SMTPSVC(5.0.2195.0266); Sun, 06 Feb 2005 01:11:55 -0800 138P Received: (from cling@localhost) by lifetime3.FSMXWAMIWITVRO@bulut.com (2.59.7/7.07.4) id g147LpQ70587; Sun, 06 Feb 2005 01:11:55 -0800 055I Message-ID: <337926862.83066@FSMXWAMIWITVRO@bulut.com> 051R Reply-To: "Helen Swain" 047F From: "Helen Swain" 037T To: "Siteops" 016 Subject: August 038 Date: Sun, 06 Feb 2005 01:11:55 -0800 018 MIME-Version: 1.0 067 Content-Type: multipart/alternative; boundary="--424793811057263" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From greg at BLASTZONE.COM Sun Feb 6 20:01:56 2005 From: greg at BLASTZONE.COM (Greg Deputy) Date: Thu Jan 12 21:28:27 2006 Subject: Intermittent Blank Emails Message-ID: For the last few months I've been seeing intermittent messages that are blank. Various senders, but the messages are usually HTML, and when I ask the sender to resend, the message comes across. I'm now starting to have other users report the same issue. When I check the logs I don't see anything out of the ordinary about the blank message. I saw a post on this in the archives back in Nov of 03, but no replies. Has anyone else seen this, or have any ideas what is going on? I just upgraded to MailScanner 4.38.10 today, have been running 4.35.9 previously. Other details: Fedora Core 2, Postfix 2.1.5, ClamAV0.81. Scanning about 15-20k messages a day. Thanks. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From G.Pentland at SOTON.AC.UK Sun Feb 6 22:14:18 2005 From: G.Pentland at SOTON.AC.UK (Pentland G.) Date: Thu Jan 12 21:28:27 2006 Subject: Intermittent Blank Emails Message-ID: I've seen something similar, Always HTML, always sent by Outlook. If you view the message source via IMAP with your favourite client you should see that... The message is in fact intact and has all of the text in it. The plain text part of the message is fine. The HTML is blank in some clients as there is a badly written style sheet, that has an which I understand to mean if the client is not Microsoft. Outlook can't display because of this HTML bug but some other clients can. I first came across this on the 17th Of Jan and surprise, surprise there was a Microsoft HTML patch around then. It is my suspicion that this patch is the cause of it becoming visible but not the actual bug as if it was there would be noise on the net about it. I've been trying different versions of HTML::Parser and trying to reproduce without success. There is some suspicion (among my colleagues) of the phishing code. This is all very vague so if anyone else has some good solid testing to help narrow this down it will be appreciated. Answers on a postcard, Gary Greg Deputy wrote: > For the last few months I've been seeing intermittent messages that > are blank. Various senders, but the messages are usually HTML, and > when I ask the sender to resend, the message comes across. I'm now > starting to have other users report the same issue. > > When I check the logs I don't see anything out of the ordinary about > the blank message. > > I saw a post on this in the archives back in Nov of 03, but no > replies. > > > Has anyone else seen this, or have any ideas what is going on? > > I just upgraded to MailScanner 4.38.10 today, have been running > 4.35.9 previously. Other details: Fedora Core 2, Postfix 2.1.5, > ClamAV0.81. Scanning about 15-20k messages a day. > > Thanks. > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From andrew at DONEHUE.NET Mon Feb 7 00:38:32 2005 From: andrew at DONEHUE.NET (Andrew) Date: Thu Jan 12 21:28:27 2006 Subject: invalid queue file?? help! :( Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] It turns out that mailscanner doesn't like exim acl details in the email headers... I found this in the change log (does it mean that the issue is fixed? or is this an unrelated change?)- - Exim multiple ACLs now supported for SPF compatibility. Cheers, Andrew Andrew wrote: > Hi! > > I started getting this message in my maillog this afternoon - > > MailScanner[29869]: Batch: Ignoring invalid queue file for message > 1CxiUW-0007sC-6J-H > (find the contents below) > > I am using exim 4.3.x - what could be causing this error? (nothing has > changed :( ) - (I get this error for all messages). > > Any thought/help greatly appreciated. > > Thanks, > Andrew. > > charlie:/var/spool/exim4.in/input# cat 1CxiUW-0007sC-6J-H > 1CxiUW-0007sC-6J-H > root 0 0 > > 1107681244 0 > -helo_name 166-82-131-156.quickclick.ctc.net > -host_address 166.82.131.156.3877 > -host_name 166-82-131-156.quickclick.ctc.net > -interface_address x.x.x.x.25 > -received_protocol smtp > -acl 19 14 > 166.82.131.156 > -body_linecount 47 > -deliver_firsttime > XX > 3 > siteops@edited.com > travis@edited.com > bruce@edited.com > > 169P Received: from 166-82-131-156.quickclick.ctc.net ([166.82.131.156]) > by charlie.edited.com with smtp (Exim 4.34) > id 1CxiUW-0007sC-6J; Sun, 06 Feb 2005 20:14:05 +1100 > 058 X-Message-Info: V68RL558TFivipw7nGEipnJY31YWJ9uRIwhmJZ462 > 172P Received: from dns0usvi-realestate.com ([130.229.150.111]) by > zub789-7429.FSMXWAMIWITVRO@bulut.com with Microsoft > SMTPSVC(5.0.2195.0266); > Sun, 06 Feb 2005 01:11:55 -0800 > 138P Received: (from cling@localhost) > by lifetime3.FSMXWAMIWITVRO@bulut.com (2.59.7/7.07.4) id g147LpQ70587; > Sun, 06 Feb 2005 01:11:55 -0800 > 055I Message-ID: <337926862.83066@FSMXWAMIWITVRO@bulut.com> > 051R Reply-To: "Helen Swain" > 047F From: "Helen Swain" > 037T To: "Siteops" > 016 Subject: August > 038 Date: Sun, 06 Feb 2005 01:11:55 -0800 > 018 MIME-Version: 1.0 > 067 Content-Type: multipart/alternative; > boundary="--424793811057263" > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From carinus.carelse at MRC.AC.ZA Mon Feb 7 05:00:35 2005 From: carinus.carelse at MRC.AC.ZA (Carinus Carelse) Date: Thu Jan 12 21:28:27 2006 Subject: QuarantineReport Fixed Message-ID: jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From evertjan at VANRAMSELAAR.NL Mon Feb 7 06:39:27 2005 From: evertjan at VANRAMSELAAR.NL (Evert Jan van Ramselaar) Date: Thu Jan 12 21:28:27 2006 Subject: [Fwd: [Clamav-announce] announcing ClamAV 0.82] Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] ---------------------------- Original Message ---------------------------- Subject: [Clamav-announce] announcing ClamAV 0.82 From: "Luca Gibelli" Date: Sun, February 6, 2005 23:43 To: clamav-announce@lists.clamav.net -------------------------------------------------------------------------- Dear ClamAV users, this release adds generic detection of MS05-002 ("Vulnerability in Cursor and Icon Format Handling Could Allow Remote Code Execution") based exploits. Fixes include correct attachment scanning in e-mails generated by some Internet worms (broken in 0.81), removed false positive "Suspected.Zip" warning on non-standard zip archives created by ICEOWS, better proxy support in freshclam, and speed improvements. -- The ClamAV team (http://www.clamav.net/team.html) -- Luca Gibelli (luca at clamav.net) - http://www.ClamAV.net - A GPL virus scanner PGP Key Fingerprint: C782 121E 8C3A 90E3 7A87 D802 6277 8FF4 5EFC 5582 PGP Key Available on: Key Servers || http://www.clamav.net/gpg/nervoso.gpg _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-announce ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From devi.sambamoorthy at INMAIL.TRANQUILMONEY.COM Mon Feb 7 07:13:12 2005 From: devi.sambamoorthy at INMAIL.TRANQUILMONEY.COM (Devi) Date: Thu Jan 12 21:28:27 2006 Subject: Missing Mails Sendmail + ClamAV + Mailscanner Message-ID: Hi All, Some mails that reach my user community are missing. These are my relevant observations, 1. It is not a virus 2. It is not struck in any queue 3. The maillog (it is same for Mailscanner and Sendmail) reads something like, Feb 3 20:50:42 inmail sendmail[13093]: j13FKYEm013093: from=, size=140405, class=0, nrcpts=1, msgid=<008c01c50a05$09bc3250$031a10ac@GloriaPC>, proto=ESMTP, daemon=MTA, relay=abc.com [129.33.228.39] Feb 3 20:50:43 inmail sendmail[13133]: j13FKYEm013093: to=, delay=00:00:08, xdelay=00:00:00, mailer=local, pri=260405, dsn=2.0.0, stat=Sent Though the log says stat=sent the user is not receiving it. I verified the user's mail box (in server itself) it is not reaching him. 4. This mail is cc'ed to two other persons and they are receiving it. Please suggest what might have went wrong. My setup is this, White Box Enterprise Linux release 3.0 (Liberation Respin 1)+ Sendmail + MailScanner + ClamAV Thanks, Devi S. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dmehler26 at woh.rr.com Mon Feb 7 08:39:22 2005 From: dmehler26 at woh.rr.com (dave) Date: Thu Jan 12 21:28:27 2006 Subject: MailScanner 4.37 can not find sa Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, I'm running MailScanner on a FreeBSD 5.3 box. TOday i updated from 4.36 to 4.37 via ports, i also have SA 3.02 i believe is the version, yet MS is saying that the Spamassassin installation can not be found and no mail is being delivered. I'm using postfix as my MTA with the single queue setup. Aside from the update which went fine nothing else has changed. Any suggestions appreciated. Dave. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From adrik at SALESMANAGER.NL Mon Feb 7 09:12:15 2005 From: adrik at SALESMANAGER.NL (Adri Koppes) Date: Thu Jan 12 21:28:27 2006 Subject: Missing lines/scores from SA long report Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Since my last upgrade of MS to vertsion 4.37.7, I noticed sometimes there is information missing from the long spam report. It seems some lines are truncated and merged with the remainder of another line. Adri. Here's a snip from an affected email message: X-MailScanner-SpamCheck: spam, SpamAssassin (score=9.604, required 5, BAYES_50 0.00, FORGED_YAHOO_RCVD 2.70, HTML_30_40 0.02, HTML_MESSAGE 0.00, RCVD_IN_BL_NIGERIA_NET 5.00, RCVD_IN_BL_SPAMCOP_NET 1.22, SUBJ_ALL_CAPS 0.67, UPPERCASE_75_100 0.00) X--MailScanner-SpamScore: 9 X-MailScanner-From: xxxxxxxx@yahoo.com X-MailScanner-To: xxxx@salesmanager.nl This is a multi-part message in MIME format... --======18019==27509====== Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Our MailScanner believes that the attachment to this message sent to = you =20 To: xxxx@salesmanager.nl From: xxxxxxxx@yahoo.com Subject: MAIL ORDER................. is Unsolicited Commercial Email (spam). Unless you are sure that this = message is incorrectly thought to be spam, please delete this message without = opening it. Opening spam messages might allow the spammer to verify your email address. If you believe that this message has been incorrectly marked as spam, = please forward this email to postmaster. pts rule name description ---- ---------------------- = -------------------------------------------------- 0.7 SUBJ_ALL_CAPS Subject is all capitals 2.7 FORGED_YAHOO_RCVD 'From' yahoo.com does not match 'Received' = headers 0.0 HTML_30_40 BODY: Message is 30 HTML 0.0 HTML_MESSAGE BODY: HTML included in message 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60 = uppercase --======18019==27509====== ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Feb 7 09:27:54 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:27 2006 Subject: OT: SA 3.0.2 add on rules. Message-ID: Mike lots of the SARE rules, .. oh here's the listing.. 70_sare_adult.cf 88_FVGT_uri.cf 70_sare_bayes_poison_nxm.cf 99_FVGT_Tripwire.cf 70_sare_genlsubj.cf 99_FVGT_meta.cf 70_sare_header.cf 99_sare_fraud_post25x.cf 70_sare_html.cf 70_sare_oem.cf backhair.cf 70_sare_random.cf bogus-virus-warnings.cf 70_sare_specific.cf chickenpox.cf 70_sare_spoof.cf evilnumbers.cf 70_sare_unsub.cf 70_sare_uri.cf 72_sare_bml_post25x.cf mangled.cf 72_sare_redirect_post3.0.0.cf random.cf 88_FVGT_body.cf 88_FVGT_headers.cf tripwire.cf 88_FVGT_rawbody.cf weeds.cf 88_FVGT_subject.cf In my local.cf I've got lots of osbufacted rules from.. http://sandgnat.com/cmos/cmos.jsp and some pre generated ones from.... http://tinyurl.com/3rrrl ("obfuscated only" wordlist for words like mortgage) http://tinyurl.com/4wmzt (badwords wordlist) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Mike Tremaine wrote: > Just wondering what other sets [IE SARE, etc] people are using with SA > 3+ [3.0.2]. I upgraded most of the mail servers I control last month > from 2.6 to 3.0.2 and removed all the extra .cf files I had installed > just to see how it was out of the box. > > Other then Stock Picking spam and some Pill ads it seems to be pretty > good. But I think it is time to add some extra rules again. > > Thanks, > > -- > Mike Tremaine > mgt@stellarcore.net > http://www.stellarcore.net > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Feb 7 09:33:40 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:27 2006 Subject: MailScanner 4.37 can not find sa Message-ID: Dave try running in debug mode.... Stop MS, edit MailScanner.conf - chage both debug entries to 'YES', and run checkmailscanner. Was SA installed by hand (or CPAN), or from ports? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 dave wrote: > Hello, > I'm running MailScanner on a FreeBSD 5.3 box. TOday i updated from 4.36 > to 4.37 via ports, i also have SA 3.02 i believe is the version, yet MS is > saying that the Spamassassin installation can not be found and no mail is > being delivered. I'm using postfix as my MTA with the single queue setup. > Aside from the update which went fine nothing else has changed. > Any suggestions appreciated. > Dave. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Mon Feb 7 09:43:42 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:28:27 2006 Subject: OT: SA 3.0.2 add on rules. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin Hepworth wrote: > Mike > > lots of the SARE rules, .. oh here's the listing.. > Martin, From your experience and results how effective are these? and what is the resource usage like? 88_FVGT_body.cf 88_FVGT_headers.cf 88_FVGT_rawbody.cf 88_FVGT_subject.cf 88_FVGT_uri.cf 99_FVGT_Tripwire.cf 99_FVGT_meta.cf and for these as well.. weeds.cf weeds2.cf - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From carinus.carelse at MRC.AC.ZA Mon Feb 7 09:33:59 2005 From: carinus.carelse at MRC.AC.ZA (Carinus Carelse) Date: Thu Jan 12 21:28:27 2006 Subject: MailWatch Query Message-ID: I do not want to release my quaratine messages from the localhost where can I point MailWatch to the real interface address. Warning: fsockopen(): unable to connect to 127.0.0.1:25 in /mailwatch/mailscanner2/pear/Net/Socket.php on line 108 Carinus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Feb 7 10:02:03 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:27 2006 Subject: OT: SA 3.0.2 add on rules. Message-ID: Dhawal hmm might be time to trim down a little according to my stats .... alot of the FH_ rules aren't getting hit much.... sigh - more work.. My emails gets scanned in 2 seconds and my system can process around 6,000 an hour when I only have around 3,500 per day max. So I've gots lof capacity to burn...so it's not a big priority, but I will put it on th todo list.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Dhawal Doshy wrote: > Martin Hepworth wrote: > >> Mike >> >> lots of the SARE rules, .. oh here's the listing.. >> > > Martin, > > From your experience and results how effective are these? and what is > the resource usage like? > > 88_FVGT_body.cf > 88_FVGT_headers.cf > 88_FVGT_rawbody.cf > 88_FVGT_subject.cf > 88_FVGT_uri.cf > 99_FVGT_Tripwire.cf > 99_FVGT_meta.cf > > and for these as well.. > weeds.cf > weeds2.cf > > - dhawal > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Mon Feb 7 10:12:23 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:27 2006 Subject: BUG: handling of silent virusses in zips Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Mon, February 7, 2005 10:02, Peter Peters said: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, > > I think I noticed an error in the handling of (silent) virusses in zips. > When I receive a virus in a zip and I have configured MS not to > quarantaine silent virusses it does not quarantaine the virus (GOOD) but > it still sends the recipient a message claiming to have quarantained the > message and telling the recipient he can contact the helpdesk to get the > message (BAD). > > The relevant config parameters: > Maximum Archive Depth = 0 > Find Archives By Content = yes > Virus Scanning = yes > Silent Viruses = HTML-IFrame All-Viruses > Still Deliver Silent Viruses = yes Try turning this to no ^^^^^^^^^^^^^ I think that may well do waht you want. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Mon Feb 7 11:35:20 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:27 2006 Subject: MailWatch Query Message-ID: As said in the MW-list, you can change detail.php for pears Mail::factory so that you pass an array of settings... and only set the host. With my changes you can have a line define(QUARANTINE_MAIL_HOST, 'mail.example.com'); in conf.php, where you set the relevant name for your servers IF. The relevant diff looks like this: --- detail.php.old 2004-02-03 01:16:29.000000000 +0100 +++ detail.php 2005-02-07 12:34:42.024702556 +0100 @@ -259,9 +259,11 @@ $mime->addAttachment($quarantined[$val]['path'], $quarantined[$val]['type' ], $quarantined[$val]['file'], true); } } + // Fix by Glenn Steen, to set an arbitrary smtp host + $mail_param = array('localhost' => QUARANTINE_MAIL_HOST); $body = $mime->get(); $hdrs = $mime->headers($hdrs); - $mail =& Mail::factory('smtp'); + $mail =& Mail::factory('smtp',$mail_param); // Send to the original recipient(s) or to an alternate address if(($_GET['alt_recpt_yn'] == "y")) { $to = $_GET['alt_recpt']; Cheers -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Carinus Carelse > Sent: den 7 februari 2005 10:34 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: MailWatch Query > > > I do not want to release my quaratine messages from the > localhost where > can I point MailWatch to the real interface address. > > Warning: fsockopen(): unable to connect to 127.0.0.1:25 in > /mailwatch/mailscanner2/pear/Net/Socket.php on line 108 > > > Carinus > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joan.bryan at KCL.AC.UK Mon Feb 7 12:11:26 2005 From: joan.bryan at KCL.AC.UK (Joan Bryan) Date: Thu Jan 12 21:28:27 2006 Subject: invalid queue file?? help! :( Message-ID: Hi We are running MailScanner-4.34-8 and this problem no longer occurs with exim. If you can't upgrade lib/MailScanner/exim.pm is the file that needs to be altered. Also just delete the invalid queue files, they are just spam. Joan On Sun, 6 Feb 2005 20:24:28 +1100 Andrew wrote: > Hi! > > I started getting this message in my maillog this afternoon - > > MailScanner[29869]: Batch: Ignoring invalid queue file for message > 1CxiUW-0007sC-6J-H > (find the contents below) > > I am using exim 4.3.x - what could be causing this error? (nothing has > changed :( ) - (I get this error for all messages). > > Any thought/help greatly appreciated. > > Thanks, > Andrew. > > charlie:/var/spool/exim4.in/input# cat 1CxiUW-0007sC-6J-H > 1CxiUW-0007sC-6J-H > root 0 0 > > 1107681244 0 > -helo_name 166-82-131-156.quickclick.ctc.net > -host_address 166.82.131.156.3877 > -host_name 166-82-131-156.quickclick.ctc.net > -interface_address x.x.x.x.25 > -received_protocol smtp > -acl 19 14 > 166.82.131.156 > -body_linecount 47 > -deliver_firsttime > XX > 3 > siteops@edited.com > travis@edited.com > bruce@edited.com > > 169P Received: from 166-82-131-156.quickclick.ctc.net ([166.82.131.156]) > by charlie.edited.com with smtp (Exim 4.34) > id 1CxiUW-0007sC-6J; Sun, 06 Feb 2005 20:14:05 +1100 > 058 X-Message-Info: V68RL558TFivipw7nGEipnJY31YWJ9uRIwhmJZ462 > 172P Received: from dns0usvi-realestate.com ([130.229.150.111]) by > zub789-7429.FSMXWAMIWITVRO@bulut.com with Microsoft SMTPSVC(5.0.2195.0266); > Sun, 06 Feb 2005 01:11:55 -0800 > 138P Received: (from cling@localhost) > by lifetime3.FSMXWAMIWITVRO@bulut.com (2.59.7/7.07.4) id g147LpQ70587; > Sun, 06 Feb 2005 01:11:55 -0800 > 055I Message-ID: <337926862.83066@FSMXWAMIWITVRO@bulut.com> > 051R Reply-To: "Helen Swain" > 047F From: "Helen Swain" > 037T To: "Siteops" > 016 Subject: August > 038 Date: Sun, 06 Feb 2005 01:11:55 -0800 > 018 MIME-Version: 1.0 > 067 Content-Type: multipart/alternative; > boundary="--424793811057263" > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ---------------------- Joan Bryan Unix Systems Administrator Information Systems Telephone: +44 (0) 20 7848 2671 mailto:joan.bryan@kcl.ac.uk ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From carinus.carelse at MRC.AC.ZA Mon Feb 7 12:33:56 2005 From: carinus.carelse at MRC.AC.ZA (Carinus Carelse) Date: Thu Jan 12 21:28:27 2006 Subject: MailWatch Query Message-ID: Ja thank you I had no idea it would forward to this list as well. I am gona test it now. Carinus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at FRACTALWEB.COM Mon Feb 7 15:43:01 2005 From: itdept at FRACTALWEB.COM (Fractal IT Dept.) Date: Thu Jan 12 21:28:27 2006 Subject: Bayes and spam increase? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi everyone! We've noticed an increase in the number of spam sneaking through with scores "just under" our threshold. After looking through the headers for these messages, I've noticed that bayes seems to have "no opinion" on the majority of these (ie. no bayes entry). Am I missing something? I thought bayes would score every message? Thanks. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at FRACTALWEB.COM Mon Feb 7 15:46:59 2005 From: itdept at FRACTALWEB.COM (Fractal IT Dept.) Date: Thu Jan 12 21:28:27 2006 Subject: Intermittent Blank Emails Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] We've experienced a few blank "zen mails" as well. In one case I saw Outlook 2003 pop up it's little summary in the bottom-right that DID have part of the message body, but then the message was blank; this was Outlook 2000 sending to Outlook 2003. In other cases, we've had people complain that HTML messages from Outlook Express arrived at another Outlook Express but weer blank. I have no idea what the cause might be. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Feb 7 15:47:57 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:27 2006 Subject: Bayes and spam increase? Message-ID: Hi mean bayes found no tokens in the message that it has in it's database. what sort of emails are these? Are you using the URI-RBLs, or any extra rules ontop ofthe base SA ones? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Fractal IT Dept. wrote: > Hi everyone! > > We've noticed an increase in the number of spam sneaking through with > scores "just under" our threshold. After looking through the headers for > these messages, I've noticed that bayes seems to have "no opinion" on > the majority of these (ie. no bayes entry). Am I missing something? I > thought bayes would score every message? > > Thanks. > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From G.Pentland at SOTON.AC.UK Mon Feb 7 15:56:32 2005 From: G.Pentland at SOTON.AC.UK (Pentland G.) Date: Thu Jan 12 21:28:27 2006 Subject: Intermittent Blank Emails Message-ID: In a newer developement it appears I have some more evidence. I turned off the "phishing" stuff and we haven't had another report. I'm still not fully convinced, I'm going to turn it back on and see if the reports start again... If they do then a newer version of MailScanner to be installed. If that doesn't solve it, it'll be back to Julian with my testing report for him to comment. If the reports don't restart when phishing goes back on then I don't where I'll be. Gary Fractal IT Dept. wrote: > We've experienced a few blank "zen mails" as well. In one case I saw > Outlook 2003 pop up it's little summary in the bottom-right that DID > have part of the message body, but then the message was blank; this > was Outlook 2000 sending to Outlook 2003. In other cases, we've had > people complain that HTML messages from Outlook Express arrived at > another Outlook Express but weer blank. > > I have no idea what the cause might be. > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dmehler26 at woh.rr.com Mon Feb 7 15:57:20 2005 From: dmehler26 at woh.rr.com (dave) Date: Thu Jan 12 21:28:27 2006 Subject: MailScanner 4.37 can not find sa Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, Thank you for your response. I stopped MailScanner enabled the debug options and have some information although i don't understand it. When MS starts i get the message "Spamassassin installation could not be found at /usr/local/lib/MailScanner/MailScanner/SA.pm line 119" I am confused. These packages are on here via the ports system so MS should see SA. Thanks. Dave. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Mon Feb 7 16:23:33 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:27 2006 Subject: Bayes and spam increase? Message-ID: At 10:43 AM 2/7/2005, Fractal IT Dept. wrote: >Hi everyone! > >We've noticed an increase in the number of spam sneaking through with >scores "just under" our threshold. After looking through the headers for >these messages, I've noticed that bayes seems to have "no opinion" on the >majority of these (ie. no bayes entry). Am I missing something? I thought >bayes would score every message? That's not entirely true, especially for the 2.6 series.. in 2.6x or 2.5x, In those any "no matches" or other 50/50 chance does not get a BAYES_ rule match. Can you tell us what version of SpamAssassin you are using? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Feb 7 16:56:24 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:27 2006 Subject: Missing BAYES??? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Chris Conn wrote: >> >> not in my experiance. the bayes system should tag all emails. >> >> I'd make sure MS is doing the re-sync of the bayes DB itself and an >> outside cron isn't trying to do this... >> >> In MainScanner.conf its the rebuild bayes options you need to set >> correctly and make sure it's set to wait while this happens as well. > > > Hello, > > This is what I have: > > Rebuild Bayes Every = 259200 > > Wait During Bayes Rebuild = yes > > Out of 4975 messages marked as possible spam today, only 4842 had > BAYES_XXX scores attached, the rest having a bunch of spamassassin > scores but no BAYES. > > Chris > That is a long Bayes rebuild interval. Maybe it is just taking a long time to rebuild. -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MHewryk at SYMCOR.COM Mon Feb 7 18:22:41 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:27 2006 Subject: Bayes and spam increase? Message-ID: Yes, I've got a lot untagged spam email on the weekend. I found BAYES_00 -2.60 attached to all of them. Thanks, Magda Matt Kettler To Sent by: MAILSCANNER@JISCMAIL.AC.UK MailScanner cc mailing list Re: Bayes and spam increase? 02/07/2005 11:23 AM Please respond to MailScanner mailing list At 10:43 AM 2/7/2005, Fractal IT Dept. wrote: >Hi everyone! > >We've noticed an increase in the number of spam sneaking through with >scores "just under" our threshold. After looking through the headers for >these messages, I've noticed that bayes seems to have "no opinion" on the >majority of these (ie. no bayes entry). Am I missing something? I thought >bayes would score every message? That's not entirely true, especially for the 2.6 series.. in 2.6x or 2.5x, In those any "no matches" or other 50/50 chance does not get a BAYES_ rule match. Can you tell us what version of SpamAssassin you are using? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Mon Feb 7 18:26:26 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:27 2006 Subject: You can't score AWL manually Message-ID: I asked before about the AWL score. I was told I could not score it but to tun off "use_auto_whitelist". I have searched high and low and can not find this setting. I have found "SpamAssassin Auto Whitelist = " I have changed it to no and reloaded (/etc/init.d/MailScanner reload). We are still getting spam passed because the AWL score brings it down over two points. This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nmeverde at NP.K12.MN.US Mon Feb 7 18:48:01 2005 From: nmeverde at NP.K12.MN.US (Nick Meverden) Date: Thu Jan 12 21:28:27 2006 Subject: You can't score AWL manually Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > I asked before about the AWL score. I was told I could not score it but > to tun off "use_auto_whitelist". I have searched high and low and can > not find this setting. I have found "SpamAssassin Auto Whitelist = " I > have changed it to no and reloaded (/etc/init.d/MailScanner reload). We > are still getting spam passed because the AWL score brings it down over > two points. edit spam.assassin.prefs.conf and add use_auto_whitelist 0 then reload mailscanner ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Mon Feb 7 18:37:39 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:27 2006 Subject: You can't score AWL manually Message-ID: At 01:26 PM 2/7/2005, David Curtis wrote: >I asked before about the AWL score. I was told I could not score it but >to tun off "use_auto_whitelist". I have searched high and low and can >not find this setting. I have found "SpamAssassin Auto Whitelist = " I >have changed it to no and reloaded (/etc/init.d/MailScanner reload). We >are still getting spam passed because the AWL score brings it down over >two points. If you are using SA 3.0.x you MUST use the "use_auto_whitelist" setting. This is a SpamAssassin setting, not a MailScanner setting, so put it in your /etc/mail/spamassassin/local.cf. The MailScanner.conf "SpamAssassin Auto Whitelist" setting only works for SpamAssassin versions prior to 3.0.0. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Mon Feb 7 18:41:08 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:28:27 2006 Subject: Bayes and spam increase? Message-ID: This sounds like the "bayes poisoning" issue that has been discussed numerous times on this list. I've kept the following in my spam.assassin.prefs.conf file: score BAYES_00 0 0 -0.05 -0.05 score BAYES_01 0 0 -0.04 -0.04 score BAYES_10 0 0 -0.03 -0.03 score BAYES_20 0 0 -0.02 -0.02 score BAYES_30 0 0 -0.01 -0.01 I don't trust Bayes enough to let it substantially lower a score -- only to increase a score. Jeff Earickson Colby College On Mon, 7 Feb 2005, Magda Hewryk wrote: > Date: Mon, 7 Feb 2005 13:22:41 -0500 > From: Magda Hewryk > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Bayes and spam increase? > > Yes, I've got a lot untagged spam email on the weekend. I found BAYES_00 > -2.60 attached to all of them. > > > Thanks, > > Magda > > > > Matt Kettler > .COM> To > Sent by: MAILSCANNER@JISCMAIL.AC.UK > MailScanner cc > mailing list > MAIL.AC.UK> Re: Bayes and spam increase? > > > 02/07/2005 11:23 > AM > > > Please respond to > MailScanner > mailing list > MAIL.AC.UK> > > > > > > > At 10:43 AM 2/7/2005, Fractal IT Dept. wrote: >> Hi everyone! >> >> We've noticed an increase in the number of spam sneaking through with >> scores "just under" our threshold. After looking through the headers for >> these messages, I've noticed that bayes seems to have "no opinion" on the >> majority of these (ie. no bayes entry). Am I missing something? I thought >> bayes would score every message? > > That's not entirely true, especially for the 2.6 series.. in 2.6x or 2.5x, > In those any "no matches" or other 50/50 chance does not get a BAYES_ rule > match. > > Can you tell us what version of SpamAssassin you are using? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Mon Feb 7 18:44:32 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:27 2006 Subject: You can't score AWL manually Message-ID: I do have the newest stable of SpamAssassin. Do I need to reload spamassassin in any way or just reload MailScanner? Thanks. >>> mkettler@EVI-INC.COM 2/7/2005 1:37:39 PM >>> At 01:26 PM 2/7/2005, David Curtis wrote: >I asked before about the AWL score. I was told I could not score it but >to tun off "use_auto_whitelist". I have searched high and low and can >not find this setting. I have found "SpamAssassin Auto Whitelist = " I >have changed it to no and reloaded (/etc/init.d/MailScanner reload). We >are still getting spam passed because the AWL score brings it down over >two points. If you are using SA 3.0.x you MUST use the "use_auto_whitelist" setting. This is a SpamAssassin setting, not a MailScanner setting, so put it in your /etc/mail/spamassassin/local.cf. The MailScanner.conf "SpamAssassin Auto Whitelist" setting only works for SpamAssassin versions prior to 3.0.0. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Feb 7 18:36:50 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:27 2006 Subject: You can't score AWL manually Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] David Curtis wrote: > I asked before about the AWL score. I was told I could not score it but > to tun off "use_auto_whitelist". I have searched high and low and can > not find this setting. I have found "SpamAssassin Auto Whitelist = " I > have changed it to no and reloaded (/etc/init.d/MailScanner reload). We > are still getting spam passed because the AWL score brings it down over > two points. Look in /etc/MailScanner/spam.assassin.prefs.conf use_auto_whitelist 0 ( or 1 to enable) -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Mon Feb 7 18:39:42 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:28:27 2006 Subject: sms.ac Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, My users (including me) are complaining about recieving bogus invitations from sms.ac . Anyone getting those? I blocked them at MTA level, but I'm not sure if that is the best move to handle them. Thanks, Ugo ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Mon Feb 7 18:52:07 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:27 2006 Subject: You can't score AWL manually Message-ID: At 01:44 PM 2/7/2005, David Curtis wrote: >I do have the newest stable of SpamAssassin. Do I need to reload >spamassassin in any way or just reload MailScanner? >Thanks. Just MailScanner... Since MailScanner loads SA directly at the perl API level, the running copy of SA is actually internal to MailScanner. MS has no dependency on the spamd tool that some other integration tools use. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Mon Feb 7 18:54:49 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:27 2006 Subject: You can't score AWL manually Message-ID: I have added the use_auto_whitelist 0 to MailScanner.conf and it did not like it. I added it to the Spamassassin local.conf. I will keep an eye on it and see if I get any more AWL. Thanks. >>> ssilva@SGVWATER.COM 2/7/2005 1:36:50 PM >>> David Curtis wrote: > I asked before about the AWL score. I was told I could not score it but > to tun off "use_auto_whitelist". I have searched high and low and can > not find this setting. I have found "SpamAssassin Auto Whitelist = " I > have changed it to no and reloaded (/etc/init.d/MailScanner reload). We > are still getting spam passed because the AWL score brings it down over > two points. Look in /etc/MailScanner/spam.assassin.prefs.conf use_auto_whitelist 0 ( or 1 to enable) -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Mon Feb 7 18:56:20 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:27 2006 Subject: You can't score AWL manually Message-ID: Thank you. >>> mkettler@EVI-INC.COM 2/7/2005 1:52:07 PM >>> At 01:44 PM 2/7/2005, David Curtis wrote: >I do have the newest stable of SpamAssassin. Do I need to reload >spamassassin in any way or just reload MailScanner? >Thanks. Just MailScanner... Since MailScanner loads SA directly at the perl API level, the running copy of SA is actually internal to MailScanner. MS has no dependency on the spamd tool that some other integration tools use. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Mon Feb 7 19:00:26 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:27 2006 Subject: see score for every e-mail. Message-ID: Is there a way to log the spamassassin score of every e-mail in the log? This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Mon Feb 7 19:07:10 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:28:27 2006 Subject: sms.ac Message-ID: Sure, I've been seeing a ton of them over the weekend -- all rejected by sbl-xbl.spamhaus.org at my MTA. Ho hum. Jeff Earickson Colby College On Mon, 7 Feb 2005, Ugo Bellavance wrote: > Date: Mon, 7 Feb 2005 13:39:42 -0500 > From: Ugo Bellavance > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: sms.ac > > Hi, > > My users (including me) are complaining about recieving bogus > invitations from sms.ac . Anyone getting those? I blocked them at MTA > level, but I'm not sure if that is the best move to handle them. > > Thanks, > > Ugo > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MHewryk at SYMCOR.COM Mon Feb 7 19:06:44 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:27 2006 Subject: Bayes and spam increase? Message-ID: Thanks! I'll do the same. Thanks, Magda "Jeff A. Earickson" MAILSCANNER@JISCMAIL.AC.UK Sent by: cc MailScanner mailing list Subject 02/07/2005 01:41 PM Please respond to MailScanner mailing list This sounds like the "bayes poisoning" issue that has been discussed numerous times on this list. I've kept the following in my spam.assassin.prefs.conf file: score BAYES_00 0 0 -0.05 -0.05 score BAYES_01 0 0 -0.04 -0.04 score BAYES_10 0 0 -0.03 -0.03 score BAYES_20 0 0 -0.02 -0.02 score BAYES_30 0 0 -0.01 -0.01 I don't trust Bayes enough to let it substantially lower a score -- only to increase a score. Jeff Earickson Colby College On Mon, 7 Feb 2005, Magda Hewryk wrote: > Date: Mon, 7 Feb 2005 13:22:41 -0500 > From: Magda Hewryk > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Bayes and spam increase? > > Yes, I've got a lot untagged spam email on the weekend. I found BAYES_00 > -2.60 attached to all of them. > > > Thanks, > > Magda > > > > Matt Kettler > .COM> To > Sent by: MAILSCANNER@JISCMAIL.AC.UK > MailScanner cc > mailing list > MAIL.AC.UK> Re: Bayes and spam increase? > > > 02/07/2005 11:23 > AM > > > Please respond to > MailScanner > mailing list > MAIL.AC.UK> > > > > > > > At 10:43 AM 2/7/2005, Fractal IT Dept. wrote: >> Hi everyone! >> >> We've noticed an increase in the number of spam sneaking through with >> scores "just under" our threshold. After looking through the headers for >> these messages, I've noticed that bayes seems to have "no opinion" on the >> majority of these (ie. no bayes entry). Am I missing something? I thought >> bayes would score every message? > > That's not entirely true, especially for the 2.6 series.. in 2.6x or 2.5 x, > In those any "no matches" or other 50/50 chance does not get a BAYES_ rule > match. > > Can you tell us what version of SpamAssassin you are using? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Mon Feb 7 19:12:29 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:28:27 2006 Subject: You can't score AWL manually Message-ID: David Curtis wrote: > I have added the use_auto_whitelist 0 to MailScanner.conf and it did > not like it. I added it to the Spamassassin local.conf. I will keep an > eye on it and see if I get any more AWL. > > Thanks. > >>>> ssilva@SGVWATER.COM 2/7/2005 1:36:50 PM >>> > David Curtis wrote: >> I asked before about the AWL score. I was told I could not score it >> but to tun off "use_auto_whitelist". I have searched high and low >> and can not find this setting. I have found "SpamAssassin Auto >> Whitelist = " I have changed it to no and reloaded >> (/etc/init.d/MailScanner reload). We are still getting spam passed >> because the AWL score brings it down over two points. > > Look in /etc/MailScanner/spam.assassin.prefs.conf > use_auto_whitelist 0 ( or 1 to enable) No, not MailScanner.conf, put it in /etc/MailScanner/spam.assassin.prefs.conf. May work fine in local.conf as well, never tried it there... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Mon Feb 7 19:13:25 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:27 2006 Subject: see score for every e-mail. Message-ID: At 02:00 PM 2/7/2005, David Curtis wrote: >Is there a way to log the spamassassin score of every e-mail in the >log? MailScanner.conf: # Do you want all non-spam to be logged? Useful if you want to see # all the SpamAssassin reports of mail that was marked as non-spam. # Note: It will generate a lot of log traffic. Log Non Spam = yes ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From magnus.moren at CITE.HH.SE Mon Feb 7 19:11:55 2005 From: magnus.moren at CITE.HH.SE (Magnus [ISO-8859-1] Morén) Date: Thu Jan 12 21:28:27 2006 Subject: see score for every e-mail. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Mon, 2005-02-07 at 14:00 -0500, David Curtis wrote: > Is there a way to log the spamassassin score of every e-mail in the > log? Try the first (or both of those): MailScanner.conf # Do you want all spam to be logged? Useful if you want to gather # spam statistics from your logs, but can increase the system load quite # a bit if you get a lot of spam. Log Spam = no # Do you want all non-spam to be logged? Useful if you want to see # all the SpamAssassin reports of mail that was marked as non-spam. # Note: It will generate a lot of log traffic. Log Non Spam = no -- Magnus Morén___________________________________________________________ Network and Computer Centre/CITE,Halmstad University, Tel:+46 35 167383 P.O Box 823, 301 18 Halmstad, SWEDEN email: magnus.moren@cite.hh.se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Mon Feb 7 19:38:54 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:27 2006 Subject: see score for every e-mail. Message-ID: Thanks. Don't know why I kept missing that. >>> mkettler@EVI-INC.COM 2/7/2005 2:13:25 PM >>> At 02:00 PM 2/7/2005, David Curtis wrote: >Is there a way to log the spamassassin score of every e-mail in the >log? MailScanner.conf: # Do you want all non-spam to be logged? Useful if you want to see # all the SpamAssassin reports of mail that was marked as non-spam. # Note: It will generate a lot of log traffic. Log Non Spam = yes ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From webalizer at NWCWEB.COM Mon Feb 7 19:53:33 2005 From: webalizer at NWCWEB.COM (Dave Duffner - NWCWEB.com) Date: Thu Jan 12 21:28:27 2006 Subject: Speaking of AWL... Message-ID: Greetings, Been following the AWL threads hoping there might be a clue for my problem, using MS 2.6.XX w/Ensim Pro so upgrading to 3.XX isn't an easy option as any Ensim upgrades will trash most of it: Randomly, without any plausible explanations we can find, I'll get e-mail tagged as SpamAssassin high scoring because of an AWL of like 80-90 range. We use a lower-scoring system than most, so any adjustment like this is way over the top. Strange part is that it's a positive adjustment of like 89 or 91? Not a negative? Still have no complete grip on the AWL and where it thinks it's getting it's information from. We have both the SA & MS packages running, we do have things whitelisted, but we're talking a random adjustment with no patterns. Sometimes not even on a valid whitelisted account (I think one time that way). Any clues on what to look for or adjust to change why that would be happening? Thanks! David J. Duffner VP Operations NWCWEB www.nwcweb.com -- Message scanned by MailScanner, and is believed to be clean. CONFIDENTIALITY NOTICE: This transmission intended for the specified destination and person. If this is not you, this e-mail must be deleted immediately. www.nwcweb.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jd at BENTECMED.COM Mon Feb 7 20:14:41 2005 From: jd at BENTECMED.COM (JD) Date: Thu Jan 12 21:28:27 2006 Subject: Mail not forwarding to mailserver after being scanned. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] After I installed the new sendmail 8.13 It seems to be ignoring the mailertable feature and not pushing the email to the correct ip. My maillog is telling me that it is trying to push the email to the domain again which just loops it back to itself. Maillog is showing the ip address of the domain instead of the mailserver specified in the mailertable. Any reason why this could be happening? mailertable reads bentecmed.com smtp:[192.168.1.4] Feb 7 11:42:48 localhost sendmail[1541]: j17JgHdS001528: SYSERR(root): mail.bentecmed.com. config error: mail loops back to me (MX problem?) Feb 7 11:42:48 localhost sendmail[1541]: j17JgHdS001528: to=jd@bentecmed.com, delay=00:00:11, xdelay=00:00:00, mailer=esmtp, pri=120003, relay=mail.bentecmed.com. [64.57.104.140], dsn=5.3.5, stat=Local configuration error Feb 7 11:42:48 localhost sendmail[1541]: j17JgHdS001528: SYSERR(root): hash map "Alias0": missing map file /etc/mail/aliases.db: No such file or directory I used the command makemap hash /etc/mail/mailertable < /etc/mail/mailertable to create the db which should be correct, so im not exactly sure what the problem is. -JD ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Mon Feb 7 20:18:12 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:27 2006 Subject: Speaking of AWL... Message-ID: At 02:53 PM 2/7/2005, Dave Duffner - NWCWEB.com wrote: > Randomly, without any plausible explanations we >can find, I'll get e-mail tagged as SpamAssassin high >scoring because of an AWL of like 80-90 range. We >use a lower-scoring system than most, so any adjustment >like this is way over the top. > > Strange part is that it's a positive adjustment >of like 89 or 91? High positive scores would tend to indicate GTUBE hangover, something which is fixed in SA 3.0, but 2.6 suffers from. > Not a negative? First, the AWL is *not* a whitelist. It's a score avenger, and has both black and white effects. People who have in the past sent low-scoring emails get any high-scoring emails pushed down. People who send lots of spam get any low-scoring emails pushed up. That said, there's no reason to expect negative only scores from the AWL. In fact, you may even see positive scores in nonspam, and negative scores in spam, and that's normal in many cases See: http://wiki.apache.org/spamassassin/AwlWrongWay > Still have no complete grip on the AWL and where >it thinks it's getting it's information from. Read the FAQ on the AWL for details of how it works: http://wiki.apache.org/spamassassin/AutoWhitelist ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From davidb at UNIQUEPHOTO.COM Mon Feb 7 20:35:34 2005 From: davidb at UNIQUEPHOTO.COM (David Ballengee) Date: Thu Jan 12 21:28:27 2006 Subject: Spam detection software, running on the system ", has Message-ID: I am reletively new to mail scanner and spamassassin. Anyway I am getting alot of message with Spam detection software, running on the system "", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. anyway is this normal? Is this just the system learning?? thanks Dave ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From webalizer at NWCWEB.COM Mon Feb 7 21:08:10 2005 From: webalizer at NWCWEB.COM (Dave Duffner - NWCWEB.com) Date: Thu Jan 12 21:28:27 2006 Subject: Speaking of AWL... Message-ID: Matt, So then I'll ask the obvious as I read those links you posted (thanks!)... Is it better to turn off the AWL feature of either MS or SA and just maintain our own white/black lists using 2.6? Is there any real benefit to AWL'ing if we have our own maintained list of what's kosher in our servers? We're not talking huge loads of clients here, so hands-on is not a problem. We'd upgrade, but any time Ensim tosses out a semi- related patch or upgrade that contains any element of MS or SA it likes to eat settings and generally foul things up resulting in massive reworks. Thanks! Dave > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Matt Kettler > Sent: Monday, February 07, 2005 3:18 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Speaking of AWL... > > > At 02:53 PM 2/7/2005, Dave Duffner - NWCWEB.com wrote: > > Randomly, without any plausible explanations we > >can find, I'll get e-mail tagged as SpamAssassin high > >scoring because of an AWL of like 80-90 range. We > >use a lower-scoring system than most, so any adjustment > >like this is way over the top. > > > > Strange part is that it's a positive adjustment > >of like 89 or 91? > > > High positive scores would tend to indicate GTUBE hangover, > something which is fixed in SA 3.0, but 2.6 suffers from. > > > > Not a negative? > > First, the AWL is *not* a whitelist. It's a score avenger, > and has both black and white effects. People who have in the > past sent low-scoring emails get any high-scoring emails > pushed down. People who send lots of spam get any low-scoring > emails pushed up. > > That said, there's no reason to expect negative only scores > from the AWL. In fact, you may even see positive scores in > nonspam, and negative scores in spam, and that's normal in many cases > > See: > http://wiki.apache.org/spamassassin/AwlWrongWay > > > > > Still have no complete grip on the AWL and where > >it thinks it's getting it's information from. > > > Read the FAQ on the AWL for details of how it works: > http://wiki.apache.org/spamassassin/AutoWhitelist > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' > in the body of the email. Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > Message scanned by MailScanner, and is believed to be clean. > CONFIDENTIALITY NOTICE: This transmission intended for the > specified destination and person. If this is not you, this > e-mail must be deleted immediately. www.nwcweb.com > -- Message scanned by MailScanner, and is believed to be clean. CONFIDENTIALITY NOTICE: This transmission intended for the specified destination and person. If this is not you, this e-mail must be deleted immediately. www.nwcweb.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raylund.lai at KANKANWOO.COM Mon Feb 7 21:13:41 2005 From: raylund.lai at KANKANWOO.COM (Raylund Lai) Date: Thu Jan 12 21:28:27 2006 Subject: MailScanner 4.37 can not find sa Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I've the regretting experience yesterday too. :( I've to pkg_deinstall -r perl and re-install all ports starting from perl again. But after I rescue the server, I read/found the information on /usr/ports/UPDATING with the following: --- 20050201: AFFECTS: users of lang/perl5 and lang/perl5.8 AUTHOR: tobez@FreeBSD.org lang/perl5 has been updated to 5.6.2, and lang/perl5.8 has been updated to 5.8.6. you should update everything depending on perl, that is: * first, upgrade your perl installation (use either lang/perl5 or lang/perl5.8, the latter being recommended); * for FreeBSD 4.X, run "use.perl port", so that the system knows you have 5.8.6 or 5.6.2; this step is not needed on FreeBSD 5.X and FreeBSD -CURRENT; * run some magic incantations to upgrade all ports depending on perl, that is run something like : portupgrade -f `(pkg_info -R perl-5\* |tail +4; \ find /usr/local/lib/perl5/site_perl/5.[68].[1245] -type f -print0 \ | xargs -0 pkg_which -fv | sed -e '/: ?/d' -e 's/.*: //')|sort -u` This is likely to fail for a few ports, you'll have to upgrade them afterwards by hand. --- I hope this will help you. (p.s. sorry I sent to your mailbox before, I should send it to the list. Anyway, someone on the list may help you more.) Cheers Raylund ----- Original Message ----- From: "dave" To: "Raylund Lai" Sent: Monday, February 07, 2005 3:56 PM Subject: Re: MailScanner 4.37 can not find sa > Hello, > Yah, as a matter of fact i did recently udate prl and i'm regretting > it. > I don't suppose you have a fast way of doing this, i used the command in > the > UPDATING file and that's when this started. > Thanks. > Dave. > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Mon Feb 7 21:25:55 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:28:27 2006 Subject: Mail not forwarding to mailserver after being scanned. Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of JD > Sent: Monday, February 07, 2005 3:15 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Mail not forwarding to mailserver after being scanned. > > After I installed the new sendmail 8.13 It seems to be ignoring the > mailertable feature and not pushing the email to the correct ip. My > maillog > is telling me that it is trying to push the email to the domain again > which > just loops it back to itself. Maillog is showing the ip address of the > domain instead of the mailserver specified in the mailertable. Any reason > why this could be happening? mailertable reads bentecmed.com > smtp:[192.168.1.4] This is a very common problem covered in the Sendmail FAQ: http://www.sendmail.org/faq/section4.html#4.5 > > Feb 7 11:42:48 localhost sendmail[1541]: j17JgHdS001528: SYSERR(root): > mail.bentecmed.com. config error: mail loops back to me (MX problem?) > Feb 7 11:42:48 localhost sendmail[1541]: j17JgHdS001528: > to=jd@bentecmed.com, delay=00:00:11, xdelay=00:00:00, mailer=esmtp, > pri=120003, relay=mail.bentecmed.com. [64.57.104.140], dsn=5.3.5, > stat=Local > configuration error > Feb 7 11:42:48 localhost sendmail[1541]: j17JgHdS001528: SYSERR(root): > hash > map "Alias0": missing map file /etc/mail/aliases.db: No such file or > directory > You didn't mention your operation system, but if it's Linux (or close to it) Edit /etc/aliases to add any aliases necessary for your configuration then run the command: newaliases or if that fails, try /usr/lib/sendmail -bi > I used the command makemap hash /etc/mail/mailertable < > /etc/mail/mailertable to create the db which should be correct, so im not > exactly sure what the problem is. > > -JD Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Mon Feb 7 21:30:36 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:27 2006 Subject: Speaking of AWL... Message-ID: At 04:08 PM 2/7/2005, Dave Duffner - NWCWEB.com wrote: > Is it better to turn off the AWL feature of either >MS or SA and just maintain our own white/black lists using >2.6? Well, Only SA has an AWL feature. It's just where you turn it off that differs between SA 2.6 and SA 3.0. (In 2.6 you use MailScanner.conf, in 3.0 you use the local.cf) > Is there any real benefit to AWL'ing if we have our >own maintained list of what's kosher in our servers? We're >not talking huge loads of clients here, so hands-on is not >a problem. Quite frankly, I'm not a big fan of either the AWL, nor static whitelists. IMO, the AWL may be useful, but really only in the single-user case. It's semi-OK in the multi-user case, but it's value is diluted greatly. It's also slightly subject to abuse by spammers (if they figure out how). Play with it, and use it if you like it, leave it if you don't. I myself don't care for it. For me static whitelists are really a "method of last resort" as they are just a way of covering up other problems with your SA setup that could be better fixed by configuration or rule adjustment. However, cooking up rule tweaks isn't exactly the simplest thing to do, so for many admins, whitelists are the way to go. However, no admin should need to create very many whitelist entries. If you find yourself creating lots of whitelists to avoid rampant FP problems, I'd strongly suggest stepping back and looking at why you're getting so many FP's in the first place. I personally run with only one whitelist command, plus SA's default set. In the past week no messages would have scored over +2.8 without the bonuses of the whitelists. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jd at BENTECMED.COM Mon Feb 7 22:51:37 2005 From: jd at BENTECMED.COM (JD) Date: Thu Jan 12 21:28:28 2006 Subject: Mail not forwarding to mailserver after being scanned. Message-ID: the sendmail Faq does address the issue but it states: There are a couple of additional cases where you don't actually want local delivery, and thus adding domain.net to class w is not the right fix: * When relay.domain.net should just be acting as a forwarder, e.g. a firewall/gateway box. The proper fix could be to set up a mailertable entry for domain.net. which I did but it doesn't seem to be using it. The interesting part is that once I went back to sendmail 8.12 everything worked okay. so maybe i'll just stay away from 8.13 -JD -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Stephen Swaney Sent: Monday, February 07, 2005 1:26 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Mail not forwarding to mailserver after being scanned. > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of JD > Sent: Monday, February 07, 2005 3:15 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Mail not forwarding to mailserver after being scanned. > > After I installed the new sendmail 8.13 It seems to be ignoring the > mailertable feature and not pushing the email to the correct ip. My > maillog > is telling me that it is trying to push the email to the domain again > which > just loops it back to itself. Maillog is showing the ip address of the > domain instead of the mailserver specified in the mailertable. Any reason > why this could be happening? mailertable reads bentecmed.com > smtp:[192.168.1.4] This is a very common problem covered in the Sendmail FAQ: http://www.sendmail.org/faq/section4.html#4.5 > > Feb 7 11:42:48 localhost sendmail[1541]: j17JgHdS001528: SYSERR(root): > mail.bentecmed.com. config error: mail loops back to me (MX problem?) > Feb 7 11:42:48 localhost sendmail[1541]: j17JgHdS001528: > to=jd@bentecmed.com, delay=00:00:11, xdelay=00:00:00, mailer=esmtp, > pri=120003, relay=mail.bentecmed.com. [64.57.104.140], dsn=5.3.5, > stat=Local > configuration error > Feb 7 11:42:48 localhost sendmail[1541]: j17JgHdS001528: SYSERR(root): > hash > map "Alias0": missing map file /etc/mail/aliases.db: No such file or > directory > You didn't mention your operation system, but if it's Linux (or close to it) Edit /etc/aliases to add any aliases necessary for your configuration then run the command: newaliases or if that fails, try /usr/lib/sendmail -bi > I used the command makemap hash /etc/mail/mailertable < > /etc/mail/mailertable to create the db which should be correct, so im not > exactly sure what the problem is. > > -JD Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From webalizer at NWCWEB.COM Mon Feb 7 23:14:20 2005 From: webalizer at NWCWEB.COM (Dave Duffner - NWCWEB.com) Date: Thu Jan 12 21:28:28 2006 Subject: Speaking of AWL... Message-ID: For some reason the List server didn't like this the way it was, so we'll try it again. Thought it saw some commands or something? > -----Original Message----- > From: Dave Duffner - NWCWEB.com [mailto:webalizer@nwcweb.com] > Sent: Monday, February 07, 2005 6:12 PM > To: 'MailScanner mailing list' > Subject: RE: Speaking of AWL... > > > Ok, > > This went from mediocre to way off base... > > Went into MailScanner.conf, found the setting to > disable SA's AWL feature. Explanation there is minimal but > it looks like a bad thing to turn it off. Going with the > sensible advice below, turned it off anyways. > > I'm monitoring the flow through MailWatch and I > note higher loads since doing so, can live with that as > it's spastic and not constant. > > BUT... I'm watching the flow Last 50 messages and > note the following: > > #1 - It starts Whitelisting things randomly? Mail > to/from the same people is W/L 50% of the time and others > not. What's with that, especially as the accounts and domain > in question aren't even in the WL we had created previously? > > #2 - Spammer sends 3 copies of the same junk to the > same client address on a particular box. The following > occurs: > > 1st Copy - MS says Clean, passed to allow SA to tag it. > > 2nd Copy - MS Whitelists the thing? > > 3rd Copy - MS Whitelists again? > > I note that the 1st copy only comes from the source > IP, but the other two have been received by our main IP as well > (double-relayed?) and I think that's why it's whitelisting > it. > > So either something misconfigured since taking SA AWL > out of the picture or I've developed a new problem. Only > confusing part is why taking SA's AWL out would suddenly > cause these effects since MailScanner's techincally getting > it to play with first? > > Dave > > > > > -----Original Message----- > > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > Behalf Of Matt Kettler > > Sent: Monday, February 07, 2005 4:31 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Speaking of AWL... > > > > > > At 04:08 PM 2/7/2005, Dave Duffner - NWCWEB.com wrote: > > > Is it better to turn off the AWL feature of > either MS or SA > > >and just maintain our own white/black lists using 2.6? > > > > Well, Only SA has an AWL feature. It's just where you turn > it off that > > differs between SA 2.6 and SA 3.0. (In 2.6 you use > MailScanner.conf, > > in 3.0 you use the local.cf) > > > > > > > > > Is there any real benefit to AWL'ing if we have our > > >own maintained list of what's kosher in our servers? We're > > not talking > > >huge loads of clients here, so hands-on is not a problem. > > > > > > Quite frankly, I'm not a big fan of either the AWL, nor static > > whitelists. > > > > IMO, the AWL may be useful, but really only in the > single-user case. > > It's semi-OK in the multi-user case, but it's value is diluted > > greatly. It's also slightly subject to abuse by spammers (if they > > figure out how). Play with it, and use it if you like it, > leave it if > > you don't. I myself don't care for it. > > > > For me static whitelists are really a "method of last > resort" as they > > are just a way of covering up other problems with your SA > setup that > > could be better fixed by configuration or rule adjustment. However, > > cooking up rule tweaks isn't exactly the simplest thing to > do, so for > > many admins, whitelists are the way to go. However, no admin should > > need to create very many whitelist entries. > > > > If you find yourself creating lots of whitelists to avoid > rampant FP > > problems, I'd strongly suggest stepping back and looking at > why you're > > getting so many FP's in the first place. > > > > I personally run with only one whitelist command, plus SA's default > > set. In the past week no messages would have scored over > +2.8 without > > the bonuses of the whitelists. > > > > ------------------------ MailScanner list > > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk > > with the words: 'leave mailscanner' in the body of the > email. Before > > posting, read the MAQ > > (http://www.mailscanner.biz/maq/) and the archives > > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > -- > > Message scanned by MailScanner, and is believed to be clean. > > CONFIDENTIALITY NOTICE: This transmission intended for the > specified > > destination and person. If this is not you, this > > e-mail must be deleted immediately. www.nwcweb.com > > > > > -- > Message scanned by MailScanner, and is believed to be clean. > CONFIDENTIALITY NOTICE: This transmission intended for the > specified destination and person. If this is not you, this > e-mail must be deleted immediately. www.nwcweb.com > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' > in the body of the email. Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Message scanned by MailScanner, and is believed to be clean. CONFIDENTIALITY NOTICE: This transmission intended for the specified destination and person. If this is not you, this e-mail must be deleted immediately. www.nwcweb.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cconn at ABACOM.COM Mon Feb 7 23:24:43 2005 From: cconn at ABACOM.COM (Chris Conn) Date: Thu Jan 12 21:28:28 2006 Subject: Missing BAYES??? Message-ID: Scott Silva wrote: > Chris Conn wrote: > >>> >>> not in my experiance. the bayes system should tag all emails. >>> >>> I'd make sure MS is doing the re-sync of the bayes DB itself and an >>> outside cron isn't trying to do this... >>> >>> In MainScanner.conf its the rebuild bayes options you need to set >>> correctly and make sure it's set to wait while this happens as well. >> >> >> >> Hello, >> >> This is what I have: >> >> Rebuild Bayes Every = 259200 >> >> Wait During Bayes Rebuild = yes >> >> Out of 4975 messages marked as possible spam today, only 4842 had >> BAYES_XXX scores attached, the rest having a bunch of spamassassin >> scores but no BAYES. >> >> Chris >> > That is a long Bayes rebuild interval. Maybe it is just taking a long > time to rebuild. Hello, According to my logs, the database rebuilds in about 120 seconds. Is that excessively long? Chris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john.crossan at valleypres.org Mon Feb 7 23:40:52 2005 From: john.crossan at valleypres.org (John Crossan) Date: Thu Jan 12 21:28:28 2006 Subject: Bayes and spam increase? Message-ID: I liked your Idea, I was getting too many false negatives due to bays. after running SpamAssassin lint I used the following because some of yours were not in my SpamAssassin version. score BAYES_00 0 0 -0.04 -0.04 score BAYES_05 0 0 -0.03 -0.03 score BAYES_20 0 0 -0.02 -0.02 score BAYES_40 0 0 -0.01 -0.01 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Jeff A. Earickson Sent: Monday, February 07, 2005 10:41 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Bayes and spam increase? This sounds like the "bayes poisoning" issue that has been discussed numerous times on this list. I've kept the following in my spam.assassin.prefs.conf file: score BAYES_00 0 0 -0.05 -0.05 score BAYES_01 0 0 -0.04 -0.04 score BAYES_10 0 0 -0.03 -0.03 score BAYES_20 0 0 -0.02 -0.02 score BAYES_30 0 0 -0.01 -0.01 I don't trust Bayes enough to let it substantially lower a score -- only to increase a score. Jeff Earickson Colby College On Mon, 7 Feb 2005, Magda Hewryk wrote: > Date: Mon, 7 Feb 2005 13:22:41 -0500 > From: Magda Hewryk > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Bayes and spam increase? > > Yes, I've got a lot untagged spam email on the weekend. I found BAYES_00 > -2.60 attached to all of them. > > > Thanks, > > Magda > > > > Matt Kettler > .COM> To > Sent by: MAILSCANNER@JISCMAIL.AC.UK > MailScanner cc > mailing list > MAIL.AC.UK> Re: Bayes and spam increase? > > > 02/07/2005 11:23 > AM > > > Please respond to > MailScanner > mailing list > MAIL.AC.UK> > > > > > > > At 10:43 AM 2/7/2005, Fractal IT Dept. wrote: >> Hi everyone! >> >> We've noticed an increase in the number of spam sneaking through with >> scores "just under" our threshold. After looking through the headers for >> these messages, I've noticed that bayes seems to have "no opinion" on the >> majority of these (ie. no bayes entry). Am I missing something? I thought >> bayes would score every message? > > That's not entirely true, especially for the 2.6 series.. in 2.6x or 2.5x, > In those any "no matches" or other 50/50 chance does not get a BAYES_ rule > match. > > Can you tell us what version of SpamAssassin you are using? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Feb 7 23:30:44 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:28 2006 Subject: Missing BAYES??? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Chris Conn wrote: > Scott Silva wrote: > >> Chris Conn wrote: >> >>>> >>>> not in my experiance. the bayes system should tag all emails. >>>> >>>> I'd make sure MS is doing the re-sync of the bayes DB itself and an >>>> outside cron isn't trying to do this... >>>> >>>> In MainScanner.conf its the rebuild bayes options you need to set >>>> correctly and make sure it's set to wait while this happens as well. >>> >>> >>> >>> >>> Hello, >>> >>> This is what I have: >>> >>> Rebuild Bayes Every = 259200 >>> >>> Wait During Bayes Rebuild = yes >>> >>> Out of 4975 messages marked as possible spam today, only 4842 had >>> BAYES_XXX scores attached, the rest having a bunch of spamassassin >>> scores but no BAYES. >>> >>> Chris >>> >> That is a long Bayes rebuild interval. Maybe it is just taking a long >> time to rebuild. > > > Hello, > > According to my logs, the database rebuilds in about 120 seconds. Is > that excessively long? > > Chris > It shouldn't be that bad, as long as MailScanner is waiting during that time. Maybe check the same area of the log and look for any MailScanner processing log entries during the time of the rebuild. Mine dakes an average of 30 seconds from the rebuild is due to the rebuild completed. But I also run a rebuild every 12 hours, just to keep it light. -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john.crossan at valleypres.org Tue Feb 8 00:19:27 2005 From: john.crossan at valleypres.org (John Crossan) Date: Thu Jan 12 21:28:28 2006 Subject: Problem with adding RBL's DNS timeouts Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Can some one please help me I can not seem to find the cause of the problem. We receive way too many spam and viruses from China and Korea. The rules below worked for making Korean and Chinese spam high scoring spam when they were first put in place. They are not working now. *** begin of RBL Rules here from /etc/MailScanner/spamassassin.prefs.conf header X_KOREAN_RELAY eval:check_rbl('relay','korea.services.net.') describe X_KOREAN_RELAY Received via a relay in Korea score X_KOREAN_RELAY 10 header X_CHINESE_RELAY eval:check_rbl('relay', 'cn.rbl.cluecentral.net.') describe X_CHINESE_RELAY Received via a relay in China score X_CHINESE_RELAY 10 *** end of RBL rules here is a message from 61.84.84.38 The address is in the korean services database http://korea.services.net/blocked.phtml?addr=61.35.194.108 It looks like I am getting a DNS timeout of 3 seconds, but I have set in /etc/MailScanner/spamassassin.prefs.conf rbl_timeout 20 When I try to debug SpamAssassin with the folioing command /usr/bin/spamassassin -x -D -p /etc/MailScanner/spam.assassin.prefs.conf 0.998560747663551 debug: bayes token 'H*u:3.2.2' => 0.998560747663551 debug: bayes token 'UD:casinonewsservice.com' => 0.998295202952029 debug: bayes token 'sk:casinon' => 0.998295202952029 debug: bayes token 'www.casinonewsservice.com' => 0.998295202952029 debug: bayes token 'wwwcasinonewsservicecom' => 0.998295202952029 debug: bayes token 'UD:www.casinonewsservice.com' => 0.998295202952029 debug: bayes token 'H*RT:127.0.0.1' => 0.012402038762634 debug: bayes token 'competitions' => 0.987150906733285 debug: bayes token 'Thanks' => 0.0173691346180195 debug: bayes token 'Sign' => 0.0209378459820981 debug: bayes token 'UD:bottom.gif' => 0.975148999801698 debug: bayes token 'bottomgif' => 0.975148999801698 debug: bayes token 'bottom.gif' => 0.975148999801698 debug: bayes token 'H*RT:sk:localho' => 0.02864952653931 debug: bayes token '24-48' => 0.965009087146444 debug: bayes token 'H*MI:108' => 0.958 debug: bayes token 'winner.gif' => 0.958 debug: bayes token 'H*MI:sk:1876981' => 0.958 debug: bayes token 'UD:b_join2.gif' => 0.958 debug: bayes token '1n.gif' => 0.958 debug: bayes token 'aff664.html' => 0.958 debug: bayes token 'blinkgif' => 0.958 debug: bayes token 'UD:1n.gif' => 0.958 debug: bayes token 'H*M:sk:1876981' => 0.958 debug: bayes token '$21,972.50' => 0.958 debug: bayes token 'Lightspeed' => 0.958 debug: bayes token 'happyjpg' => 0.958 debug: bayes token 'UD:winner2.gif' => 0.958 debug: bayes token '2197250' => 0.958 debug: bayes token 'slot!' => 0.958 debug: bayes token 'casino' => 0.958 debug: bayes token '$20,985' => 0.958 debug: bayes token 'winning!' => 0.958 debug: bayes token '1286163' => 0.958 debug: bayes token '$20,002.25' => 0.958 debug: bayes token 'blink.gif' => 0.958 debug: bayes token 'UD:blink.gif' => 0.958 debug: bayes token 'Slot!' => 0.958 debug: bayes token 'H*r:ip*61.132.103.175' => 0.958 debug: bayes token 'H*RU:61.132.103.175' => 0.958 debug: bayes token 'happy.jpg' => 0.958 debug: bayes token 'lightspeed' => 0.958 debug: bayes token 'blackjack' => 0.958 debug: bayes token 'Blackjack!' => 0.958 debug: bayes token 'WINNING' => 0.958 debug: bayes token '$12,861.63' => 0.958 debug: bayes token 'UD:prismcasino.com' => 0.958 debug: bayes token 'H*M:108' => 0.958 debug: bayes token 'prism!' => 0.958 debug: bayes token 'H*M:194' => 0.958 debug: bayes token 'shyles' => 0.958 debug: bayes token 'H*RT:sk:1Cxchw-' => 0.958 debug: bayes token 'Casino' => 0.958 debug: bayes token 'winner2gif' => 0.958 debug: bayes token 'UD:join.gif' => 0.958 debug: bayes token 'Blackjack' => 0.958 debug: bayes token 'UD:winner.gif' => 0.958 debug: bayes token '20985' => 0.958 debug: bayes token 'H*MI:194' => 0.958 debug: bayes token 'Slots!' => 0.958 debug: bayes token 'NEXT!!!' => 0.958 debug: bayes token 'slot' => 0.958 debug: bayes token 'HX-Originating-IP:61.132.103.175' => 0.958 debug: bayes token 'slots!' => 0.958 debug: bayes token 'H*r:ip*61.35.194.108' => 0.958 debug: bayes token 'Prism' => 0.958 debug: bayes token 'b_join2.gif' => 0.958 debug: bayes token '$24,500' => 0.958 debug: bayes token 'aff664html' => 0.958 debug: bayes token 'Poker!' => 0.958 debug: bayes token 'b_join2gif' => 0.958 debug: bayes token 'Slots' => 0.958 debug: bayes token 'join.gif' => 0.958 debug: bayes token 'UD:aff664.html' => 0.958 debug: bayes token 'H*r:61.35.194' => 0.958 debug: bayes token 'opted' => 0.958 debug: bayes token '24500' => 0.958 debug: bayes token 'H*F:D*themackintoshgroup.com' => 0.958 debug: bayes token 'H*RT:3733A17C3BC' => 0.958 debug: bayes token '$16,604.84' => 0.958 debug: bayes token 'prism' => 0.958 debug: bayes token 'wwwprismcasinocom' => 0.958 debug: bayes token 'UD:www.prismcasino.com' => 0.958 debug: bayes token '2000225' => 0.958 debug: bayes token 'stud' => 0.958 debug: bayes token 'likeawinner' => 0.958 debug: bayes token 'joingif' => 0.958 debug: bayes token 'Stud' => 0.958 debug: bayes token 'poker!' => 0.958 debug: bayes token 'Shyles' => 0.958 debug: bayes token 'Prism!' => 0.958 debug: bayes token 'H*F:U*mutiduldndk' => 0.958 debug: bayes token 'H*r:61.132.103' => 0.958 debug: bayes token 'blackjack!' => 0.958 debug: bayes token '1ngif' => 0.958 debug: bayes token 'H*RT:61.35.194.108' => 0.958 debug: bayes token '1660484' => 0.958 debug: bayes token 'winner2.gif' => 0.958 debug: bayes token 'Slot' => 0.958 debug: bayes token 'WINNING!' => 0.958 debug: bayes token 'winnergif' => 0.958 debug: bayes token 'next!!!' => 0.958 debug: bayes token 'UD:happy.jpg' => 0.958 debug: bayes token 'H*RU:61.35.194.108' => 0.958 debug: bayes token 'www.prismcasino.com' => 0.958 debug: bayes token 'lot' => 0.044895692042425 debug: bayes token '2448' => 0.95430405388566 debug: bayes token 'H*RT:localhost' => 0.0473872937162061 debug: bayes token 'sign' => 0.0474079192441118 debug: bayes token 'H*r:127.0.0' => 0.049130482849064 debug: bayes token 'H*r:ip*127.0.0.1' => 0.0491841151512138 debug: bayes token 'fred' => 0.0556372736522324 debug: bayes token 'Fred' => 0.060733334043679 debug: bayes token 'H*r:IMP' => 0.933586912131647 debug: bayes token 'received' => 0.0760562450550159 debug: bayes token 'H*r:localhost' => 0.0893318623310851 debug: bayes token 'UD:gif' => 0.901478831666989 debug: bayes token 'send' => 0.0995942422996249 debug: bayes token 'found' => 0.104122394600291 debug: bayes token 'thanks' => 0.106304648610173 debug: bayes token 'could' => 0.108010343053283 debug: bayes token 'H*u:IMP' => 0.891799885344535 debug: bayes token 'H*u:Messaging' => 0.891799885344535 debug: bayes token 'H*UA:Program' => 0.891799885344535 debug: bayes token 'H*UA:IMP' => 0.891799885344535 debug: bayes token 'H*u:Program' => 0.891799885344535 debug: bayes token 'H*UA:Messaging' => 0.891799885344535 debug: bayes token 'unsubscribe' => 0.110265209673694 debug: bayes token 'but' => 0.110585846533574 debug: bayes token 'growing' => 0.110616525759099 debug: bayes token 'immediately' => 0.114143395640858 debug: bayes token 'database' => 0.114667404363985 debug: bayes token 'join' => 0.114691627207864 debug: bayes token 'UD:jpg' => 0.884339732639795 debug: bayes token 'This' => 0.11692315371609 debug: bayes token 'about' => 0.117577720389553 debug: bayes token 'H*u:Internet' => 0.882360014009373 debug: bayes token 'players' => 0.119726772600525 debug: bayes token 'don't' => 0.120864025041217 debug: bayes token 'dont' => 0.121664665868965 debug: bayes token 'Antonio' => 0.127223696110676 debug: bayes token 'next' => 0.12998331962496 debug: bayes token 'list' => 0.135367080923577 debug: bayes token 'this' => 0.138983167668796 debug: bayes token 'those' => 0.139088974059656 debug: bayes token 'winners' => 0.140487093414031 debug: bayes token 'either' => 0.141241110170095 debug: bayes token 'Caribbean' => 0.142036851334444 debug: bayes token 'caribbean' => 0.142036851334444 debug: bayes token 'HTo:U*catherine.litten' => 0.853988921474622 debug: bayes: score = 0.99999978578356 debug: bayes: 31553 untie-ing debug: bayes: 31553 untie-ing db_toks debug: bayes: 31553 untie-ing db_seen debug: registering glue method for check_uridnsbl (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8498ff4)) debug: Razor2 is not available debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8498ff4) implements 'check_tick' debug: URIDNSBL: query for prismcasino.com took 1 seconds to look up (multi.surbl.org.:prismcasino.com) debug: URIDNSBL: domain "casinonewsservice.com" listed (URIBL_AB_SURBL): 127.0.0.96 debug: URIDNSBL: query for casinonewsservice.com took 2 seconds to look up (multi.surbl.org.:casinonewsservice.com) debug: URIDNSBL: queries completed: 4 started: 6 debug: URIDNSBL: queries active: at Mon Feb 7 16:12:29 2005 debug: running raw-body-text per-line regexp tests; score so far=5.733 debug: running full-text regexp tests; score so far=5.733 debug: Razor2 is not available debug: Current PATH is: /usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin: /usr/local/mysql/bin debug: Pyzor is not available: pyzor not found debug: DCCifd is not available: no r/w dccifd socket found. debug: DCC is not available: no executable dccproc found. debug: Running tests for priority: 500 debug: URIDNSBL: queries completed: 6 started: 6 debug: URIDNSBL: queries active: at Mon Feb 7 16:12:29 2005 debug: URIDNSBL: domain "casinonewsservice.com" listed (URIBL_SBL): "http://www.spamhaus.org/SBL/sbl.lasso?query=SBL18954" debug: URIDNSBL: domain "casinonewsservice.com" listed (URIBL_SBL): "http://www.spamhaus.org/SBL/sbl.lasso?query=SBL15331" debug: URIDNSBL: query for casinonewsservice.com took 3 seconds to look up (sbl.spamhaus.org.:61.9.53.66) debug: URIDNSBL: domain "casinonewsservice.com" listed (URIBL_SBL): "http://www.spamhaus.org/SBL/sbl.lasso?query=SBL13005" debug: URIDNSBL: query for casinonewsservice.com took 3 seconds to look up (sbl.spamhaus.org.:254.151.203.65) debug: URIDNSBL: domain "casinonewsservice.com" listed (URIBL_SBL): "http://www.spamhaus.org/SBL/sbl.lasso?query=SBL13005" debug: URIDNSBL: query for casinonewsservice.com took 3 seconds to look up (sbl.spamhaus.org.:245.151.203.65) debug: URIDNSBL: domain "prismcasino.com" listed (URIBL_SBL): "http://www.spamhaus.org/SBL/sbl.lasso?query=SBL19808" debug: URIDNSBL: query for prismcasino.com took 3 seconds to look up (sbl.spamhaus.org.:42.212.193.216) debug: URIDNSBL: domain "prismcasino.com" listed (URIBL_SBL): "http://www.spamhaus.org/SBL/sbl.lasso?query=SBL12500" debug: URIDNSBL: query for prismcasino.com took 3 seconds to look up (sbl.spamhaus.org.:8.228.163.66) debug: URIDNSBL: query for casinonewsservice.com took 3 seconds to look up (sbl.spamhaus.org.:236.251.5.221) debug: URIDNSBL: queries completed: 6 started: 0 debug: URIDNSBL: queries active: at Mon Feb 7 16:12:30 2005 debug: RBL: success for 17 of 18 queries debug: DNS: timeout for relay after 3 seconds debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8498ff4) implements 'check_post_dnsbl' debug: running meta tests; score so far=12.951 debug: running header regexp tests; score so far=12.951 debug: running body-text per-line regexp tests; score so far=12.951 debug: running uri tests; score so far=12.951 debug: running raw-body-text per-line regexp tests; score so far=12.951 debug: running full-text regexp tests; score so far=12.951 debug: Running tests for priority: 1000 debug: running meta tests; score so far=12.951 debug: running header regexp tests; score so far=12.951 debug: running body-text per-line regexp tests; score so far=12.951 debug: running uri tests; score so far=12.951 debug: running raw-body-text per-line regexp tests; score so far=12.951 debug: running full-text regexp tests; score so far=12.951 debug: auto-learn: currently using scoreset 3, recomputing score based on scoreset 1. debug: auto-learn: message score: 12.951, computed score for autolearn: 11.065 debug: auto-learn? ham=0.1, spam=12, body-points=9.51, head-points=6.32, learned-points=1.886 debug: auto-learn? no: inside auto-learn thresholds, not considered ham or spam debug: is spam? score=12.951 required=5 debug: tests=BAYES_99,HTML_80_90,HTML_EVENT_UNSAFE,HTML_FONT_BIG,HTML_IMAGE_RATIO_0 6,HTML_MESSAGE,HTML_SHOUTING3,MARKETING_PARTNERS,MIME_HTML_ONLY,RCVD_BY_IP,R CVD_IN_DSBL,RCVD_IN_XBL,RCVD_NUMERIC_HELO,URIBL_AB_SURBL,URIBL_SBL debug: subtests=__CT,__CTE,__CTYPE_CHARSET_QUOTED,__CTYPE_HTML,__HAS_MSGID,__HAS_SU BJECT,__MIME_HTML,__MIME_VERSION,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__MSGID_R ANDY,__RATWARE_0_TZ_DATE,__SANE_MSGID,__TAG_EXISTS_BODY,__TAG_EXISTS_CENTER, __TAG_EXISTS_HEAD,__TAG_EXISTS_HTML,__TAG_EXISTS_META,__USER_AGENT Received: from localhost by clamav.valleypres.org with SpamAssassin (version 3.0.1); Mon, 07 Feb 2005 16:12:30 -0800 From: "Emm" To: "Tina" Subject: find your fortune now! Date: Sun, 6 Feb 2005 03:14:15 +0000 Message-Id: <1876981107659655@61.35.194.108> X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on clamav.valleypres.org X-Spam-Level: ************ X-Spam-Status: Yes, score=13.0 required=5.0 tests=BAYES_99,HTML_80_90, HTML_EVENT_UNSAFE,HTML_FONT_BIG,HTML_IMAGE_RATIO_06,HTML_MESSAGE, HTML_SHOUTING3,MARKETING_PARTNERS,MIME_HTML_ONLY,RCVD_BY_IP, RCVD_IN_DSBL,RCVD_IN_XBL,RCVD_NUMERIC_HELO,URIBL_AB_SURBL,URIBL_SBL autolearn=no version=3.0.1 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----------=_420803EE.E191ABC4" This is a multi-part message in MIME format. ------------=_420803EE.E191ABC4 Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: 8bit Spam detection software, running on the system "clamav.valleypres.org", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see john.crossan@valleypres.org for details. Content preview: casinonewsservice Prism Casino is the place to be for players who are serious about WINNING! Sign up today and join the growing list of players who have found their fortune at Prism! WINNERS player won game Fred S. won $24,500 on Blackjack! Antonio A. won $21,972.50 on Video Poker! Irene B. won $20,985 on Slots! Shyles G. won $20,002.25 on Blackjack & Caribbean Stud Poker! Valerie T. won $16,604.84 on Slots! Bonnie M. won $12,861.63 on Lightspeed Slot! [...] Content analysis details: (13.0 points, 5.0 required) pts rule name description ---- ---------------------- ------------------------------------------------ -- 0.1 RCVD_BY_IP Received by mail server with no name 1.2 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO 1.4 MARKETING_PARTNERS BODY: Claims you registered with a partner 0.1 HTML_IMAGE_RATIO_06 BODY: HTML has a low ratio of text to image area 0.1 HTML_80_90 BODY: Message is 80% to 90% HTML 0.0 HTML_SHOUTING3 BODY: HTML has very strong "shouting" markup 0.0 HTML_MESSAGE BODY: HTML included in message 0.1 HTML_FONT_BIG BODY: HTML tag for a big font size 1.9 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.0000] 0.2 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 0.5 HTML_EVENT_UNSAFE BODY: HTML contains unsafe auto-executing code 3.8 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org [] 2.0 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL [61.35.194.108 listed in sbl-xbl.spamhaus.org] 1.0 URIBL_SBL Contains an URL listed in the SBL blocklist [URIs: prismcasino.com casinonewsservice.com] 0.4 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist [URIs: casinonewsservice.com] The original message was not completely plain text, and may be unsafe to open with some email clients; in particular, it may contain a virus, or confirm that your address can receive spam. If you wish to view it, it may be safer to save it to a file and open it with an editor. ------------=_420803EE.E191ABC4 Content-Type: message/rfc822; x-spam-type=original Content-Description: original message before SpamAssassin Content-Disposition: attachment Content-Transfer-Encoding: 8bit Received: from mail.valleypres.org (firewall.valleypres.org [192.6.1.253]) by clamav.valleypres.org (Postfix) with ESMTP id 3733A17C3BC for ; Sat, 5 Feb 2005 19:03:33 -0800 (PST) Received: from [61.35.194.108] (helo=61.35.194.108) by mail.valleypres.org with esmtp (Exim 3.13 #5) id 1Cxchw-0008OQ-00 for catherine.litten@valleypres.org; Sat, 05 Feb 2005 19:03:32 -0800 Received: from unknown (HELO localhost) (127.0.0.1) by localhost.csirlyd.com with SMTP; Sun, 6 Feb 2005 03:14:15 +0000 Received: from 61.132.103.175 (61.132.103.175[61.132.103.175]) by 61.35.194.108 (IMP) with HTTP for ;Sun, 6 Feb 2005 03:14:15 +0000 Message-ID: <1876981107659655@61.35.194.108> From: "Emm" To: "Tina" Subject: find your fortune now! Date: Sun, 6 Feb 2005 03:14:15 +0000 MIME-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: 8bit User-Agent: Internet Messaging Program (IMP) 3.2.2 X-Originating-IP: 61.132.103.175 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Tue Feb 8 00:51:49 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:28:28 2006 Subject: Which OS? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I am moving my server to a hosted service. They offer many different distributions on the server. As all you guys have much more experience with MS than I do I was wondering if you would offer some advice. Of this list which would be the easiest to maintain and run? CentOS 3.1 (RHEL) Debian 3.0r1 Fedora Core 2 Fedore Core 1 Gentoo Linux 2004.2 (09-14) Mandrake 9.1 Mandrake 9.1 Red Hat 8.0 Red Hat 9.0 Red Hat 9.0 Slackware 10 Slackware 9.0 Ubuntu 4.10 Thanks Lance ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From b.addis at TIMESMEDIA.CO.NZ Tue Feb 8 00:49:27 2005 From: b.addis at TIMESMEDIA.CO.NZ (Brent Addis) Date: Thu Jan 12 21:28:28 2006 Subject: Which OS? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] At the risk of starting a flamewar, Debian 3.01! :) Regards, Brent Addis Group Systems Administrator Times Media Group "He who knows, does not speak. He who speaks, does not know". -- Lao Tsu Lance Haig wrote: > Hi, > > I am moving my server to a hosted service. They offer many different > distributions on the server. > > As all you guys have much more experience with MS than I do I was > wondering if you would offer some advice. > Of this list which would be the easiest to maintain and run? > > CentOS 3.1 (RHEL) > Debian 3.0r1 > Fedora Core 2 > Fedore Core 1 > Gentoo Linux 2004.2 (09-14) > Mandrake 9.1 > Mandrake 9.1 > Red Hat 8.0 > Red Hat 9.0 > Red Hat 9.0 > Slackware 10 > Slackware 9.0 > Ubuntu 4.10 > > Thanks > > Lance > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From eneal at dfi-intl.com Tue Feb 8 00:00:00 2005 From: eneal at dfi-intl.com (Errol Uriel Neal Jr.) Date: Thu Jan 12 21:28:28 2006 Subject: Which OS? Message-ID: Or if you are feeling really bold... Debian sarge... Yummy Errol -----Original Message----- From: Brent Addis Date: Tue, 8 Feb 2005 13:49:27 To:MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Which OS? At the risk of starting a flamewar, Debian 3.01! :) Regards, Brent Addis Group Systems Administrator Times Media Group "He who knows, does not speak. He who speaks, does not know". -- Lao Tsu Lance Haig wrote: > Hi, > > I am moving my server to a hosted service. They offer many different > distributions on the server. > > As all you guys have much more experience with MS than I do I was > wondering if you would offer some advice. > Of this list which would be the easiest to maintain and run? > > CentOS 3.1 (RHEL) > Debian 3.0r1 > Fedora Core 2 > Fedore Core 1 > Gentoo Linux 2004.2 (09-14) > Mandrake 9.1 > Mandrake 9.1 > Red Hat 8.0 > Red Hat 9.0 > Red Hat 9.0 > Slackware 10 > Slackware 9.0 > Ubuntu 4.10 > > Thanks > > Lance > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! __________________________________________ Errol Uriel Neal Jr. Network Administrator DFI International, Inc. 1717 Pennsylvania Ave NW, Suite 1300 Washington, DC 20006 Tel (202)452-6955 Fax (202)452-6910 eneal@dfi-intl.com www.dfi-intl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Tue Feb 8 01:34:46 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:28:28 2006 Subject: Which OS? Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Lance Haig > Sent: Monday, February 07, 2005 7:52 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Which OS? > > Hi, > > I am moving my server to a hosted service. They offer many different > distributions on the server. > > As all you guys have much more experience with MS than I do I was > wondering if you would offer some advice. > Of this list which would be the easiest to maintain and run? > Lance, You caught me at the end o a long day and in a philosophical mood so here goes. What's the easiest to run and support depends on what OS you're most comfortable with. Solaris people should run MS on Solaris; Folks who are comfortable with Linux should use Linux and my friend who runs MailScanner on a Alpha cluster is laughing at all of us. You didn't say what level of service want to provide; home, experimental, commercial service, etc. That does make a difference. If it's a home system that you want to use to learn bleeding edge stuff and don't mind rebuilding every six months, the latest Fedora might be appropriate. Hopefully I won't start a religious war with the following comments. It's certainly not my intent and it's wonderful to have all these choices - not just MS and MS-lite ;) > CentOS 3.1 (RHEL) Actually it's 3.4 now. 3.4 came out very, very shortly after the equivalent Red Hat 3.4 release. This is my personal pick among the RH clones. I use it on production systems and have never had a glitch. I feel the yum updater has been more reliable than RH up2date. This would be my choice for productions systems where Red Hat is unaffordable and RH support is not essential. One Caveat, Whitebox Linux has better support for older and slower hardware. > Debian 3.0r1 Debian has a deserved reputation for being a steady and dependable OS. I've used it for systems that you just want to turn on and forget (can you spell router). Only drawback for MailScanner Gateways is that it takes a while for the latest complimentary applications to filter down. For example SpamAssassin 3.0x was just recently released for Debian testing. This is not necessarily bad where stability is important. > Fedora Core 2 I think its Fedora 3 now and I don't think that Fedora 2 and 1 are supported any more. This should tell you that you don't want to run this OS on high availability systems (and Red Hat will tell you the same thing) > Fedore Core 1 See above > Gentoo Linux 2004.2 (09-14) No experience > Mandrake 9.1 No experience > Red Hat 8.0 End of life - stay away > Red Hat 9.0 End of life - stay away > Slackware 9.0 No experience > Ubuntu 4.10 What ??? - I've got to look this one up :) You left out Red Hat ES and AS 3.x; If you can afford it and want or need the support, this is a very good choice and one you will never be fired for making. You left out SuSE Enterprise Linux 9.0; Also if you can afford it and want or need the support, this is a very good choice and one you will never be fired for making. It's my personal choice among the commercial versions of Linux. It's well packaged and yast2 updates are the best; but maybe that's because I still like Novell. > > Thanks > > Lance I just know this will garner a few comments. Regards, Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raylund.lai at KANKANWOO.COM Tue Feb 8 02:15:30 2005 From: raylund.lai at KANKANWOO.COM (Raylund Lai) Date: Thu Jan 12 21:28:28 2006 Subject: Which OS? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ubuntu is another variation of Debian with more up-to-date packages. Suggest a link for you to look at is http://distrowatch.com/ Also try to look at FreeBSD if you're not going to install other special packages. Anyany, FreeBSD gets a lot of ports. Cheers Raylund ----- Original Message ----- From: "Stephen Swaney" To: Sent: Monday, February 07, 2005 8:34 PM Subject: Re: Which OS? >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> Behalf Of Lance Haig >> Sent: Monday, February 07, 2005 7:52 PM >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Which OS? >> >> Hi, >> >> I am moving my server to a hosted service. They offer many different >> distributions on the server. >> >> As all you guys have much more experience with MS than I do I was >> wondering if you would offer some advice. >> Of this list which would be the easiest to maintain and run? >> > Lance, > > You caught me at the end o a long day and in a philosophical mood so here > goes. > > What's the easiest to run and support depends on what OS you're most > comfortable with. Solaris people should run MS on Solaris; Folks who are > comfortable with Linux should use Linux and my friend who runs MailScanner > on a Alpha cluster is laughing at all of us. > > You didn't say what level of service want to provide; home, experimental, > commercial service, etc. That does make a difference. If it's a home > system > that you want to use to learn bleeding edge stuff and don't mind > rebuilding > every six months, the latest Fedora might be appropriate. > > Hopefully I won't start a religious war with the following comments. It's > certainly not my intent and it's wonderful to have all these choices - not > just MS and MS-lite ;) > > >> CentOS 3.1 (RHEL) > > Actually it's 3.4 now. 3.4 came out very, very shortly after the > equivalent > Red Hat 3.4 release. This is my personal pick among the RH clones. I use > it > on production systems and have never had a glitch. I feel the yum updater > has been more reliable than RH up2date. This would be my choice for > productions systems where Red Hat is unaffordable and RH support is not > essential. > > One Caveat, Whitebox Linux has better support for older and slower > hardware. > >> Debian 3.0r1 > Debian has a deserved reputation for being a steady and dependable OS. > I've > used it for systems that you just want to turn on and forget (can you > spell > router). Only drawback for MailScanner Gateways is that it takes a while > for > the latest complimentary applications to filter down. For example > SpamAssassin 3.0x was just recently released for Debian testing. This is > not > necessarily bad where stability is important. > >> Fedora Core 2 > I think its Fedora 3 now and I don't think that Fedora 2 and 1 are > supported > any more. This should tell you that you don't want to run this OS on high > availability systems (and Red Hat will tell you the same thing) > >> Fedore Core 1 > See above > >> Gentoo Linux 2004.2 (09-14) > No experience > >> Mandrake 9.1 > No experience > >> Red Hat 8.0 > End of life - stay away > >> Red Hat 9.0 > End of life - stay away > >> Slackware 9.0 > No experience > >> Ubuntu 4.10 > What ??? - I've got to look this one up :) > > You left out Red Hat ES and AS 3.x; > If you can afford it and want or need the support, this is a very good > choice and one you will never be fired for making. > > You left out SuSE Enterprise Linux 9.0; > Also if you can afford it and want or need the support, this is a very > good > choice and one you will never be fired for making. It's my personal choice > among the commercial versions of Linux. It's well packaged and yast2 > updates > are the best; but maybe that's because I still like Novell. > >> >> Thanks >> >> Lance > > I just know this will garner a few comments. > > Regards, > > Steve > > Steve Swaney > President > Fortress Systems Ltd. > Phone: 202 338-1670 > Cell: 202 352-3262 > www.fsl.com > steve.swaney@fsl.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MHewryk at SYMCOR.COM Tue Feb 8 03:01:10 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:28 2006 Subject: Missing BAYES??? Message-ID: What command should I run to get the following? Rebuild Bayes Every = 259200 >>> >>> Wait During Bayes Rebuild = yes What is the bayes rebuild option in MailScanner? Thanks, Magda Hewryk -------------------------------- Mid-Range Systems 905-273-1637 (Office) 416-554-0743 (Cell) Scott Silva To Sent by: MAILSCANNER@JISCMAIL.AC.UK MailScanner cc mailing list Re: Missing BAYES??? 02/07/2005 06:30 PM Please respond to MailScanner mailing list Chris Conn wrote: > Scott Silva wrote: > >> Chris Conn wrote: >> >>>> >>>> not in my experiance. the bayes system should tag all emails. >>>> >>>> I'd make sure MS is doing the re-sync of the bayes DB itself and an >>>> outside cron isn't trying to do this... >>>> >>>> In MainScanner.conf its the rebuild bayes options you need to set >>>> correctly and make sure it's set to wait while this happens as well. >>> >>> >>> >>> >>> Hello, >>> >>> This is what I have: >>> >>> Rebuild Bayes Every = 259200 >>> >>> Wait During Bayes Rebuild = yes >>> >>> Out of 4975 messages marked as possible spam today, only 4842 had >>> BAYES_XXX scores attached, the rest having a bunch of spamassassin >>> scores but no BAYES. >>> >>> Chris >>> >> That is a long Bayes rebuild interval. Maybe it is just taking a long >> time to rebuild. > > > Hello, > > According to my logs, the database rebuilds in about 120 seconds. Is > that excessively long? > > Chris > It shouldn't be that bad, as long as MailScanner is waiting during that time. Maybe check the same area of the log and look for any MailScanner processing log entries during the time of the rebuild. Mine dakes an average of 30 seconds from the rebuild is due to the rebuild completed. But I also run a rebuild every 12 hours, just to keep it light. -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Tue Feb 8 04:47:18 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:28:28 2006 Subject: Which OS? Message-ID: -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Lance Haig Sent: Monday, February 07, 2005 6:52 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Which OS? Hi, I am moving my server to a hosted service. They offer many different distributions on the server. As all you guys have much more experience with MS than I do I was wondering if you would offer some advice. Of this list which would be the easiest to maintain and run? CentOS 3.1 (RHEL) Debian 3.0r1 Fedora Core 2 Fedore Core 1 Gentoo Linux 2004.2 (09-14) Mandrake 9.1 Mandrake 9.1 Red Hat 8.0 Red Hat 9.0 Red Hat 9.0 Slackware 10 Slackware 9.0 Ubuntu 4.10 Thanks Lance I run either RHEL3 or Centos-3.4 on all of my boxen and am quite happy with it. I think it all boils down to which distro YOU are more comfortable working with. Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MHewryk at SYMCOR.COM Tue Feb 8 05:35:52 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:28 2006 Subject: Email whitelisted by MS - is it still checked for viruses? Message-ID: Hi, I just want to make sure that even the mail is whitelisted by MS it is still checked by anti-virus. The control " Ignore Spam Whitelist If Recipients Exceed = 20" didn't work because the spoofed sender sent out one email at a time. I just need to know if "Virus and Content Scanning" runs against whitelisted email? Would you confirm. Feb 7 23:47:40 MailScanner[31876]: Message j184iivk031331 from 142.245.251.90 ( )is whitelisted Feb 7 23:47:42 MailScanner[31876]: Message j184iRvn031300 from 142.245.251.90 ( ) is whitelisted Feb 7 23:47:43 MailScanner[31842]: Message j184iBvk031259 from 142.245.251.90 ( ) is whitelisted Feb 7 23:47:44 MailScanner[31876]: Message j184ijvi031332 from 142.245.251.90 ( ) is whitelisted Feb 7 23:47:46 MailScanner[31842]: Message j184i9vk031256 from 142.245.251.90 ( ) is whitelisted Feb 7 23:47:46 MailScanner[31876]: Message j184iivi031330 from 142.245.251.90 ( ) is whitelisted Feb 7 23:47:49 MailScanner[31876]: Message j184iRvq031300 from 142.245.251.90 ( ) is whitelisted Feb 7 23:47:49 MailScanner[31842]: Message j184iBvi031259 from 142.245.251.90 ( ) is whitelisted Thanks, Magda ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MHewryk at SYMCOR.COM Tue Feb 8 06:47:07 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:28 2006 Subject: Scores for the URIBL_AB within SpamAssassin Message-ID: http://www.surbl.org/lists.html#ab Hi, I just wonder why URIBL_AB is scored so low with BAYES? Usually the last row is higher then the second (network check). Is this an error? Anybody has something similar to the list below? Should I re-write the rules in the spam.assassin.prefs.conf file and change the score? What is the best practice? # URIDNSBL ifplugin Mail::SpamAssassin::Plugin::URIDNSBL score URIBL_AB_SURBL 0 2.007 0 0.417 score URIBL_OB_SURBL 0 1.996 0 3.213 score URIBL_PH_SURBL 0 0.839 0 2.000 score URIBL_SBL 0 0.629 0 0.996 score URIBL_SC_SURBL 0 3.897 0 4.263 score URIBL_WS_SURBL 0 0.539 0 1.462 endif # Mail::SpamAssassin::Plugin::URIDNSBL plus: score URIBL_JP_SURBL 4.0 Thanks, Magda ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Tue Feb 8 08:35:34 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:28 2006 Subject: Which OS? Message-ID: Hi! > As all you guys have much more experience with MS than I do I was > wondering if you would offer some advice. > Of this list which would be the easiest to maintain and run? > Red Hat 8.0 > Red Hat 9.0 > Red Hat 9.0 At least those 3 are end of life, sounds pretty weird to start with those. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Tue Feb 8 10:38:18 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:28 2006 Subject: Which OS? Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Lance Haig > Sent: den 8 februari 2005 01:52 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Which OS? > > > Hi, > > I am moving my server to a hosted service. They offer many different > distributions on the server. > > As all you guys have much more experience with MS than I do I was > wondering if you would offer some advice. > Of this list which would be the easiest to maintain and run? > > CentOS 3.1 (RHEL) > Debian 3.0r1 > Fedora Core 2 > Fedore Core 1 > Gentoo Linux 2004.2 (09-14) > Mandrake 9.1 > Mandrake 9.1 Although Mandrake (10.1) is really OK, these are eol'd since a while back. Don't use them. > Red Hat 8.0 > Red Hat 9.0 > Red Hat 9.0 > Slackware 10 > Slackware 9.0 > Ubuntu 4.10 > > Thanks > > Lance Generally, the list seems to have some rather "moss-endowed" versions... Talk to them about getting something a bit more uptodate. -- Glenn > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Howard at HARPER-ADAMS.AC.UK Tue Feb 8 11:40:10 2005 From: Howard at HARPER-ADAMS.AC.UK (Howard Robinson) Date: Thu Jan 12 21:28:28 2006 Subject: Bayes and spam increase? Message-ID: Dear list members I am in the same situation re bayes scoring. All the emailS I have looked at so far have BAYES_00 -2.60 In my spam.assassin.prefs.conf I have remmed out lines eg. # score BAYES_00 -15.0 # score BAYES_10 -5.0 # score BAYES_90 5.0 # score BAYES_99 15.0 But the lines recommended have an extra column, what does the extra column do. Should I un-rem BAYES_90 & 99? Also do I need to stop and restart mailscanner > score BAYES_00 0 0 -0.05 -0.05 > score BAYES_01 0 0 -0.04 -0.04 > score BAYES_10 0 0 -0.03 -0.03 > score BAYES_20 0 0 -0.02 -0.02 > score BAYES_30 0 0 -0.01 -0.01 > Thanks Regards Howard Robinson (Senior Technical Development Officer) Harper Adams University College Edgmond Newport Shropshire TF10 8NB UK E-mail: hrobinson@harper-adams.ac.uk Tel. : +44(0)1952 820280 Via switchboard : +44(0)1952 815253 Direct line Fax. : +44(0)1952 814783 College Web site http://www.harper-adams.ac.uk ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Tue Feb 8 12:18:45 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:28:28 2006 Subject: Which OS? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Well Guys, Thanks for all the help. It looks like I need to look at finding a hosting solution with SUSE as an option. Thanks for all the sugegstions Lance ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Tue Feb 8 12:26:40 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:28 2006 Subject: Which OS? Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Lance Haig > Sent: den 8 februari 2005 13:19 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Which OS? > > > Well Guys, > > Thanks for all the help. It looks like I need to look at finding a > hosting solution with SUSE as an option. Not a bad choice... Actually, none of the distros would be terribly bad (after all: What one distro can do another distro...:-). What we've been saying mostly is that they seem to be slightly (and in the case of Mandrake not-so-slightly... or rather Very) out-of-date, in regards to the versions they offer. Anyway, Good luck. -- Glenn > > Thanks for all the sugegstions > > Lance > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dfilchak at SYMPATICO.CA Tue Feb 8 12:30:20 2005 From: dfilchak at SYMPATICO.CA (Dave Filchak) Date: Thu Jan 12 21:28:28 2006 Subject: Curious Message-ID: I have been seeing the following off and on in my logs (relatively consistent though). I am curious about them and was wondering if anyone else has been seeing these and if they have any comments on them. Unresolved sender domains: .3..@p: 1 Time(s) 1gx3.@j: 1 Time(s) 2@kya22: 1 Time(s) 4i.@ra: 1 Time(s) 5s@422.c: 1 Time(s) 6644k446664...4.5.4@d: 1 Time(s) 988868@64.-: 1 Time(s) 99.....@9: 1 Time(s) ccat@1.a: 1 Time(s) d1@ubwdbgsls.1.11: 1 Time(s) d@68hte4.80a: 1 Time(s) d@mdiq.ki: 1 Time(s) gs..@g.g: 1 Time(s) jjjx@vj.h.l: 1 Time(s) krickey@aimco.local: 1 Time(s) m.o.@]n: 1 Time(s) of_summers_45@kayla.com.au: 1 Time(s) onnnhohn8.@n: 1 Time(s) qphbf@lexgroup-ltd.com: 1 Time(s) s5@jwwcwqys.yi: 1 Time(s) w@2: 1 Time(s) ww@0.mj-: 1 Time(s) zpyo-.@d: 1 Time(s) Dave ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kte at NEXIS.BE Tue Feb 8 12:37:37 2005 From: kte at NEXIS.BE (Koen Teugels) Date: Thu Jan 12 21:28:28 2006 Subject: Which OS? Message-ID: only RH EL clones Tao Linux Centos Linux or Whitebox Linux I'm looking for a distro as close as possible to RH EL and fast updates + clustering possibilities. thanks Koen ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Tue Feb 8 12:58:55 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:28:28 2006 Subject: Curious Message-ID: I get them all the time. They are bogus domains that spammers try to forge their crap from: Unresolved sender domains: adv@imelvin.com: 7 Time(s) 911B9BF8CE8771CAE0E5E9@ohowexc8.naoxy.com: 6 Time(s) collinlottuj@chch.co.uk: 3 Time(s) lclifton_bu@chemeng.chmt.wits.ac.za: 3 Time(s) loans@creditbank.uk: 2 Time(s) miranda_fw@arborviewinn.ns.ca: 2 Time(s) reneesingleton_pf@arborviewinn.ns.ca: 2 Time(s) wkkuwgu@[203.234.244.164]: 2 Time(s) 03140@rxinet01.walgreens.com: 1 Time(s) EQTIVSLBCJWABS@eR45lucvvmPD6roLq82.tv: 1 Time(s) NDIUWVMATRXYZX@smashinpumpikiner.com: 1 Time(s) agigdde@7.0: 1 Time(s) akgul@ritp.ye: 1 Time(s) alarson_ys@afloat.demon.co.uk: 1 Time(s) antacrp@hotmail.com.au: 1 Time(s) apache@server.tinati.net: 1 Time(s) aygcqb@[203.248.130.173]: 1 Time(s) battery@kfpw.com.au: 1 Time(s) bettie_bergeron_yj@modern-home.co.uk: 1 Time(s) billie.n.meza_rp@squires.co.uk: 1 Time(s) bipjak@[216.63.22.224]: 1 Time(s) bounce-wddwtfwtmcqq@zffpaspa.strenga1.com: 1 Time(s) bounce-yqqbwvbwxmfw@xzzwrcwr.strenga1.com: 1 Time(s) courtesy.114310.145292015@LD1.ntcnnxn.com: 1 Time(s) courtesy.114397.145292015@LD1.ntcnxn.com: 1 Time(s) cwilliamsonmn@star-no-star.fsworld.co.uk: 1 Time(s) deanna_bfield_eq@cantillon.demon.co.uk: 1 Time(s) dharris@somewhere.someplace: 1 Time(s) Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Dave Filchak Sent: Tuesday, February 08, 2005 6:30 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Curious I have been seeing the following off and on in my logs (relatively consistent though). I am curious about them and was wondering if anyone else has been seeing these and if they have any comments on them. Unresolved sender domains: .3..@p: 1 Time(s) 1gx3.@j: 1 Time(s) 2@kya22: 1 Time(s) 4i.@ra: 1 Time(s) 5s@422.c: 1 Time(s) 6644k446664...4.5.4@d: 1 Time(s) 988868@64.-: 1 Time(s) 99.....@9: 1 Time(s) ccat@1.a: 1 Time(s) d1@ubwdbgsls.1.11: 1 Time(s) d@68hte4.80a: 1 Time(s) d@mdiq.ki: 1 Time(s) gs..@g.g: 1 Time(s) jjjx@vj.h.l: 1 Time(s) krickey@aimco.local: 1 Time(s) m.o.@]n: 1 Time(s) of_summers_45@kayla.com.au: 1 Time(s) onnnhohn8.@n: 1 Time(s) qphbf@lexgroup-ltd.com: 1 Time(s) s5@jwwcwqys.yi: 1 Time(s) w@2: 1 Time(s) ww@0.mj-: 1 Time(s) zpyo-.@d: 1 Time(s) Dave ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Tue Feb 8 13:30:51 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:28 2006 Subject: Curious Message-ID: Same here. Many seem to be SomeFool.*/Netsky-related. -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mike Kercher > Sent: den 8 februari 2005 13:59 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Curious > > > I get them all the time. They are bogus domains that > spammers try to forge > their crap from: > > Unresolved sender domains: > adv@imelvin.com: 7 Time(s) > 911B9BF8CE8771CAE0E5E9@ohowexc8.naoxy.com: 6 Time(s) > collinlottuj@chch.co.uk: 3 Time(s) > lclifton_bu@chemeng.chmt.wits.ac.za: 3 Time(s) > loans@creditbank.uk: 2 Time(s) > miranda_fw@arborviewinn.ns.ca: 2 Time(s) > reneesingleton_pf@arborviewinn.ns.ca: 2 Time(s) > wkkuwgu@[203.234.244.164]: 2 Time(s) > 03140@rxinet01.walgreens.com: 1 Time(s) > EQTIVSLBCJWABS@eR45lucvvmPD6roLq82.tv: 1 Time(s) > NDIUWVMATRXYZX@smashinpumpikiner.com: 1 Time(s) > agigdde@7.0: 1 Time(s) > akgul@ritp.ye: 1 Time(s) > alarson_ys@afloat.demon.co.uk: 1 Time(s) > antacrp@hotmail.com.au: 1 Time(s) > apache@server.tinati.net: 1 Time(s) > aygcqb@[203.248.130.173]: 1 Time(s) > battery@kfpw.com.au: 1 Time(s) > bettie_bergeron_yj@modern-home.co.uk: 1 Time(s) > billie.n.meza_rp@squires.co.uk: 1 Time(s) > bipjak@[216.63.22.224]: 1 Time(s) > bounce-wddwtfwtmcqq@zffpaspa.strenga1.com: 1 Time(s) > bounce-yqqbwvbwxmfw@xzzwrcwr.strenga1.com: 1 Time(s) > courtesy.114310.145292015@LD1.ntcnnxn.com: 1 Time(s) > courtesy.114397.145292015@LD1.ntcnxn.com: 1 Time(s) > cwilliamsonmn@star-no-star.fsworld.co.uk: 1 Time(s) > deanna_bfield_eq@cantillon.demon.co.uk: 1 Time(s) > dharris@somewhere.someplace: 1 Time(s) > > Mike > > > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf > Of Dave Filchak > Sent: Tuesday, February 08, 2005 6:30 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Curious > > I have been seeing the following off and on in my logs (relatively > consistent though). I am curious about them and was wondering > if anyone else > has been seeing these and if they have any comments on them. > > Unresolved sender domains: > .3..@p: 1 Time(s) > 1gx3.@j: 1 Time(s) > 2@kya22: 1 Time(s) > 4i.@ra: 1 Time(s) > 5s@422.c: 1 Time(s) > 6644k446664...4.5.4@d: 1 Time(s) > 988868@64.-: 1 Time(s) > 99.....@9: 1 Time(s) > ccat@1.a: 1 Time(s) > d1@ubwdbgsls.1.11: 1 Time(s) > d@68hte4.80a: 1 Time(s) > d@mdiq.ki: 1 Time(s) > gs..@g.g: 1 Time(s) > jjjx@vj.h.l: 1 Time(s) > krickey@aimco.local: 1 Time(s) > m.o.@]n: 1 Time(s) > of_summers_45@kayla.com.au: 1 Time(s) > onnnhohn8.@n: 1 Time(s) > qphbf@lexgroup-ltd.com: 1 Time(s) > s5@jwwcwqys.yi: 1 Time(s) > w@2: 1 Time(s) > ww@0.mj-: 1 Time(s) > zpyo-.@d: 1 Time(s) > > Dave > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Tue Feb 8 13:39:41 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:28 2006 Subject: I don't fully understand how to change the way MailScanner handles spam. How can I change MailScanne Message-ID: I don't fully understand how to change the way MailScanner handles spam. How can I change MailScanner to not filter mail like the scoring it uses for Spamassassin? Below is an example of a header from a newsletter that is being filtered out but not because of Spamassassin scoring. I could always add a whitelist entry but I would rather figure out how to change this. Thanks. Subject: [SPAM] - {Spam as detected by MailScanner} Invitation to Esther Dyson's PC Forum, March 20 to 22: Hello (new) World - Found word(s) to be removed register today in the HTML body MIME-Version: 1.0 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit X-Mailer-Version: 3.5.5 build 727 X-Mailer: Accucast X-Accutrak: CNET_Networks_#3.139973.3432373335333234@newsletters.online.com X-MailScanner-From: cnet_networks_#3.139973.3432373335333234.b@newsletters.online.com Return-Path: X-OriginalArrivalTime: 07 Feb 2005 16:52:12.0103 (UTC) FILETIME=[5E92BD70:01C50D35] This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Tue Feb 8 14:01:04 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:28 2006 Subject: Fw: Virus Detected Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I having trouble with the new version of Clamav (0.82) and some CorelDraw attachments. Any of you have the same problem? Reporte: ClamAV: 22700060-ingles.cdr contains Exploit.W32.MS05-002 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Tue Feb 8 14:05:04 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:28 2006 Subject: I keep getting this error when I reload MailScanner. I can't seem to find any where that points to t Message-ID: I keep getting this error when I reload MailScanner. I can't seem to find any where that points to this spot. Have I missed something? Reloading MailScanner workers: MailScanner: [ OK ] Incoming postfix: postfix: fatal: open /etc/postfix.in/main.cf: No such file or directory [ OK ] Outgoing postfix: postfix/postfix-script: refreshing the Postfix mail system [ OK ] This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Tue Feb 8 14:06:43 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:28 2006 Subject: AWL Still Message-ID: I hate to keep beating a dead horse but I still get e-mails that have AWL scores in them. I have included "use_auto_whitelist 0" in the spam.assassin.prefs.conf. Help. This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at ELIQUID.COM Tue Feb 8 14:11:38 2005 From: mailscanner at ELIQUID.COM (Wess Bechard) Date: Thu Jan 12 21:28:28 2006 Subject: I keep getting this error when I reload MailScanner. I can't seem to find any where that points to t Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Did you make a copy of /etc/postfix as /etc/postfix.in? This must be a Gentoo install :) On Tue, 2005-02-08 at 09:05, David Curtis wrote: I keep getting this error when I reload MailScanner. I can't seem to find any where that points to this spot. Have I missed something? Reloading MailScanner workers: MailScanner: [ OK ] Incoming postfix: postfix: fatal: open /etc/postfix.in/main.cf: No such file or directory [ OK ] Outgoing postfix: postfix/postfix-script: refreshing the Postfix mail system [ OK ] This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! Wess Bechard System Administrator eliquidMEDIA International www.eliquid.com MailScanner on IRC Community Support irc.freenode.net #mailscanner ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nmeverde at NP.K12.MN.US Tue Feb 8 14:30:42 2005 From: nmeverde at NP.K12.MN.US (Nick Meverden) Date: Thu Jan 12 21:28:28 2006 Subject: AWL Still Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > I hate to keep beating a dead horse but I still get e-mails that have > AWL scores in them. I have included "use_auto_whitelist 0" in the > spam.assassin.prefs.conf. make sure that MailScanner.conf has "SpamAssassin Prefs File =" your spam.assassin.prefs.conf file run spamassassin -D on using your prefs file and see if SA finds syntax errors in your spam.assassin.prefs.conf file, also check to see if SA is still trying to score using awl remove the awl database when you reload mailscanner to see if its being recreated. make sure you dont have anything in local.cf overridding your settings. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rzewnickie at RFA.ORG Tue Feb 8 14:24:24 2005 From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki) Date: Thu Jan 12 21:28:28 2006 Subject: check_MailScanner.cron Message-ID: Hi Julian, Hope you're having a good vacation. I noticed that check_MailScanner.cron is trying to call /opt/MailScanner/bin/check_MailScanner which has been renamed to check_mailscanner (no caps). -- Eric Dantan Rzewnicki | Systems Engineer I Technical Operations Division | Radio Free Asia 2025 M Street, NW | Washington, DC 20036 | 202-530-4900 CONFIDENTIAL COMMUNICATION This e-mail message is intended only for the use of the addressee and may contain information that is privileged and confidential. Any unauthorized dissemination, distribution, or copying is strictly prohibited. If you receive this transmission in error, please contact network@rfa.org. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From prandal at HEREFORDSHIRE.GOV.UK Tue Feb 8 14:27:27 2005 From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil) Date: Thu Jan 12 21:28:28 2006 Subject: Virus Detected Message-ID: Yes, and it's been reported on the ClamAV Users mailing list too. Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Roger Jochem > Sent: 08 February 2005 14:01 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Fw: Virus Detected > > I having trouble with the new version of Clamav (0.82) and > some CorelDraw attachments. Any of you have the same problem? > > Reporte: ClamAV: 22700060-ingles.cdr contains Exploit.W32.MS05-002 > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john at TRADOC.FR Tue Feb 8 14:29:14 2005 From: john at TRADOC.FR (John Wilcock) Date: Thu Jan 12 21:28:28 2006 Subject: I keep getting this error when I reload MailScanner. I can't seem to find any where that points to t Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] David Curtis wrote: > I keep getting this error when I reload MailScanner. I can't seem to > find any where that points to this spot. Have I missed something? > Reloading MailScanner workers: > MailScanner: [ OK ] > Incoming postfix: postfix: fatal: open > /etc/postfix.in/main.cf: No such file or directory > [ OK ] > Outgoing postfix: postfix/postfix-script: refreshing the > Postfix mail system > [ OK ] Yes, that happens on the newer single-postfix MailScanner setup, where you don't actually have a separate incoming postfix instance. The Incoming Postfix section of the init script is conditional for start, stop and restart, but not for reload. Just add an appropriate if statement, as per the attached patch. [Julian - it might be good to add this to the distributed version when you get back from your hols] John. -- -- Over 2500 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2: "Attached Text" ] --- /etc/init.d/MailScanner.old 2004-06-01 17:15:16.000000000 +0200 +++ /etc/init.d/MailScanner 2004-06-18 10:32:10.000000000 +0200 @@ -350,7 +350,9 @@ echo if [ $MTA = "postfix" ]; then echo -n ' Incoming postfix: ' - $POSTFIX -c $POSTFIXINCF reload >/dev/null + if [ -f $POSTFIXINCF/main.cf ]; then + $POSTFIX -c $POSTFIXINCF reload >/dev/null + fi success echo echo -n ' Outgoing postfix: ' ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Tue Feb 8 14:55:22 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:28 2006 Subject: I keep getting this error when I reload MailScanner. I can't seem to find any where that points Message-ID: No I did not make any copies. I am running Fedora Core 2. I have no /etc/postfix.in. >>> mailscanner@ELIQUID.COM 2/8/2005 9:11:38 AM >>> Did you make a copy of /etc/postfix as /etc/postfix.in? This must be a Gentoo install :) On Tue, 2005-02-08 at 09:05, David Curtis wrote: > I keep getting this error when I reload MailScanner. I can't seem to > find any where that points to this spot. Have I missed something? > Reloading MailScanner workers: > MailScanner: [ OK ] > Incoming postfix: postfix: fatal: open > /etc/postfix.in/main.cf: No such file or directory > [ OK ] > Outgoing postfix: postfix/postfix-script: refreshing the > Postfix mail system > [ OK ] > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! Wess Bechard System Administrator eliquidMEDIA International www.eliquid.com MailScanner on IRC Community Support irc.freenode.net #mailscanner ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From webalizer at NWCWEB.COM Tue Feb 8 14:29:06 2005 From: webalizer at NWCWEB.COM (Dave Duffner - NWCWEB.com) Date: Thu Jan 12 21:28:28 2006 Subject: AWL Still Message-ID: David, Look in the MailScanner conf file way down low for the 'Use SpamAssassin Whitelist (or Auto something) and that's the setting to ensure it stops. You may see a small weird patch of messages while it clears out as you restart MailScanner after the adjustment, but that cleared it for us. Forces MS to use any whitelists you enter, if you have them. The other conf file entry may work, but the way MS/SA is set up on our Ensim boxes the MS conf file settings change was the key. David J. Duffner VP Operations NWC Corporation www.nwcxpress.com > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of David Curtis > Sent: Tuesday, February 08, 2005 9:07 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: AWL Still > > > I hate to keep beating a dead horse but I still get e-mails > that have AWL scores in them. I have included > "use_auto_whitelist 0" in the spam.assassin.prefs.conf. > > Help. -- Message scanned by MailScanner, and is believed to be clean. CONFIDENTIALITY NOTICE: This transmission intended for the specified destination and person. If this is not you, this e-mail must be deleted immediately. www.nwcweb.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Tue Feb 8 15:05:09 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:28 2006 Subject: AWL Still Message-ID: MailScanner.conf has the setting o.k. Ran spamassassin -D and did not see any errors. I removed the autowhitelist file in /root/.spamassassin/. Thanks. >>> nmeverde@NP.K12.MN.US 2/8/2005 9:30:42 AM >>> > I hate to keep beating a dead horse but I still get e-mails that have > AWL scores in them. I have included "use_auto_whitelist 0" in the > spam.assassin.prefs.conf. make sure that MailScanner.conf has "SpamAssassin Prefs File =" your spam.assassin.prefs.conf file run spamassassin -D on using your prefs file and see if SA finds syntax errors in your spam.assassin.prefs.conf file, also check to see if SA is still trying to score using awl remove the awl database when you reload mailscanner to see if its being recreated. make sure you dont have anything in local.cf overridding your settings. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Tue Feb 8 15:06:27 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:28:28 2006 Subject: check_MailScanner.cron Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I had a similiar problem. I've botched up the MS install here so when I "upgraded" to 4.38.10 I still had an old copy of check_MailScanner and the new check_mailscanner. So the old copy was being called, plus some other scripts that pointed to my old install directories instead of /opt/MailScanner. Took me a couple of days to get all this resolved. Last was getting the correct clamav-autoupdate :-[ Eric Dantan Rzewnicki wrote: >Hi Julian, > >Hope you're having a good vacation. > >I noticed that check_MailScanner.cron is trying to call >/opt/MailScanner/bin/check_MailScanner which has been renamed to >check_mailscanner (no caps). >-- >Eric Dantan Rzewnicki | Systems Engineer I >Technical Operations Division | Radio Free Asia >2025 M Street, NW | Washington, DC 20036 | 202-530-4900 >CONFIDENTIAL COMMUNICATION >This e-mail message is intended only for the use of the addressee and >may contain information that is privileged and confidential. Any >unauthorized dissemination, distribution, or copying is strictly >prohibited. If you receive this transmission in error, please contact >network@rfa.org. > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Ed Bruce Health Plan of Michigan Senior Programmer Phone: 248.226.1512 FAX: 248.204.6569 -- This message has been scanned for viruses and dangerous content by Secure Resource, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Tue Feb 8 15:14:31 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:28 2006 Subject: I keep getting this error when I reload MailScanner. I can't seem to find any where that points Message-ID: Thanks for the input. I am still fairly new to linux. Were do I put this info or is there a command to install the patch? Thanks. >>> john@TRADOC.FR 2/8/2005 9:29:14 AM >>> David Curtis wrote: > I keep getting this error when I reload MailScanner. I can't seem to > find any where that points to this spot. Have I missed something? > Reloading MailScanner workers: > MailScanner: [ OK ] > Incoming postfix: postfix: fatal: open > /etc/postfix.in/main.cf: No such file or directory > [ OK ] > Outgoing postfix: postfix/postfix-script: refreshing the > Postfix mail system > [ OK ] Yes, that happens on the newer single-postfix MailScanner setup, where you don't actually have a separate incoming postfix instance. The Incoming Postfix section of the init script is conditional for start, stop and restart, but not for reload. Just add an appropriate if statement, as per the attached patch. [Julian - it might be good to add this to the distributed version when you get back from your hols] John. -- -- Over 2500 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Tue Feb 8 15:19:13 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:28 2006 Subject: AWL Still Message-ID: I have "SpamAssassin Auto Whitelist = no". This is the only setting I can find in the conf file. >>> webalizer@NWCWEB.COM 2/8/2005 9:29:06 AM >>> David, Look in the MailScanner conf file way down low for the 'Use SpamAssassin Whitelist (or Auto something) and that's the setting to ensure it stops. You may see a small weird patch of messages while it clears out as you restart MailScanner after the adjustment, but that cleared it for us. Forces MS to use any whitelists you enter, if you have them. The other conf file entry may work, but the way MS/SA is set up on our Ensim boxes the MS conf file settings change was the key. David J. Duffner VP Operations NWC Corporation www.nwcxpress.com > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of David Curtis > Sent: Tuesday, February 08, 2005 9:07 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: AWL Still > > > I hate to keep beating a dead horse but I still get e-mails > that have AWL scores in them. I have included > "use_auto_whitelist 0" in the spam.assassin.prefs.conf. > > Help. -- Message scanned by MailScanner, and is believed to be clean. CONFIDENTIALITY NOTICE: This transmission intended for the specified destination and person. If this is not you, this e-mail must be deleted immediately. www.nwcweb.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MHewryk at SYMCOR.COM Tue Feb 8 15:27:13 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:28 2006 Subject: Scores for the URIBL_AB within SpamAssassin Message-ID: Any thoughts on this? Thanks, Magda Magda Hewryk To Sent by: MAILSCANNER@JISCMAIL.AC.UK MailScanner cc mailing list Scores for the URIBL_AB within SpamAssassin 02/08/2005 01:47 AM Please respond to MailScanner mailing list http://www.surbl.org/lists.html#ab Hi, I just wonder why URIBL_AB is scored so low with BAYES? Usually the last row is higher then the second (network check). Is this an error? Anybody has something similar to the list below? Should I re-write the rules in the spam.assassin.prefs.conf file and change the score? What is the best practice? # URIDNSBL ifplugin Mail::SpamAssassin::Plugin::URIDNSBL score URIBL_AB_SURBL 0 2.007 0 0.417 score URIBL_OB_SURBL 0 1.996 0 3.213 score URIBL_PH_SURBL 0 0.839 0 2.000 score URIBL_SBL 0 0.629 0 0.996 score URIBL_SC_SURBL 0 3.897 0 4.263 score URIBL_WS_SURBL 0 0.539 0 1.462 endif # Mail::SpamAssassin::Plugin::URIDNSBL plus: score URIBL_JP_SURBL 4.0 Thanks, Magda ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MHewryk at SYMCOR.COM Tue Feb 8 15:27:35 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:28 2006 Subject: Email whitelisted by MS - is it still checked for viruses? Message-ID: Any news on this? Thanks, Magda Magda Hewryk To Sent by: MAILSCANNER@JISCMAIL.AC.UK MailScanner cc mailing list Email whitelisted by MS - is it still checked for viruses? 02/08/2005 12:35 AM Please respond to MailScanner mailing list Hi, I just want to make sure that even the mail is whitelisted by MS it is still checked by anti-virus. The control " Ignore Spam Whitelist If Recipients Exceed = 20" didn't work because the spoofed sender sent out one email at a time. I just need to know if "Virus and Content Scanning" runs against whitelisted email? Would you confirm. Feb 7 23:47:40 MailScanner[31876]: Message j184iivk031331 from 142.245.251.90 ( )is whitelisted Feb 7 23:47:42 MailScanner[31876]: Message j184iRvn031300 from 142.245.251.90 ( ) is whitelisted Feb 7 23:47:43 MailScanner[31842]: Message j184iBvk031259 from 142.245.251.90 ( ) is whitelisted Feb 7 23:47:44 MailScanner[31876]: Message j184ijvi031332 from 142.245.251.90 ( ) is whitelisted Feb 7 23:47:46 MailScanner[31842]: Message j184i9vk031256 from 142.245.251.90 ( ) is whitelisted Feb 7 23:47:46 MailScanner[31876]: Message j184iivi031330 from 142.245.251.90 ( ) is whitelisted Feb 7 23:47:49 MailScanner[31876]: Message j184iRvq031300 from 142.245.251.90 ( ) is whitelisted Feb 7 23:47:49 MailScanner[31842]: Message j184iBvi031259 from 142.245.251.90 ( ) is whitelisted Thanks, Magda ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Feb 8 15:33:59 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:28 2006 Subject: AWL Still Message-ID: At 09:30 AM 2/8/2005, Nick Meverden wrote: > > I hate to keep beating a dead horse but I still get e-mails that have > > AWL scores in them. I have included "use_auto_whitelist 0" in the > > spam.assassin.prefs.conf. > >make sure that MailScanner.conf has "SpamAssassin Prefs File =" your >spam.assassin.prefs.conf file Nick, that setting only works for SA 2.6. It does not work for SA 3.x ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Feb 8 15:34:32 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:28 2006 Subject: AWL Still Message-ID: At 09:06 AM 2/8/2005, David Curtis wrote: >I hate to keep beating a dead horse but I still get e-mails that have >AWL scores in them. I have included "use_auto_whitelist 0" in the >spam.assassin.prefs.conf. I also hate to beat a dead horse but you did not listen to my advice exactly. With SA 3.0 you MUST set use_auto_whitelist 0 in your /etc/mail/spamassassin/local.cf. use_auto_whitelist is a privileged setting. It cannot be set in spam.assassin.prefs.conf. See man Mail::SpamAssasin::Conf if you don't belive me that it's privileged. See also Message-ID: <6.2.1.2.0.20050207133603.03ae0550@192.168.50.2> ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Tue Feb 8 15:38:42 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:28 2006 Subject: AWL Still Message-ID: I have it in the /etc/mail.spamassassin/local.conf and I have it in the /etc/MailScanner/spam.assassin.prefs.conf. I still had many e-mails that had the AWL score in them. I did listen and I appreciate the advice. Thanks. >>> mkettler@EVI-INC.COM 2/8/2005 10:34:32 AM >>> At 09:06 AM 2/8/2005, David Curtis wrote: >I hate to keep beating a dead horse but I still get e-mails that have >AWL scores in them. I have included "use_auto_whitelist 0" in the >spam.assassin.prefs.conf. I also hate to beat a dead horse but you did not listen to my advice exactly. With SA 3.0 you MUST set use_auto_whitelist 0 in your /etc/mail/spamassassin/local.cf. use_auto_whitelist is a privileged setting. It cannot be set in spam.assassin.prefs.conf. See man Mail::SpamAssasin::Conf if you don't belive me that it's privileged. See also Message-ID: <6.2.1.2.0.20050207133603.03ae0550@192.168.50.2> ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Feb 8 15:45:13 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:28 2006 Subject: Curious Message-ID: At 07:30 AM 2/8/2005, Dave Filchak wrote: >I have been seeing the following off and on in my logs (relatively >consistent though). I am curious about them and was wondering if anyone >else has been seeing these and if they have any comments on them. It's probably viruses. They forge the sender based on addresses they find, and often their "foraging" algorithms pick up things which are not email addresses. I haven't seen a lot of that form recently, but I have seen it plenty before. I also see quite a few viruses trying to use message-id's, and even IE cookie file names as email addresses. A cookie file name extracted from Internet Explorer: @hg1.hitbox[2].txt A message ID: 69.1106270997@mail-app-2001.iad2.amazon.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Tue Feb 8 15:56:47 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:28 2006 Subject: I keep getting this error when I reload MailScanner. I can't seem to find any where that points Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of David Curtis > Sent: den 8 februari 2005 16:15 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: I keep getting this error when I reload > MailScanner. I can't seem to find any where that points > > > Thanks for the input. I am still fairly new to linux. Were do > I put this > info or is there a command to install the patch? Mmm, yes... the "patch" command ("man patch" will tell you more;). You could well just ignore the error for now (it's really not a big deal, and it doesn't harm you in any way), and let Julain do the patching:-). -- Glenn > Thanks. > > >>> john@TRADOC.FR 2/8/2005 9:29:14 AM >>> > David Curtis wrote: > > I keep getting this error when I reload MailScanner. I can't seem to > > find any where that points to this spot. Have I missed something? > > Reloading MailScanner workers: > > MailScanner: [ OK ] > > Incoming postfix: postfix: fatal: open > > /etc/postfix.in/main.cf: No such file or directory > > [ OK ] > > Outgoing postfix: postfix/postfix-script: refreshing the > > Postfix mail system > > [ OK ] > > Yes, that happens on the newer single-postfix MailScanner setup, where > you don't actually have a separate incoming postfix instance. > The Incoming Postfix section of the init script is conditional for > start, stop and restart, but not for reload. > > Just add an appropriate if statement, as per the attached patch. > > [Julian - it might be good to add this to the distributed version when > you get back from your hols] > > John. > > -- > -- Over 2500 webcams from ski resorts around the world - > www.snoweye.com > -- Translate your technical documents and web pages - www.tradoc.fr > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Tue Feb 8 15:57:12 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:28:28 2006 Subject: Email whitelisted by MS - is it still checked for viruses? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Magda Hewryk wrote: >Hi, > >I just want to make sure that even the mail is whitelisted by MS it is >still checked by anti-virus. > > Magda, It is. Don't worry about this. Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From DCurtis at SBSCHOOLS.NET Tue Feb 8 16:02:09 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:28 2006 Subject: I keep getting this error when I reload MailScanner. I can't seem to find any where that points Message-ID: Thanks, I am trying to do every thing at every level so I can learn. One reason I am using Linux. It is just a test server being thrown in the line of fire for testing. We are going to switch over to Exchange this summer and this solution will be in production. So I am doing as much learning as possible now. Thanks. >>> Glenn.Steen@AP1.SE 2/8/2005 10:56:47 AM >>> > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of David Curtis > Sent: den 8 februari 2005 16:15 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: I keep getting this error when I reload > MailScanner. I can't seem to find any where that points > > > Thanks for the input. I am still fairly new to linux. Were do > I put this > info or is there a command to install the patch? Mmm, yes... the "patch" command ("man patch" will tell you more;). You could well just ignore the error for now (it's really not a big deal, and it doesn't harm you in any way), and let Julain do the patching:-). -- Glenn > Thanks. > > >>> john@TRADOC.FR 2/8/2005 9:29:14 AM >>> > David Curtis wrote: > > I keep getting this error when I reload MailScanner. I can't seem to > > find any where that points to this spot. Have I missed something? > > Reloading MailScanner workers: > > MailScanner: [ OK ] > > Incoming postfix: postfix: fatal: open > > /etc/postfix.in/main.cf: No such file or directory > > [ OK ] > > Outgoing postfix: postfix/postfix-script: refreshing the > > Postfix mail system > > [ OK ] > > Yes, that happens on the newer single-postfix MailScanner setup, where > you don't actually have a separate incoming postfix instance. > The Incoming Postfix section of the init script is conditional for > start, stop and restart, but not for reload. > > Just add an appropriate if statement, as per the attached patch. > > [Julian - it might be good to add this to the distributed version when > you get back from your hols] > > John. > > -- > -- Over 2500 webcams from ski resorts around the world - > www.snoweye.com > -- Translate your technical documents and web pages - www.tradoc.fr > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Feb 8 16:04:59 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:28 2006 Subject: AWL Still Message-ID: At 10:38 AM 2/8/2005, David Curtis wrote: >I have it in the /etc/mail.spamassassin/local.conf and I have it in the >/etc/MailScanner/spam.assassin.prefs.conf. I still had many e-mails that >had the AWL score in them. I did listen and I appreciate the advice. Fair enough, you had not mentioned it previously. One question, is local.conf a typo, or is that the real filename? If so, rename it to local.cf. SA only opens /etc/mail/spamassassin/*.cf. It will not open any .conf files. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Tue Feb 8 16:08:15 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:28:28 2006 Subject: I don't fully understand how to change the way MailScanner handles spam. How can I change MailScanne Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] David Curtis wrote: >I don't fully understand how to change the way MailScanner handles spam. >How can I change MailScanner to not filter mail like the scoring it uses >for Spamassassin? Below is an example of a header from a newsletter that >is being filtered out but not because of Spamassassin scoring. I could >always add a whitelist entry but I would rather figure out how to change >this. > >Thanks. > > >Subject: [SPAM] - {Spam as detected by MailScanner} Invitation to >Esther Dyson's PC Forum, March 20 to 22: Hello (new) World - Found >word(s) to be removed register today in the HTML body >MIME-Version: 1.0 >Content-Type: text/html; > charset="ISO-8859-1" >Content-Transfer-Encoding: 7bit >X-Mailer-Version: 3.5.5 build 727 >X-Mailer: Accucast >X-Accutrak: >CNET_Networks_#3.139973.3432373335333234@newsletters.online.com >X-MailScanner-From: >cnet_networks_#3.139973.3432373335333234.b@newsletters.online.com >Return-Path: > >X-OriginalArrivalTime: 07 Feb 2005 16:52:12.0103 (UTC) >FILETIME=[5E92BD70:01C50D35] > > > David, What do you mean by "filtered out"? Do you mean it was quarantined or deleted? What is in your maillog? What are your values for: Spam Actions = High Scoring Spam Actions = Non Spam Actions = How about adding some verbosity to your MS setup? Detailed Spam Report = yes Include Scores In SpamAssassin Report = yes Always Include SpamAssassin Report = yes Log Spam = yes Log Non Spam = yes (beware it can produce a lot a output) Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From DCurtis at SBSCHOOLS.NET Tue Feb 8 16:14:32 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:28 2006 Subject: AWL Still Message-ID: Just a typo. Been dealing with MailScanner conf files so much lately. >>> mkettler@EVI-INC.COM 2/8/2005 11:04:59 AM >>> At 10:38 AM 2/8/2005, David Curtis wrote: >I have it in the /etc/mail.spamassassin/local.conf and I have it in the >/etc/MailScanner/spam.assassin.prefs.conf. I still had many e-mails that >had the AWL score in them. I did listen and I appreciate the advice. Fair enough, you had not mentioned it previously. One question, is local.conf a typo, or is that the real filename? If so, rename it to local.cf. SA only opens /etc/mail/spamassassin/*.cf. It will not open any .conf files. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Tue Feb 8 16:16:44 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:28 2006 Subject: I don't fully understand how to change the way MailScanner handles spam. How can I change MailSc Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] It is being quarantined. This is the whole header from the e-mail. There are no spamassassin scores in it. It looks like MailScanner tags it as spam and does not even rely on spamassassin. >>> Denis.Beauchemin@USHERBROOKE.CA 2/8/2005 11:08:15 AM >>> David Curtis wrote: >I don't fully understand how to change the way MailScanner handles spam. >How can I change MailScanner to not filter mail like the scoring it uses >for Spamassassin? Below is an example of a header from a newsletter that >is being filtered out but not because of Spamassassin scoring. I could >always add a whitelist entry but I would rather figure out how to change >this. > >Thanks. > > >Subject: [SPAM] - {Spam as detected by MailScanner} Invitation to >Esther Dyson's PC Forum, March 20 to 22: Hello (new) World - Found >word(s) to be removed register today in the HTML body >MIME-Version: 1.0 >Content-Type: text/html; > charset="ISO-8859-1" >Content-Transfer-Encoding: 7bit >X-Mailer-Version: 3.5.5 build 727 >X-Mailer: Accucast >X-Accutrak: >CNET_Networks_#3.139973.3432373335333234@newsletters.online.com >X-MailScanner-From: >cnet_networks_#3.139973.3432373335333234.b@newsletters.online.com >Return-Path: > >X-OriginalArrivalTime: 07 Feb 2005 16:52:12.0103 (UTC) >FILETIME=[5E92BD70:01C50D35] > > > David, What do you mean by "filtered out"? Do you mean it was quarantined or deleted? What is in your maillog? What are your values for: Spam Actions = High Scoring Spam Actions = Non Spam Actions = How about adding some verbosity to your MS setup? Detailed Spam Report = yes Include Scores In SpamAssassin Report = yes Always Include SpamAssassin Report = yes Log Spam = yes Log Non Spam = yes (beware it can produce a lot a output) Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kurt at NETDIRECT.CA Tue Feb 8 16:17:28 2005 From: kurt at NETDIRECT.CA (Kurt Bishop) Date: Thu Jan 12 21:28:28 2006 Subject: Blank Email Messages Message-ID: Hi, Recently we have been getting reports of blank or mostly blank messages being sent & received through our server. We have tried to narrow dow the problem and believe that MailScanner (or something related) is altering the HTML message and the mail client cannot display it properly. For example, I received a message the was blank except for the last line of the sender's signature. When doing a View Source on the message, I could see that the HTML version of the message had been reduced to only include what I could see on screen. However, the plain text version of the message was completely intact as the sender had written it. Similarly, my text-based mail client received a copy of this message which contained the entire message body as expected. The mail server logs showed the following entry when the message passed through: Feb 6 05:27:26 mail MailScanner[26382]: Content Checks: Detected and will disarm HTML message in j16ARH09027988 Here's a quick summary of our environment: OS: Fedora Core 3 Kernel: 2.6.9-1.681_FC3 MailScanner: 4.36.4-1 Sendmail: 8.13.1-2 SpamAssassin: 3.0.1-0.FC3 These are the only MailScanner.conf entries I could find mentioning "disarm": Allow Script Tags = disarm Allow WebBugs = disarm Here are some other MailScanner.conf entries that may be informational: Dangerous Content Scanning = yes Allow Partial Messages = no Allow External Message Bodies = no Find Phishing Fraud = yes Allow IFrame Tags = no Log IFrame Tags = no Allow Form Tags = yes Allow Object Codebase Tags = no Convert Dangerous HTML To Text = no Convert HTML To Text = no Any suggestions would be greatly appreicated. Thanks. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Tue Feb 8 16:27:44 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:28:28 2006 Subject: I don't fully understand how to change the way MailScanner handles spam. How can I change MailSc Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] David Curtis wrote: >It is being quarantined. This is the whole header from the e-mail. There are no spamassassin scores in it. It looks like MailScanner tags it as spam and does not even rely on spamassassin. > > David, What's in your maillog for this email? The key lies probably there... Denis > > >>>>Denis.Beauchemin@USHERBROOKE.CA 2/8/2005 11:08:15 AM >>> >>>> >>>> >David Curtis wrote: > > > >>I don't fully understand how to change the way MailScanner handles spam. >>How can I change MailScanner to not filter mail like the scoring it uses >>for Spamassassin? Below is an example of a header from a newsletter that >>is being filtered out but not because of Spamassassin scoring. I could >>always add a whitelist entry but I would rather figure out how to change >>this. >> >>Thanks. >> >> >>Subject: [SPAM] - {Spam as detected by MailScanner} Invitation to >>Esther Dyson's PC Forum, March 20 to 22: Hello (new) World - Found >>word(s) to be removed register today in the HTML body >>MIME-Version: 1.0 >>Content-Type: text/html; >> charset="ISO-8859-1" >>Content-Transfer-Encoding: 7bit >>X-Mailer-Version: 3.5.5 build 727 >>X-Mailer: Accucast >>X-Accutrak: >>CNET_Networks_#3.139973.3432373335333234@newsletters.online.com >>X-MailScanner-From: >>cnet_networks_#3.139973.3432373335333234.b@newsletters.online.com >>Return-Path: >> >>X-OriginalArrivalTime: 07 Feb 2005 16:52:12.0103 (UTC) >>FILETIME=[5E92BD70:01C50D35] >> >> >> >> >> > >David, > >What do you mean by "filtered out"? Do you mean it was quarantined or >deleted? What is in your maillog? > >What are your values for: >Spam Actions = >High Scoring Spam Actions = >Non Spam Actions = > >How about adding some verbosity to your MS setup? >Detailed Spam Report = yes >Include Scores In SpamAssassin Report = yes >Always Include SpamAssassin Report = yes >Log Spam = yes >Log Non Spam = yes (beware it can produce a lot a output) > >Denis > > > -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From DCurtis at SBSCHOOLS.NET Tue Feb 8 16:35:02 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:28 2006 Subject: I don't fully understand how to change the way MailScanner handles spam. How can I change MailSc Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Here is what I found in the log. Again I don't see MailScanner doing a spamassassin check on this message. Feb 7 17:34:20 spamfilter postfix/smtpd[32477]: connect from alias-2.c10-ave-mta3.cnet.com[206.16.1.191] Feb 7 17:34:20 spamfilter postfix/smtpd[32477]: 5538716F5CD: client=alias-2.c10-ave-mta3.cnet.com[206.16.1.191] Feb 7 17:34:21 spamfilter postfix/cleanup[32039]: 5538716F5CD: hold: header Received: from alias-2.c10-ave-mta3.cnet.com (alias-2. Feb 7 17:34:21 spamfilter postfix/cleanup[32039]: 5538716F5CD: message-id=<13092019.1107815659270.JavaMail.accucast@206.16.1.189> Feb 7 17:34:22 spamfilter MailScanner[28181]: New Batch: Scanning 1 messages, 5541 bytes Feb 7 17:34:22 spamfilter MailScanner[28181]: MCP Checks: Starting Feb 7 17:34:22 spamfilter MailScanner[28181]: MCP Checks completed at 5541 bytes per second Feb 7 17:34:22 spamfilter MailScanner[28181]: Spam Checks: Starting Feb 7 17:34:26 spamfilter postfix/smtpd[32477]: disconnect from alias-2.c10-ave-mta3.cnet.com[206.16.1.191] Feb 7 17:34:40 spamfilter MailScanner[28181]: Message 5538716F5CD.EF267 from 206.16.1.191 (cnet_networks_#3.140018.34363630353131. Feb 7 17:34:40 spamfilter MailScanner[28181]: Spam Checks: Found 1 spam messages Feb 7 17:34:40 spamfilter MailScanner[28181]: Spam Actions: message 5538716F5CD.EF267 actions are forward,spam@test.com Feb 7 17:34:40 spamfilter MailScanner[28181]: Spam Checks completed at 307 bytes per second Feb 7 17:34:41 spamfilter MailScanner[28181]: Virus and Content Scanning: Starting Feb 7 17:34:42 spamfilter MailScanner[28181]: Filename Checks: Allowing 5538716F5CD.EF267 msg-28181-86.txt Feb 7 17:34:42 spamfilter MailScanner[28181]: Virus Scanning completed at 2770 bytes per second Feb 7 17:34:42 spamfilter MailScanner[28181]: Requeue: 5538716F5CD.EF267 to F2CDC16F6B8 Feb 7 17:34:42 spamfilter postfix/nqmgr[28160]: F2CDC16F6B8: from=, orig_to=, relay= >>> Denis.Beauchemin@USHERBROOKE.CA 2/8/2005 11:27:44 AM >>> David Curtis wrote: >It is being quarantined. This is the whole header from the e-mail. There are no spamassassin scores in it. It looks like MailScanner tags it as spam and does not even rely on spamassassin. > > David, What's in your maillog for this email? The key lies probably there... Denis > > >>>>Denis.Beauchemin@USHERBROOKE.CA 2/8/2005 11:08:15 AM >>> >>>> >>>> >David Curtis wrote: > > > >>I don't fully understand how to change the way MailScanner handles spam. >>How can I change MailScanner to not filter mail like the scoring it uses >>for Spamassassin? Below is an example of a header from a newsletter that >>is being filtered out but not because of Spamassassin scoring. I could >>always add a whitelist entry but I would rather figure out how to change >>this. >> >>Thanks. >> >> >>Subject: [SPAM] - {Spam as detected by MailScanner} Invitation to >>Esther Dyson's PC Forum, March 20 to 22: Hello (new) World - Found >>word(s) to be removed register today in the HTML body >>MIME-Version: 1.0 >>Content-Type: text/html; >> charset="ISO-8859-1" >>Content-Transfer-Encoding: 7bit >>X-Mailer-Version: 3.5.5 build 727 >>X-Mailer: Accucast >>X-Accutrak: >>CNET_Networks_#3.139973.3432373335333234@newsletters.online.com >>X-MailScanner-From: >>cnet_networks_#3.139973.3432373335333234.b@newsletters.online.com >>Return-Path: >> >>X-OriginalArrivalTime: 07 Feb 2005 16:52:12.0103 (UTC) >>FILETIME=[5E92BD70:01C50D35] >> >> >> >> >> > >David, > >What do you mean by "filtered out"? Do you mean it was quarantined or >deleted? What is in your maillog? > >What are your values for: >Spam Actions = >High Scoring Spam Actions = >Non Spam Actions = > >How about adding some verbosity to your MS setup? >Detailed Spam Report = yes >Include Scores In SpamAssassin Report = yes >Always Include SpamAssassin Report = yes >Log Spam = yes >Log Non Spam = yes (beware it can produce a lot a output) > >Denis > > > -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From greg at BLASTZONE.COM Tue Feb 8 16:47:14 2005 From: greg at BLASTZONE.COM (Greg Deputy) Date: Thu Jan 12 21:28:28 2006 Subject: Blank Email Messages Message-ID: This appears to be the same issue I reported on yesterday > For example, I received a message the was blank except for > the last line of the sender's signature. When doing a View > Source on the message, I could see that the HTML version of > the message had been reduced to only include what I could see > on screen. However, the plain text version of the message > was completely intact as the sender had written it. > Similarly, my text-based mail client received a copy of this > message which contained the entire message body as expected. > > The mail server logs showed the following entry when the > message passed through: > > Feb 6 05:27:26 mail MailScanner[26382]: Content Checks: > Detected and will disarm HTML message in j16ARH09027988 > Just dug through the logs on one of the reported blank emails from a customer, found the same thing: Feb 5 11:35:08 mx MailScanner[28376]: Content Checks: Detected and will disarm HTML message in 3FB3416F679 > Here's a quick summary of our environment: > > OS: Fedora Core 3 > Kernel: 2.6.9-1.681_FC3 > MailScanner: 4.36.4-1 > Sendmail: 8.13.1-2 > SpamAssassin: 3.0.1-0.FC3 > I'm running similar, FC 2, postfix 2.1.5 instead of sendmail, etc > These are the only MailScanner.conf entries I could find > mentioning "disarm": > Hmm, I might try turning off some of those settings to see if it eliminates the problem. Hopefully Julian will have some input once he's back online. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Feb 8 16:57:10 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:28 2006 Subject: AWL Still Message-ID: At 11:14 AM 2/8/2005, David Curtis wrote: >Just a typo. Been dealing with MailScanner conf files so much lately. Hmm... Does spamassassin --lint run quietly, or does it complain? (I'm wondering if SA is choking on your local.cf and just ignoring the whole thing as a result). Does the "site rules dir" in the debug output spamassassin --lint -D match up with the one containing local.cf? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Tue Feb 8 16:58:05 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:28 2006 Subject: autolearn Message-ID: Maybe a real stupid question. Is the autolearn feature something that most people find useful or should it be turned off? Or turned off after so many days or a certain amount of messages pass through the system? This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Feb 8 16:37:49 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:28 2006 Subject: Missing BAYES??? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Magda Hewryk wrote: > What command should I run to get the following? > > Rebuild Bayes Every = 259200 > >>>>Wait During Bayes Rebuild = yes > > > What is the bayes rebuild option in MailScanner? > > > Thanks, > > Magda Hewryk > -------------------------------- > Mid-Range Systems > 905-273-1637 (Office) > 416-554-0743 (Cell) > If you look at the comments in this area you will see that the "Rebuild Bayes Every = xxx" is the number of seconds between rebuilds. 259200 is 3 days, the default in the file is 86400 which is 1 day or 24 hours. If you turn this on, make sure you set "Wait During Bayes Rebuild = yes" so MailScanner doesn't try to process mail during this rebuild, or you will get spamassasssin timeouts, and spam might get through. If you rebuild daily, it shouldn't take more than a minute on a fairly modern processor. I get times near 30 seconds on a dual pIII 1.0 Ghz server. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From krice at SERVERSANDSOLUTIONS.COM Tue Feb 8 17:02:26 2005 From: krice at SERVERSANDSOLUTIONS.COM (Ken Rice) Date: Thu Jan 12 21:28:28 2006 Subject: AWL Still Message-ID: On Tue, 8 Feb 2005 10:34:32 -0500 Matt Kettler wrote: > At 09:06 AM 2/8/2005, David Curtis wrote: > >I hate to keep beating a dead horse but I still get e-mails that have > >AWL scores in them. I have included "use_auto_whitelist 0" in the > >spam.assassin.prefs.conf. > > I also hate to beat a dead horse but you did not listen to my advice exactly. > > With SA 3.0 you MUST set use_auto_whitelist 0 in your > /etc/mail/spamassassin/local.cf. > > use_auto_whitelist is a privileged setting. It cannot be set in > spam.assassin.prefs.conf. > > See man Mail::SpamAssasin::Conf if you don't belive me that it's privileged. I've a symlink from /etc/mail/spamassassin/local.cf to /etc/MailScanner/spam.assassin.prefs.conf, so I'm only editing one file. Is this still ok to do? Not the same as above, but, I'm gun-shy now... > See also > Message-ID: <6.2.1.2.0.20050207133603.03ae0550@192.168.50.2> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Feb 8 17:03:36 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:28 2006 Subject: autolearn Message-ID: At 11:58 AM 2/8/2005, David Curtis wrote: >Maybe a real stupid question. Is the autolearn feature something that >most people find useful or should it be turned off? Or turned off after >so many days or a certain amount of messages pass through the system? I find it useful, but I also find it useful to lower the default ham threshold. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Tue Feb 8 17:34:43 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:28 2006 Subject: AWL Still Message-ID: Here is the entire output. I have a clean copy of Spamassassin i.e I never modified any rules. Thanks. spamassassin --lint --prefs-file=/etc/MailScanner/spam.assassin.prefs.conf -D debug: SpamAssassin version 3.0.2 debug: Score set 0 chosen. debug: running in taint mode? yes debug: Running in taint mode, removing unsafe env vars, and resetting PATH debug: PATH included '/usr/kerberos/sbin', keeping. debug: PATH included '/usr/kerberos/bin', keeping. debug: PATH included '/usr/local/sbin', keeping. debug: PATH included '/usr/local/bin', keeping. debug: PATH included '/sbin', keeping. debug: PATH included '/bin', keeping. debug: PATH included '/usr/sbin', keeping. debug: PATH included '/usr/bin', keeping. debug: PATH included '/usr/X11R6/bin', keeping. debug: PATH included '/root/bin', which doesn't exist, dropping. debug: Final PATH set to: /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin debug: diag: module not installed: DBI ('require' failed) debug: diag: module installed: DB_File, version 1.808 debug: diag: module installed: Digest::SHA1, version 2.10 debug: diag: module installed: IO::Socket::UNIX, version 1.21 debug: diag: module installed: MIME::Base64, version 2.12 debug: diag: module installed: Net::DNS, version 0.48 debug: diag: module not installed: Net::LDAP ('require' failed) debug: diag: module installed: Razor2::Client::Agent, version 2.67 debug: diag: module installed: Storable, version 2.09 debug: diag: module installed: URI, version 1.19 debug: ignore: using a test message to lint rules debug: using "/etc/mail/spamassassin/init.pre" for site rules init.pre debug: config: read file /etc/mail/spamassassin/init.pre debug: using "/usr/share/spamassassin" for default rules dir debug: config: read file /usr/share/spamassassin/10_misc.cf debug: config: read file /usr/share/spamassassin/20_anti_ratware.cf debug: config: read file /usr/share/spamassassin/20_body_tests.cf debug: config: read file /usr/share/spamassassin/20_compensate.cf debug: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf debug: config: read file /usr/share/spamassassin/20_drugs.cf debug: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf debug: config: read file /usr/share/spamassassin/20_head_tests.cf debug: config: read file /usr/share/spamassassin/20_html_tests.cf debug: config: read file /usr/share/spamassassin/20_meta_tests.cf debug: config: read file /usr/share/spamassassin/20_phrases.cf debug: config: read file /usr/share/spamassassin/20_porn.cf debug: config: read file /usr/share/spamassassin/20_ratware.cf debug: config: read file /usr/share/spamassassin/20_uri_tests.cf debug: config: read file /usr/share/spamassassin/23_bayes.cf debug: config: read file /usr/share/spamassassin/25_body_tests_es.cf debug: config: read file /usr/share/spamassassin/25_hashcash.cf debug: config: read file /usr/share/spamassassin/25_spf.cf debug: config: read file /usr/share/spamassassin/25_uribl.cf debug: config: read file /usr/share/spamassassin/30_text_de.cf debug: config: read file /usr/share/spamassassin/30_text_fr.cf debug: config: read file /usr/share/spamassassin/30_text_nl.cf debug: config: read file /usr/share/spamassassin/30_text_pl.cf debug: config: read file /usr/share/spamassassin/50_scores.cf debug: config: read file /usr/share/spamassassin/60_whitelist.cf debug: using "/etc/mail/spamassassin" for site rules dir debug: config: read file /etc/mail/spamassassin/local.cf debug: using "/root/.spamassassin" for user state dir debug: using "/etc/MailScanner/spam.assassin.prefs.conf" for user prefs file debug: config: read file /etc/MailScanner/spam.assassin.prefs.conf debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x963f594) debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0x9fd80e8) debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x9fb9eec) debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x963f594) implements 'parse_config' debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0x9fd80e8) implements 'parse_config' Argument "1.7[B66" isn't numeric in addition (+) at /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/Conf.pm line 244. warning: score set for non-existent rule URIBIL_SBL debug: using "/root/.spamassassin" for user state dir debug: bayes: no dbs present, cannot tie DB R/O: /root/.spamassassin/bayes_toks debug: Score set 1 chosen. debug: ---- MIME PARSER START ---- debug: main message type: text/plain debug: parsing normal part debug: added part, type: text/plain debug: ---- MIME PARSER END ---- debug: bayes: no dbs present, cannot tie DB R/O: /root/.spamassassin/bayes_toks debug: metadata: X-Spam-Relays-Trusted: debug: metadata: X-Spam-Relays-Untrusted: debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x963f594) implements 'parsed_metadata' debug: is Net::DNS::Resolver available? yes debug: Net::DNS version: 0.48 debug: trying (3) doubleclick.com... debug: looking up NS for 'doubleclick.com' debug: NS lookup of doubleclick.com succeeded => Dns available (set dns_available to hardcode) debug: is DNS available? 1 debug: decoding: no encoding detected debug: URIDNSBL: domains to query: debug: all '*From' addrs: ignore@compiling.spamassassin.taint.org debug: Running tests for priority: 0 debug: running header regexp tests; score so far=0 debug: registering glue method for check_hashcash_double_spend (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x9fd80e8)) debug: registering glue method for check_for_spf_helo_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x9fb9eec)) debug: SPF: message was delivered entirely via trusted relays, not required debug: registering glue method for check_hashcash_value (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x9fd80e8)) debug: all '*To' addrs: debug: registering glue method for check_for_spf_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x9fb9eec)) debug: SPF: message was delivered entirely via trusted relays, not required debug: registering glue method for check_for_spf_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x9fb9eec)) debug: registering glue method for check_for_spf_helo_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x9fb9eec)) debug: registering glue method for check_for_spf_helo_fail (Mail::SpamAssassin::Plugin::SPF=HASH(0x9fb9eec)) debug: running body-text per-line regexp tests; score so far=-1.623 debug: running uri tests; score so far=-1.623 debug: registering glue method for check_uridnsbl (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x963f594)) debug: Razor2 is available debug: entering helper-app run mode Razor-Log: Computed razorhome from env: /root/.razor Razor-Log: Found razorhome: /root/.razor Razor-Log: No /root/.razor/razor-agent.conf found, skipping. Razor-Log: No razor-agent.conf found, using defaults. Feb 08 12:22:08.891208 check[23514]: [ 2] [bootup] Logging initiated LogDebugLevel=9 to stdout Feb 08 12:22:08.891981 check[23514]: [ 5] computed razorhome=/root/.razor, conf=, ident=/root/.razor/identity Feb 08 12:22:08.892522 check[23514]: [ 8] Client supported_engines: 4 8 Feb 08 12:22:08.893357 check[23514]: [ 8] prep_mail done: mail 1 headers=93, mime0=1376 Feb 08 12:22:08.894296 check[23514]: [ 5] Can't read file /root/.razor/servers.discovery.lst: No such file or directory Feb 08 12:22:08.894757 check[23514]: [ 5] Can't read file /root/.razor/servers.nomination.lst: No such file or directory Feb 08 12:22:08.895017 check[23514]: [ 5] Can't read file /root/.razor/servers.catalogue.lst: No such file or directory Feb 08 12:22:08.895656 check[23514]: [ 5] no listfile: /root/.razor/servers.catalogue.lst Feb 08 12:22:08.896228 check[23514]: [ 6] no discovery listfile: /root/.razor/servers.discovery.lst Feb 08 12:22:08.896460 check[23514]: [ 5] Finding Discovery Servers via DNS in the razor2.cloudmark.com zone Feb 08 12:22:10.007495 check[23514]: [ 6] Found 1 Discovery Servers via DNS in the razor2.cloudmark.com zone Feb 08 12:22:10.007849 check[23514]: [ 8] Checking with Razor Discovery Server 66.151.150.12 Feb 08 12:22:10.008053 check[23514]: [ 6] No port specified, using 2703 Feb 08 12:22:10.008164 check[23514]: [ 5] Connecting to 66.151.150.12 ... debug: razor2 check timed out after 10 secs. debug: leaving helper-app run mode debug: Razor2 results: spam? 0 highest cf score: 0 debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x963f594) implements 'check_tick' debug: running raw-body-text per-line regexp tests; score so far=-1.623 debug: running full-text regexp tests; score so far=-1.623 debug: Razor2 is available debug: Current PATH is: /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin debug: executable for pyzor was found at /usr/bin/pyzor debug: Pyzor is available: /usr/bin/pyzor debug: entering helper-app run mode debug: setuid: helper proc 23524: ruid=0 euid=0 debug: Pyzor: got response: 217.160.253.84:24441 TimeoutError: debug: leaving helper-app run mode debug: Pyzor: couldn't grok response "217.160.253.84:24441 TimeoutError: " debug: DCCifd is not available: no r/w dccifd socket found. debug: DCC is not available: no executable dccproc found. debug: Running tests for priority: 500 debug: RBL: success for 1 of 1 queries debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x963f594) implements 'check_post_dnsbl' debug: running meta tests; score so far=-1.623 debug: running header regexp tests; score so far=-0.0529999999999999 debug: running body-text per-line regexp tests; score so far=-0.0529999999999999 debug: running uri tests; score so far=-0.0529999999999999 debug: running raw-body-text per-line regexp tests; score so far=-0.0529999999999999 debug: running full-text regexp tests; score so far=-0.0529999999999999 debug: Running tests for priority: 1000 debug: running meta tests; score so far=-0.0529999999999999 debug: running header regexp tests; score so far=-0.0529999999999999 debug: running body-text per-line regexp tests; score so far=-0.0529999999999999 debug: running uri tests; score so far=-0.0529999999999999 debug: running raw-body-text per-line regexp tests; score so far=-0.0529999999999999 debug: running full-text regexp tests; score so far=-0.0529999999999999 debug: is spam? score=-0.053 required=5 debug: tests=ALL_TRUSTED,MISSING_DATE,MISSING_SUBJECT,NO_REAL_NAME debug: subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__SANE_MSGID,__UNUSABLE_MSGID lint: 1 issues detected. please rerun with debug enabled for more information. >>> mkettler@EVI-INC.COM 2/8/2005 11:57:10 AM >>> At 11:14 AM 2/8/2005, David Curtis wrote: >Just a typo. Been dealing with MailScanner conf files so much lately. Hmm... Does spamassassin --lint run quietly, or does it complain? (I'm wondering if SA is choking on your local.cf and just ignoring the whole thing as a result). Does the "site rules dir" in the debug output spamassassin --lint -D match up with the one containing local.cf? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From PHachey at CITY.CORNWALL.ON.CA Tue Feb 8 17:50:53 2005 From: PHachey at CITY.CORNWALL.ON.CA (Philip Hachey) Date: Thu Jan 12 21:28:28 2006 Subject: check_MailScanner.cron Message-ID: My install is in a slightly different location. However, /usr/sbin/check_mailscanner is just a symlink to /usr/sbin/check_MailScanner. Eric Dantan Rzewnicki Sent by: MailScanner mailing list 2005-02-08 09:24 Please respond to MailScanner mailing list To: MAILSCANNER@JISCMAIL.AC.UK cc: Subject: check_MailScanner.cron Hi Julian, Hope you're having a good vacation. I noticed that check_MailScanner.cron is trying to call /opt/MailScanner/bin/check_MailScanner which has been renamed to check_mailscanner (no caps). -- Eric Dantan Rzewnicki | Systems Engineer I Technical Operations Division | Radio Free Asia 2025 M Street, NW | Washington, DC 20036 | 202-530-4900 CONFIDENTIAL COMMUNICATION This e-mail message is intended only for the use of the addressee and may contain information that is privileged and confidential. Any unauthorized dissemination, distribution, or copying is strictly prohibited. If you receive this transmission in error, please contact network@rfa.org. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lenc at ruralcomm.com Tue Feb 8 17:49:51 2005 From: lenc at ruralcomm.com (Leonard Chatagnier) Date: Thu Jan 12 21:28:29 2006 Subject: Mailscanner Installation Problem-Wont Install Message-ID: I have a long standing problem getting Mailscanner to install on my Dell Dimension XPS T450 running Debian GNU/Linux 3.0, kernel 2.4.18-bf2.4. An old Mailscaner version was uninstalled(with difficulty) because it wouldn't update and now it wont install. Request for help with the Debian user list, Google searches, searching your list and reading manuals yielded no success. I hope that someone on the Mailscanner list can help me correct this problem. I'm a newbie to Linux and totally unknowlegable about networks. I have a single PC connecting to Internet using a 56K dialup modem. The terminal output from the install command is below: ChatagnierL-Home:/tmp# dpkg -i mailscanner_4.38.10-1_all.deb (Reading database ... 140708 files and directories currently installed.) Unpacking mailscanner (from mailscanner_4.38.10-1_all.deb) ... /var/lib/dpkg/tmp.ci/preinst: line 22: db_get: command not found dpkg: error processing mailscanner_4.38.10-1_all.deb (--install): subprocess pre-installation script returned error exit status 127 Errors were encountered while processing: mailscanner_4.38.10-1_all.deb ChatagnierL-Home:/tmp# Note: the /tmp.ci/preinst part of the file path doesn't exist so I couldn't investigate it. Mailscanner has never been functional although I setup Exim, spamassassin and f-prot as I thought it should be based on the documentation. Thanks for any help you might provide, Leonard Chatagnier ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From sailer at BNL.GOV Tue Feb 8 17:50:25 2005 From: sailer at BNL.GOV (Tim Sailer) Date: Thu Jan 12 21:28:29 2006 Subject: AWL Still Message-ID: On Tue, Feb 08, 2005 at 12:34:43PM -0500, David Curtis wrote: > Argument "1.7[B66" isn't numeric in addition (+) at This line looks junk from using cursor keys during an edit, and the escape sequences inserted into the file... Tim -- Tim Sailer Information and Special Technologies Program Office of CounterIntelligence Brookhaven National Laboratory (631) 344-3001 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lenc at RURALCOMM.COM Tue Feb 8 17:58:35 2005 From: lenc at RURALCOMM.COM (Leonard Chatagnier) Date: Thu Jan 12 21:28:29 2006 Subject: Mailscanner Installation Problem-Wont Install Message-ID: Leonard Chatagnier wrote: I have a long standing problem getting Mailscanner to install on my Dell Dimension XPS T450 running Debian GNU/Linux 3.0, kernel 2.4.18-bf2.4. An old Mailscaner version was uninstalled(with difficulty) because it wouldn't update and now it wont install. Request for help with the Debian user list, Google searches, searching your list and reading manuals yielded no success. I hope that someone on the Mailscanner list can help me correct this problem. I'm a newbie to Linux and totally unknowlegable about networks. I have a single PC connecting to Internet using a 56K dialup modem. The terminal output from the install command is below: ChatagnierL-Home:/tmp# dpkg -i mailscanner_4.38.10-1_all.deb (Reading database ... 140708 files and directories currently installed.) Unpacking mailscanner (from mailscanner_4.38.10-1_all.deb) ... /var/lib/dpkg/tmp.ci/preinst: line 22: db_get: command not found dpkg: error processing mailscanner_4.38.10-1_all.deb (--install): subprocess pre-installation script returned error exit status 127 Errors were encountered while processing: mailscanner_4.38.10-1_all.deb ChatagnierL-Home:/tmp# Note: the /tmp.ci/preinst part of the file path doesn't exist so I couldn't investigate it. Mailscanner has never been functional although I setup Exim, spamassassin and f-prot as I thought it should be based on the documentation. Thanks for any help you might provide, Leonard Chatagnier Sorry, my Perl version is v5.8.4 built for i386-linux-thread-multi. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MHewryk at SYMCOR.COM Tue Feb 8 18:08:05 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:29 2006 Subject: Missing BAYES??? Message-ID: Thanks! My Bayes options were turned off. But I'm not missing BAYES in the score ..almost every spam has BAYES ... Rebuild Bayes Every = 0 Wait During Bayes Rebuild = no Thanks, Magda Scott Silva To Sent by: MAILSCANNER@JISCMAIL.AC.UK MailScanner cc mailing list Re: Missing BAYES??? 02/08/2005 11:37 AM Please respond to MailScanner mailing list Magda Hewryk wrote: > What command should I run to get the following? > > Rebuild Bayes Every = 259200 > >>>>Wait During Bayes Rebuild = yes > > > What is the bayes rebuild option in MailScanner? > > > Thanks, > > Magda Hewryk > -------------------------------- > Mid-Range Systems > 905-273-1637 (Office) > 416-554-0743 (Cell) > If you look at the comments in this area you will see that the "Rebuild Bayes Every = xxx" is the number of seconds between rebuilds. 259200 is 3 days, the default in the file is 86400 which is 1 day or 24 hours. If you turn this on, make sure you set "Wait During Bayes Rebuild = yes" so MailScanner doesn't try to process mail during this rebuild, or you will get spamassasssin timeouts, and spam might get through. If you rebuild daily, it shouldn't take more than a minute on a fairly modern processor. I get times near 30 seconds on a dual pIII 1.0 Ghz server. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Feb 8 18:18:20 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:29 2006 Subject: AWL Still Message-ID: At 12:02 PM 2/8/2005, Ken Rice wrote: >I've a symlink from /etc/mail/spamassassin/local.cf >to /etc/MailScanner/spam.assassin.prefs.conf, >so I'm only editing one file. > >Is this still ok to do? Not the same as above, but, I'm gun-shy now... I'd recommend not doing that. All you're doing by creating the symlink is forcing SA to parse those options twice. Most SA config options over-write themselves and are fine with this, so you're only wasting CPU time. However, if you wind up doing anything that depends on parse order this might wind up screwing things up. Let's face it, the entire point of using spam.assassin.prefs.conf in the first place is so you can have customized mailscanner-only settings that won't be used when you call SA on the command line. If you want the settings site-wide.. just put them in local.cf and be done with it. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Feb 8 18:22:59 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:29 2006 Subject: AWL Still Message-ID: At 12:34 PM 2/8/2005, David Curtis wrote: >Argument "1.7[B66" isn't numeric in addition (+) at >/usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/Conf.pm line 244. >warning: score set for non-existent rule URIBIL_SBL Ouch.. Looks like at least one of your files has a severely mangled score statement that's got some escape character garbage in it. That would be enough to confuse the parser. grep "+1.7" /etc/mail/spamassassin/local.cf >warning: score set for non-existent rule URIBIL_SBL Non-severe, but you've got a typo there too.. One too many I's. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MHewryk at SYMCOR.COM Tue Feb 8 18:24:09 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:29 2006 Subject: How can I rebuild BAYES manually? Message-ID: Hi, Can I rebuild BAYES manually? Thanks, Magda Magda Hewryk To Sent by: MAILSCANNER@JISCMAIL.AC.UK MailScanner cc mailing list Re: Missing BAYES??? 02/08/2005 01:08 PM Please respond to MailScanner mailing list Thanks! My Bayes options were turned off. But I'm not missing BAYES in the score ..almost every spam has BAYES ... Rebuild Bayes Every = 0 Wait During Bayes Rebuild = no Thanks, Magda Scott Silva To Sent by: MAILSCANNER@JISCMAIL.AC.UK MailScanner cc mailing list Re: Missing BAYES??? 02/08/2005 11:37 AM Please respond to MailScanner mailing list Magda Hewryk wrote: > What command should I run to get the following? > > Rebuild Bayes Every = 259200 > >>>>Wait During Bayes Rebuild = yes > > > What is the bayes rebuild option in MailScanner? > > > Thanks, > > Magda Hewryk > -------------------------------- > Mid-Range Systems > 905-273-1637 (Office) > 416-554-0743 (Cell) > If you look at the comments in this area you will see that the "Rebuild Bayes Every = xxx" is the number of seconds between rebuilds. 259200 is 3 days, the default in the file is 86400 which is 1 day or 24 hours. If you turn this on, make sure you set "Wait During Bayes Rebuild = yes" so MailScanner doesn't try to process mail during this rebuild, or you will get spamassasssin timeouts, and spam might get through. If you rebuild daily, it shouldn't take more than a minute on a fairly modern processor. I get times near 30 seconds on a dual pIII 1.0 Ghz server. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Feb 8 18:28:01 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:29 2006 Subject: How can I rebuild BAYES manually? Message-ID: At 01:24 PM 2/8/2005, Magda Hewryk wrote: >Can I rebuild BAYES manually? sa-learn --rebuild Or: sa-learn --force-expire The latter will do a rebuild and force an expiry run. The former does a rebuild and only runs expiry if it has been long enough since the last rebuild. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kurt at NETDIRECT.CA Tue Feb 8 00:00:00 2005 From: kurt at NETDIRECT.CA (Kurt Bishop) Date: Thu Jan 12 21:28:29 2006 Subject: Blank Email Messages Message-ID: I have tried changing the webbugs and script entries below to yes with no success. -----Original Message----- From: Greg Deputy Date: Tue, 8 Feb 2005 08:47:14 To:MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Blank Email Messages This appears to be the same issue I reported on yesterday > For example, I received a message the was blank except for > the last line of the sender's signature. When doing a View > Source on the message, I could see that the HTML version of > the message had been reduced to only include what I could see > on screen. However, the plain text version of the message > was completely intact as the sender had written it. > Similarly, my text-based mail client received a copy of this > message which contained the entire message body as expected. > > The mail server logs showed the following entry when the > message passed through: > > Feb 6 05:27:26 mail MailScanner[26382]: Content Checks: > Detected and will disarm HTML message in j16ARH09027988 > Just dug through the logs on one of the reported blank emails from a customer, found the same thing: Feb 5 11:35:08 mx MailScanner[28376]: Content Checks: Detected and will disarm HTML message in 3FB3416F679 > Here's a quick summary of our environment: > > OS: Fedora Core 3 > Kernel: 2.6.9-1.681_FC3 > MailScanner: 4.36.4-1 > Sendmail: 8.13.1-2 > SpamAssassin: 3.0.1-0.FC3 > I'm running similar, FC 2, postfix 2.1.5 instead of sendmail, etc > These are the only MailScanner.conf entries I could find > mentioning "disarm": > Hmm, I might try turning off some of those settings to see if it eliminates the problem. Hopefully Julian will have some input once he's back online. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------------- Kurt Bishop Systems Analyst/Consultant Net Direct Inc. 12-564 Weber Street North Waterloo, ON N2L 5C6 Ph: 519-883-1172 x104 Fx: 519-883-8533 http://www.netdirect.ca ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Feb 8 18:25:19 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:29 2006 Subject: Missing BAYES??? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Magda Hewryk wrote: > Thanks! > My Bayes options were turned off. But I'm not missing BAYES in the score > ..almost every spam has BAYES ... > > Rebuild Bayes Every = 0 > Wait During Bayes Rebuild = no > > > Thanks, > > Magda You do need to run a bayes rebuild (expiry) every so often or the bayes database gets rather large and ineffective. If you do not want MailScanner to do it, you can run it from a cron entry. Search the forum for it, I don't want to quote from memory and mess it up. -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Feb 8 18:44:24 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:29 2006 Subject: Blank Email Messages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kurt Bishop wrote: > I have tried changing the webbugs and script entries below to yes with no success. > > -----Original Message----- > From: Greg Deputy > Date: Tue, 8 Feb 2005 08:47:14 > To:MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Blank Email Messages > > This appears to be the same issue I reported on yesterday > > > >>For example, I received a message the was blank except for >>the last line of the sender's signature. When doing a View >>Source on the message, I could see that the HTML version of >>the message had been reduced to only include what I could see >>on screen. However, the plain text version of the message >>was completely intact as the sender had written it. >>Similarly, my text-based mail client received a copy of this >>message which contained the entire message body as expected. >> >>The mail server logs showed the following entry when the >>message passed through: >> >>Feb 6 05:27:26 mail MailScanner[26382]: Content Checks: >>Detected and will disarm HTML message in j16ARH09027988 >> > > > Just dug through the logs on one of the reported blank emails from a > customer, found the same thing: > > Feb 5 11:35:08 mx MailScanner[28376]: Content Checks: Detected and will > disarm HTML message in 3FB3416F679 > > >>Here's a quick summary of our environment: >> >>OS: Fedora Core 3 >>Kernel: 2.6.9-1.681_FC3 >>MailScanner: 4.36.4-1 >>Sendmail: 8.13.1-2 >>SpamAssassin: 3.0.1-0.FC3 >> > > > I'm running similar, FC 2, postfix 2.1.5 instead of sendmail, etc > > >>These are the only MailScanner.conf entries I could find >>mentioning "disarm": >> > > > Hmm, I might try turning off some of those settings to see if it > eliminates the problem. Hopefully Julian will have some input once he's > back online. > Try turning off Phishing for a while. I seem to remember something about that in the last few days. -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dfilchak at SYMPATICO.CA Tue Feb 8 19:00:08 2005 From: dfilchak at SYMPATICO.CA (Dave Filchak) Date: Thu Jan 12 21:28:29 2006 Subject: Curious Message-ID: Yeah that's what I thought. They were just in a format I had not seen before and so I was curious. Thanks Dave Mike Kercher wrote: >I get them all the time. They are bogus domains that spammers try to forge >their crap from: > >Unresolved sender domains: > adv@imelvin.com: 7 Time(s) > 911B9BF8CE8771CAE0E5E9@ohowexc8.naoxy.com: 6 Time(s) > collinlottuj@chch.co.uk: 3 Time(s) > lclifton_bu@chemeng.chmt.wits.ac.za: 3 Time(s) > loans@creditbank.uk: 2 Time(s) > miranda_fw@arborviewinn.ns.ca: 2 Time(s) > reneesingleton_pf@arborviewinn.ns.ca: 2 Time(s) > wkkuwgu@[203.234.244.164]: 2 Time(s) > 03140@rxinet01.walgreens.com: 1 Time(s) > EQTIVSLBCJWABS@eR45lucvvmPD6roLq82.tv: 1 Time(s) > NDIUWVMATRXYZX@smashinpumpikiner.com: 1 Time(s) > agigdde@7.0: 1 Time(s) > akgul@ritp.ye: 1 Time(s) > alarson_ys@afloat.demon.co.uk: 1 Time(s) > antacrp@hotmail.com.au: 1 Time(s) > apache@server.tinati.net: 1 Time(s) > aygcqb@[203.248.130.173]: 1 Time(s) > battery@kfpw.com.au: 1 Time(s) > bettie_bergeron_yj@modern-home.co.uk: 1 Time(s) > billie.n.meza_rp@squires.co.uk: 1 Time(s) > bipjak@[216.63.22.224]: 1 Time(s) > bounce-wddwtfwtmcqq@zffpaspa.strenga1.com: 1 Time(s) > bounce-yqqbwvbwxmfw@xzzwrcwr.strenga1.com: 1 Time(s) > courtesy.114310.145292015@LD1.ntcnnxn.com: 1 Time(s) > courtesy.114397.145292015@LD1.ntcnxn.com: 1 Time(s) > cwilliamsonmn@star-no-star.fsworld.co.uk: 1 Time(s) > deanna_bfield_eq@cantillon.demon.co.uk: 1 Time(s) > dharris@somewhere.someplace: 1 Time(s) > >Mike > > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of Dave Filchak >Sent: Tuesday, February 08, 2005 6:30 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Curious > >I have been seeing the following off and on in my logs (relatively >consistent though). I am curious about them and was wondering if anyone else >has been seeing these and if they have any comments on them. > >Unresolved sender domains: > .3..@p: 1 Time(s) > 1gx3.@j: 1 Time(s) > 2@kya22: 1 Time(s) > 4i.@ra: 1 Time(s) > 5s@422.c: 1 Time(s) > 6644k446664...4.5.4@d: 1 Time(s) > 988868@64.-: 1 Time(s) > 99.....@9: 1 Time(s) > ccat@1.a: 1 Time(s) > d1@ubwdbgsls.1.11: 1 Time(s) > d@68hte4.80a: 1 Time(s) > d@mdiq.ki: 1 Time(s) > gs..@g.g: 1 Time(s) > jjjx@vj.h.l: 1 Time(s) > krickey@aimco.local: 1 Time(s) > m.o.@]n: 1 Time(s) > of_summers_45@kayla.com.au: 1 Time(s) > onnnhohn8.@n: 1 Time(s) > qphbf@lexgroup-ltd.com: 1 Time(s) > s5@jwwcwqys.yi: 1 Time(s) > w@2: 1 Time(s) > ww@0.mj-: 1 Time(s) > zpyo-.@d: 1 Time(s) > >Dave > >------------------------ MailScanner list ------------------------ To >unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the >archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kurt at NETDIRECT.CA Tue Feb 8 00:00:00 2005 From: kurt at NETDIRECT.CA (Kurt Bishop) Date: Thu Jan 12 21:28:29 2006 Subject: Blank Email Messages Message-ID: Thanks for the suggestion. I've disabled phishing for a subset of recipients and will monitor the results. -----Original Message----- From: Scott Silva Date: Tue, 8 Feb 2005 10:44:24 To:MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Blank Email Messages Kurt Bishop wrote: > I have tried changing the webbugs and script entries below to yes with no success. > > -----Original Message----- > From: Greg Deputy > Date: Tue, 8 Feb 2005 08:47:14 > To:MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Blank Email Messages > > This appears to be the same issue I reported on yesterday > > > >>For example, I received a message the was blank except for >>the last line of the sender's signature. When doing a View >>Source on the message, I could see that the HTML version of >>the message had been reduced to only include what I could see >>on screen. However, the plain text version of the message >>was completely intact as the sender had written it. >>Similarly, my text-based mail client received a copy of this >>message which contained the entire message body as expected. >> >>The mail server logs showed the following entry when the >>message passed through: >> >>Feb 6 05:27:26 mail MailScanner[26382]: Content Checks: >>Detected and will disarm HTML message in j16ARH09027988 >> > > > Just dug through the logs on one of the reported blank emails from a > customer, found the same thing: > > Feb 5 11:35:08 mx MailScanner[28376]: Content Checks: Detected and will > disarm HTML message in 3FB3416F679 > > >>Here's a quick summary of our environment: >> >>OS: Fedora Core 3 >>Kernel: 2.6.9-1.681_FC3 >>MailScanner: 4.36.4-1 >>Sendmail: 8.13.1-2 >>SpamAssassin: 3.0.1-0.FC3 >> > > > I'm running similar, FC 2, postfix 2.1.5 instead of sendmail, etc > > >>These are the only MailScanner.conf entries I could find >>mentioning "disarm": >> > > > Hmm, I might try turning off some of those settings to see if it > eliminates the problem. Hopefully Julian will have some input once he's > back online. > Try turning off Phishing for a while. I seem to remember something about that in the last few days. -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------------- Kurt Bishop Systems Analyst/Consultant Net Direct Inc. 12-564 Weber Street North Waterloo, ON N2L 5C6 Ph: 519-883-1172 x104 Fx: 519-883-8533 http://www.netdirect.ca ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Tue Feb 8 19:19:30 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:28:29 2006 Subject: I don't fully understand how to change the way MailScanner handles spam. How can I change MailSc Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] David Curtis wrote: >Here is what I found in the log. Again I don't see MailScanner doing a spamassassin check on this message. >Feb 7 17:34:20 spamfilter postfix/smtpd[32477]: connect from alias-2.c10-ave-mta3.cnet.com[206.16.1.191] >Feb 7 17:34:20 spamfilter postfix/smtpd[32477]: 5538716F5CD: client=alias-2.c10-ave-mta3.cnet.com[206.16.1.191] >Feb 7 17:34:21 spamfilter postfix/cleanup[32039]: 5538716F5CD: hold: header Received: from alias-2.c10-ave-mta3.cnet.com (alias-2. >Feb 7 17:34:21 spamfilter postfix/cleanup[32039]: 5538716F5CD: message-id=<13092019.1107815659270.JavaMail.accucast@206.16.1.189> >Feb 7 17:34:22 spamfilter MailScanner[28181]: New Batch: Scanning 1 messages, 5541 bytes >Feb 7 17:34:22 spamfilter MailScanner[28181]: MCP Checks: Starting >Feb 7 17:34:22 spamfilter MailScanner[28181]: MCP Checks completed at 5541 bytes per second >Feb 7 17:34:22 spamfilter MailScanner[28181]: Spam Checks: Starting >Feb 7 17:34:26 spamfilter postfix/smtpd[32477]: disconnect from alias-2.c10-ave-mta3.cnet.com[206.16.1.191] >Feb 7 17:34:40 spamfilter MailScanner[28181]: Message 5538716F5CD.EF267 from 206.16.1.191 (cnet_networks_#3.140018.34363630353131. >Feb 7 17:34:40 spamfilter MailScanner[28181]: Spam Checks: Found 1 spam messages >Feb 7 17:34:40 spamfilter MailScanner[28181]: Spam Actions: message 5538716F5CD.EF267 actions are forward,spam@test.com > > Looks like MS decided it was SPAM and forwarded the message to spam@test.com... Now, could you answer the following questions: >>What are your values for: >>Spam Actions = >>High Scoring Spam Actions = >>Non Spam Actions = >> >> >> And could you modify your MS config this way? >>How about adding some verbosity to your MS setup? >>Detailed Spam Report = yes >>Include Scores In SpamAssassin Report = yes >>Always Include SpamAssassin Report = yes >>Log Spam = yes >>Log Non Spam = yes (beware it can produce a lot a output) >> >> >> You could also run MS in debug mode (look for Debug = near the end of MailScanner.conf) to get a trace of what's going on. Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From webalizer at NWCWEB.COM Tue Feb 8 19:32:29 2005 From: webalizer at NWCWEB.COM (Dave Duffner - NWCWEB.com) Date: Thu Jan 12 21:28:29 2006 Subject: AWL Still Message-ID: Ok, now here it gets confusing again... Noticed that someone on this List posted and it tagged it with a SA spam tag (we have different tags for MS and SA so we know which one decided to do what). Here's the result of the header portion: X-Spam-Report: * 0.7 BIZ_TLD URI: Contains a URL in the BIZ top-level domain * 43 AWL AWL: Auto-whitelist adjustment X-Spam-Status: Yes, hits=43.5 required=4.0 tests=AWL,BIZ_TLD autolearn=no version=2.60 I note that any .biz traffic seems to have this issue, this time it came up with a 43 AWL adjustment out of the blue? We changed all settings for AWL and it shouldn't even be a factor here. I'll check the local.cf and make sure it's not a factor in this, otherwise I'm lost as to why AWL's still functioning. David J. Duffner VP Operations NWC Corporation www.nwcxpress.com > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Matt Kettler > Sent: Tuesday, February 08, 2005 1:23 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: AWL Still > > > At 12:34 PM 2/8/2005, David Curtis wrote: > >Argument "1.7[B66" isn't numeric in addition (+) at > >/usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/Conf.pm line 244. > >warning: score set for non-existent rule URIBIL_SBL > > Ouch.. Looks like at least one of your files has a severely > mangled score statement that's got some escape character > garbage in it. > > That would be enough to confuse the parser. > > grep "+1.7" /etc/mail/spamassassin/local.cf > > >warning: score set for non-existent rule URIBIL_SBL > > Non-severe, but you've got a typo there too.. One too many I's. > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' > in the body of the email. Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > Message scanned by MailScanner, and is believed to be clean. > CONFIDENTIALITY NOTICE: This transmission intended for the > specified destination and person. If this is not you, this > e-mail must be deleted immediately. www.nwcweb.com > -- Message scanned by MailScanner, and is believed to be clean. CONFIDENTIALITY NOTICE: This transmission intended for the specified destination and person. If this is not you, this e-mail must be deleted immediately. www.nwcweb.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Tue Feb 8 19:37:43 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:29 2006 Subject: I don't fully understand how to change the way MailScanner handles spam. How can I change MailSc Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I think MS is classifying these as spam. I just don't understand how to customize how MS determines spam I know how to customize the spamassassin part but it never uses spamassassin when it determines that the mail is spam. Thanks. >>Spam Actions = forward spam@test.com >>High Scoring Spam Actions = 10 >>Non Spam Actions = deliver Already had these. Have had these since I started with this server. >>Detailed Spam Report = yes >>Include Scores In SpamAssassin Report = yes >>Always Include SpamAssassin Report = yes >>Log Spam = yes >>Log Non Spam = yes >>> Denis.Beauchemin@USHERBROOKE.CA 2/8/2005 2:19:30 PM >>> David Curtis wrote: >Here is what I found in the log. Again I don't see MailScanner doing a spamassassin check on this message. >Feb 7 17:34:20 spamfilter postfix/smtpd[32477]: connect from alias-2.c10-ave-mta3.cnet.com[206.16.1.191] >Feb 7 17:34:20 spamfilter postfix/smtpd[32477]: 5538716F5CD: client=alias-2.c10-ave-mta3.cnet.com[206.16.1.191] >Feb 7 17:34:21 spamfilter postfix/cleanup[32039]: 5538716F5CD: hold: header Received: from alias-2.c10-ave-mta3.cnet.com (alias-2. >Feb 7 17:34:21 spamfilter postfix/cleanup[32039]: 5538716F5CD: message-id=<13092019.1107815659270.JavaMail.accucast@206.16.1.189> >Feb 7 17:34:22 spamfilter MailScanner[28181]: New Batch: Scanning 1 messages, 5541 bytes >Feb 7 17:34:22 spamfilter MailScanner[28181]: MCP Checks: Starting >Feb 7 17:34:22 spamfilter MailScanner[28181]: MCP Checks completed at 5541 bytes per second >Feb 7 17:34:22 spamfilter MailScanner[28181]: Spam Checks: Starting >Feb 7 17:34:26 spamfilter postfix/smtpd[32477]: disconnect from alias-2.c10-ave-mta3.cnet.com[206.16.1.191] >Feb 7 17:34:40 spamfilter MailScanner[28181]: Message 5538716F5CD.EF267 from 206.16.1.191 (cnet_networks_#3.140018.34363630353131. >Feb 7 17:34:40 spamfilter MailScanner[28181]: Spam Checks: Found 1 spam messages >Feb 7 17:34:40 spamfilter MailScanner[28181]: Spam Actions: message 5538716F5CD.EF267 actions are forward,spam@test.com > > Looks like MS decided it was SPAM and forwarded the message to spam@test.com... Now, could you answer the following questions: >>What are your values for: >>Spam Actions = >>High Scoring Spam Actions = >>Non Spam Actions = >> >> >> And could you modify your MS config this way? >>How about adding some verbosity to your MS setup? >>Detailed Spam Report = yes >>Include Scores In SpamAssassin Report = yes >>Always Include SpamAssassin Report = yes >>Log Spam = yes >>Log Non Spam = yes (beware it can produce a lot a output) >> >> >> You could also run MS in debug mode (look for Debug = near the end of MailScanner.conf) to get a trace of what's going on. Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Tue Feb 8 21:22:20 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:29 2006 Subject: nrcpt=1 (queue active) Message-ID: I have started to see a lot of these items in the log. I am not sure what this is. Any ideas? Feb 8 16:09:18 spamfilter MailScanner[31449]: Spam Checks: Starting Feb 8 16:09:20 spamfilter postfix/nqmgr[18998]: C616F16F576: from=<>, size=51780, nrcpt=1 (queue active) Feb 8 16:09:20 spamfilter postfix/nqmgr[18998]: 195AA16F5DA: from=<>, size=3165, nrcpt=1 (queue active) Feb 8 16:09:20 spamfilter postfix/nqmgr[18998]: 16B3616F66C: from=<>, size=38019, nrcpt=1 (queue active) Feb 8 16:09:20 spamfilter postfix/nqmgr[18998]: 2121416F665: from=<>, size=10498, nrcpt=1 (queue active) This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jd at BENTECMED.COM Tue Feb 8 22:57:28 2005 From: jd at BENTECMED.COM (JD) Date: Thu Jan 12 21:28:29 2006 Subject: Mailscanner reports issues. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Does anyone know if there are any issues with mailscanner reporting? I just installed a new version of MailScanner on a fresh RH8 server and reports don't seem to be coming through with infected messages etc. but it looks like they are enabled in the MailScanner.conf -JD ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Tue Feb 8 22:39:16 2005 From: pete at ENITECH.COM.AU (Enitech IT (Peter Russell)) Date: Thu Jan 12 21:28:29 2006 Subject: DNSBL Teasting Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi there. Well after having our mailscanner box decommed in favour of the 10k license for CA our new parent company wanted to use, they have asked me to figure out why all outbound mail takes 4 hours to leave the scanner. It appears as though having a whole of redundant RBLs with 4 hour time outs set can cause your outboun d email queue to clog up. SO! How does one test a whole bunch of RBL addresses quickly? I have some i know dont work anymore, eg monkeys.com but how do i work out all of the others? dynablock.wiredhub.net tt.bl.reynolds.net.au i have a list of 30 or so. regards and thanks Pete ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at REDRED.COM Tue Feb 8 22:53:06 2005 From: itdept at REDRED.COM (RedRed!com IT Department) Date: Thu Jan 12 21:28:29 2006 Subject: DNSBL Teasting Message-ID: go to www.dnstuff.com and run a spam database lookup (top center table). This will give you a pretty comprehensive list of the Lists out there including their response times. Enitech IT (Peter Russell) wrote: > Hi there. Well after having our mailscanner box decommed in favour of > the 10k license for CA our new parent company wanted to use, they have > asked me to figure out why all outbound mail takes 4 hours to leave the > scanner. It appears as though having a whole of redundant RBLs with 4 > hour time outs set can cause your outboun d email queue to clog up. > > SO! How does one test a whole bunch of RBL addresses quickly? > > I have some i know dont work anymore, eg monkeys.com > > but how do i work out all of the others? > > dynablock.wiredhub.net > tt.bl.reynolds.net.au > i have a list of 30 or so. > > regards and thanks > Pete > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Tue Feb 8 23:17:17 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:29 2006 Subject: DNSBL Teasting Message-ID: Hi! > asked me to figure out why all outbound mail takes 4 hours to leave the > scanner. It appears as though having a whole of redundant RBLs with 4 > hour time outs set can cause your outboun d email queue to clog up. > > SO! How does one test a whole bunch of RBL addresses quickly? > > I have some i know dont work anymore, eg monkeys.com > > but how do i work out all of the others? > > dynablock.wiredhub.net > tt.bl.reynolds.net.au > i have a list of 30 or so. Do you run them locally ? (RBLDNSD mirrors) or all remotely. If remotely, its insain. 5-6 are plenty. Just pick the right ones. You are way better off using MailScanner with SA and let SURBL do the work. The multilookups there are much cheaper. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Feb 8 23:45:53 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:29 2006 Subject: AWL Still Message-ID: At 02:32 PM 2/8/2005, Dave Duffner - NWCWEB.com wrote: >X-Spam-Report: > * 0.7 BIZ_TLD URI: Contains a URL in the BIZ top-level domain > * 43 AWL AWL: Auto-whitelist adjustment >X-Spam-Status: Yes, hits=43.5 required=4.0 tests=AWL,BIZ_TLD autolearn=no > version=2.60 > > I note that any .biz traffic seems to have this issue, >this time it came up with a 43 AWL adjustment out of the blue? The two rules are 100% unrelated... BIZ_TLD looks for URL's containing .biz as the TLD of their link. The AWL has nothing to do with URLs at all, so the match between the two is not significant. Looks like you might want to run check-whitelist (from the SA tarball, tools directory) and see what the AWL entries look like... Sounds like GTUBE hangover, something that 2.6 is subject to, but 3.0 is not. >I'll check the local.cf and make sure it's not >a factor in this, otherwise I'm lost as to why AWL's still >functioning. Since you're talking 2.6, don't look at local.cf.. use_auto_whitelist is a SA 3.0 thing.. Also, don't you use MailScanner? Those headers look like they were generated by a direct call to SA, not one made via MailScanner. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Carl.Andrews at CRACKERBARREL.COM Wed Feb 9 02:05:39 2005 From: Carl.Andrews at CRACKERBARREL.COM (Andrews Carl 448) Date: Thu Jan 12 21:28:29 2006 Subject: Mailscanner reports issues. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of JD Sent: Tuesday, February 08, 2005 4:57 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Mailscanner reports issues. Does anyone know if there are any issues with mailscanner reporting? I just installed a new version of MailScanner on a fresh RH8 server and reports don't seem to be coming through with infected messages etc. but it looks like they are enabled in the MailScanner.conf -JD ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Feb 9 09:28:14 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:29 2006 Subject: Bayes and spam increase? Message-ID: Magda bayes was convinced this was ham...hence the bayes_00 score (0% spam). You need to feed these into the bayes DB in order for it to learn these as spam. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Magda Hewryk wrote: > Yes, I've got a lot untagged spam email on the weekend. I found BAYES_00 > -2.60 attached to all of them. > > > Thanks, > > Magda > > > > Matt Kettler > .COM> To > Sent by: MAILSCANNER@JISCMAIL.AC.UK > MailScanner cc > mailing list > MAIL.AC.UK> Re: Bayes and spam increase? > > > 02/07/2005 11:23 > AM > > > Please respond to > MailScanner > mailing list > MAIL.AC.UK> > > > > > > > At 10:43 AM 2/7/2005, Fractal IT Dept. wrote: > >>Hi everyone! >> >>We've noticed an increase in the number of spam sneaking through with >>scores "just under" our threshold. After looking through the headers for >>these messages, I've noticed that bayes seems to have "no opinion" on the >>majority of these (ie. no bayes entry). Am I missing something? I thought >>bayes would score every message? > > > That's not entirely true, especially for the 2.6 series.. in 2.6x or 2.5x, > In those any "no matches" or other 50/50 chance does not get a BAYES_ rule > match. > > Can you tell us what version of SpamAssassin you are using? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Feb 9 09:33:49 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:29 2006 Subject: Bayes and spam increase? Message-ID: Jeff there's some good rules on www.rulesemporium.com than deal with bayes posoining attacks... I also use the following in my local.cf ## look for strings of randoms words with no punctuation.. rawbody CP_RANDOMWORD_10 /(?:\b(?!(?:from|even|more|were|with)\b)[a-z]{4,12}\s+){10}/ describe CP_RANDOMWORD_10 string of 10+ random words score CP_RANDOMWORD_10 0.5 rawbody CP_RANDOMWORD_15 /(?:\b(?!(?:from|even|more|were|with)\b)[a-z]{4,12}\s+){15}/ describe CP_RANDOMWORD_15 string of 15+ random words score CP_RANDOMWORD_15 2.5 uri BAYES_BUSTER /rx359|2004hosting|530000X|openseed|er5hdh|quickforms/i describe BAYES_BUSTER Trying to bypass BAYES score BAYES_BUSTER 10.0 -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Jeff A. Earickson wrote: > This sounds like the "bayes poisoning" issue that has been discussed > numerous times on this list. I've kept the following in my > spam.assassin.prefs.conf file: > > score BAYES_00 0 0 -0.05 -0.05 > score BAYES_01 0 0 -0.04 -0.04 > score BAYES_10 0 0 -0.03 -0.03 > score BAYES_20 0 0 -0.02 -0.02 > score BAYES_30 0 0 -0.01 -0.01 > > I don't trust Bayes enough to let it substantially lower a score -- > only to increase a score. > > Jeff Earickson > Colby College > > On Mon, 7 Feb 2005, Magda Hewryk wrote: > >> Date: Mon, 7 Feb 2005 13:22:41 -0500 >> From: Magda Hewryk >> Reply-To: MailScanner mailing list >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: Bayes and spam increase? >> >> Yes, I've got a lot untagged spam email on the weekend. I found >> BAYES_00 >> -2.60 attached to all of them. >> >> >> Thanks, >> >> Magda >> >> >> >> Matt Kettler >> > .COM> To >> Sent by: MAILSCANNER@JISCMAIL.AC.UK >> MailScanner cc >> mailing list >> > MAIL.AC.UK> Re: Bayes and spam increase? >> >> >> 02/07/2005 11:23 >> AM >> >> >> Please respond to >> MailScanner >> mailing list >> > MAIL.AC.UK> >> >> >> >> >> >> >> At 10:43 AM 2/7/2005, Fractal IT Dept. wrote: >> >>> Hi everyone! >>> >>> We've noticed an increase in the number of spam sneaking through with >>> scores "just under" our threshold. After looking through the headers for >>> these messages, I've noticed that bayes seems to have "no opinion" on >>> the >>> majority of these (ie. no bayes entry). Am I missing something? I >>> thought >>> bayes would score every message? >> >> >> That's not entirely true, especially for the 2.6 series.. in 2.6x or >> 2.5x, >> In those any "no matches" or other 50/50 chance does not get a BAYES_ >> rule >> match. >> >> Can you tell us what version of SpamAssassin you are using? >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Feb 9 09:40:46 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:29 2006 Subject: AWL Still Message-ID: Dave have you restarted MailScanner after you made the change Als oif you are using SA 2.6x then you can get MS to do this as well..in MailScanner.conf set "SpamAssassin Auto Whitelist = no" -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 David Curtis wrote: > I hate to keep beating a dead horse but I still get e-mails that have > AWL scores in them. I have included "use_auto_whitelist 0" in the > spam.assassin.prefs.conf. > > Help. > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Feb 9 09:43:50 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:29 2006 Subject: Scores for the URIBL_AB within SpamAssassin Message-ID: Madga I've adjusted the scores for bayes in my spam.assassin.prefs.conf as the bayes-99 was too low in my view when running net+bayes tests. There was alot of grumbling on the SA-users lists about how the default scores changed radically in the SA3.0 upgrade esp for net+bayes scores. The solution is to manually adjust the scores yourself. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Magda Hewryk wrote: > http://www.surbl.org/lists.html#ab > > Hi, > I just wonder why URIBL_AB is scored so low with BAYES? Usually the last > row is higher then the second (network check). > Is this an error? > Anybody has something similar to the list below? Should I re-write the > rules in the spam.assassin.prefs.conf file and change the score? > What is the best practice? > > # URIDNSBL > ifplugin Mail::SpamAssassin::Plugin::URIDNSBL > score URIBL_AB_SURBL 0 2.007 0 0.417 > score URIBL_OB_SURBL 0 1.996 0 3.213 > score URIBL_PH_SURBL 0 0.839 0 2.000 > score URIBL_SBL 0 0.629 0 0.996 > score URIBL_SC_SURBL 0 3.897 0 4.263 > score URIBL_WS_SURBL 0 0.539 0 1.462 > endif # Mail::SpamAssassin::Plugin::URIDNSBL > > plus: > score URIBL_JP_SURBL 4.0 > > Thanks, > > Magda > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Feb 9 09:46:04 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:29 2006 Subject: Email whitelisted by MS - is it still checked for viruses? Message-ID: Madga AFAIK the setting for spam/virus checking are independant and will not be affected by any spam whitelisting... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Magda Hewryk wrote: > Any news on this? > > Thanks, > > Magda > > > > Magda Hewryk > OM> To > Sent by: MAILSCANNER@JISCMAIL.AC.UK > MailScanner cc > mailing list > MAIL.AC.UK> Email whitelisted by MS - is it > still checked for viruses? > > 02/08/2005 12:35 > AM > > > Please respond to > MailScanner > mailing list > MAIL.AC.UK> > > > > > > > Hi, > > I just want to make sure that even the mail is whitelisted by MS it is > still checked by anti-virus. > The control " Ignore Spam Whitelist If Recipients Exceed = 20" didn't work > because the spoofed sender sent out one email at a time. > > I just need to know if "Virus and Content Scanning" runs against > whitelisted email? > > Would you confirm. > > > Feb 7 23:47:40 MailScanner[31876]: Message j184iivk031331 from > 142.245.251.90 ( )is whitelisted > Feb 7 23:47:42 MailScanner[31876]: Message j184iRvn031300 from > 142.245.251.90 ( ) is whitelisted > Feb 7 23:47:43 MailScanner[31842]: Message j184iBvk031259 from > 142.245.251.90 ( ) is whitelisted > Feb 7 23:47:44 MailScanner[31876]: Message j184ijvi031332 from > 142.245.251.90 ( ) is whitelisted > Feb 7 23:47:46 MailScanner[31842]: Message j184i9vk031256 from > 142.245.251.90 ( ) is whitelisted > Feb 7 23:47:46 MailScanner[31876]: Message j184iivi031330 from > 142.245.251.90 ( ) is whitelisted > Feb 7 23:47:49 MailScanner[31876]: Message j184iRvq031300 from > 142.245.251.90 ( ) is whitelisted > Feb 7 23:47:49 MailScanner[31842]: Message j184iBvi031259 from > 142.245.251.90 ( ) is whitelisted > > Thanks, > > Magda > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Feb 9 09:49:32 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:29 2006 Subject: I don't fully understand how to change the way MailScanner handles spam. How can I change MailSc Message-ID: david are you doing RBL checks within MailScanner? If you are then I suggest you use SA to do them as doing it in MS make the RBL act as a blacklist. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 David Curtis wrote: > It is being quarantined. This is the whole header from the e-mail. There are no spamassassin scores in it. It looks like MailScanner tags it as spam and does not even rely on spamassassin. > > >>>>Denis.Beauchemin@USHERBROOKE.CA 2/8/2005 11:08:15 AM >>> > > David Curtis wrote: > > >>I don't fully understand how to change the way MailScanner handles spam. >>How can I change MailScanner to not filter mail like the scoring it uses >>for Spamassassin? Below is an example of a header from a newsletter that >>is being filtered out but not because of Spamassassin scoring. I could >>always add a whitelist entry but I would rather figure out how to change >>this. >> >>Thanks. >> >> >>Subject: [SPAM] - {Spam as detected by MailScanner} Invitation to >>Esther Dyson's PC Forum, March 20 to 22: Hello (new) World - Found >>word(s) to be removed register today in the HTML body >>MIME-Version: 1.0 >>Content-Type: text/html; >> charset="ISO-8859-1" >>Content-Transfer-Encoding: 7bit >>X-Mailer-Version: 3.5.5 build 727 >>X-Mailer: Accucast >>X-Accutrak: >>CNET_Networks_#3.139973.3432373335333234@newsletters.online.com >>X-MailScanner-From: >>cnet_networks_#3.139973.3432373335333234.b@newsletters.online.com >>Return-Path: >> >>X-OriginalArrivalTime: 07 Feb 2005 16:52:12.0103 (UTC) >>FILETIME=[5E92BD70:01C50D35] >> >> >> > > > David, > > What do you mean by "filtered out"? Do you mean it was quarantined or > deleted? What is in your maillog? > > What are your values for: > Spam Actions = > High Scoring Spam Actions = > Non Spam Actions = > > How about adding some verbosity to your MS setup? > Detailed Spam Report = yes > Include Scores In SpamAssassin Report = yes > Always Include SpamAssassin Report = yes > Log Spam = yes > Log Non Spam = yes (beware it can produce a lot a output) > > Denis > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Feb 9 09:52:42 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:29 2006 Subject: autolearn Message-ID: David yes mine is on...good for continued learning as the spam/ham changes constantly. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 David Curtis wrote: > Maybe a real stupid question. Is the autolearn feature something that > most people find useful or should it be turned off? Or turned off after > so many days or a certain amount of messages pass through the system? > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dcurtis at SBSCHOOLS.NET Wed Feb 9 11:31:16 2005 From: dcurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:29 2006 Subject: autolearn Message-ID: Thanks. Thanks, David Curtis dcurtis@sbschools.net (802) 652-7254 South Burlington School District 550 Dorset Street South Burlington, Vt 05403 >>> martinh@SOLID-STATE-LOGIC.COM 02/09/05 4:52 AM >>> David yes mine is on...good for continued learning as the spam/ham changes constantly. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 David Curtis wrote: > Maybe a real stupid question. Is the autolearn feature something that > most people find useful or should it be turned off? Or turned off after > so many days or a certain amount of messages pass through the system? > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dcurtis at SBSCHOOLS.NET Wed Feb 9 11:30:34 2005 From: dcurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:29 2006 Subject: I don't fully understand how to change the way MailScanner handles spam. How can I change MailSc Message-ID: Yes, MS is doing rbl's. Every thing I have read told me to not have spamassassin do them as it was to much load. Thanks. Thanks, David Curtis dcurtis@sbschools.net (802) 652-7254 South Burlington School District 550 Dorset Street South Burlington, Vt 05403 >>> martinh@SOLID-STATE-LOGIC.COM 02/09/05 4:49 AM >>> david are you doing RBL checks within MailScanner? If you are then I suggest you use SA to do them as doing it in MS make the RBL act as a blacklist. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 David Curtis wrote: > It is being quarantined. This is the whole header from the e-mail. There are no spamassassin scores in it. It looks like MailScanner tags it as spam and does not even rely on spamassassin. > > >>>>Denis.Beauchemin@USHERBROOKE.CA 2/8/2005 11:08:15 AM >>> > > David Curtis wrote: > > >>I don't fully understand how to change the way MailScanner handles spam. >>How can I change MailScanner to not filter mail like the scoring it uses >>for Spamassassin? Below is an example of a header from a newsletter that >>is being filtered out but not because of Spamassassin scoring. I could >>always add a whitelist entry but I would rather figure out how to change >>this. >> >>Thanks. >> >> >>Subject: [SPAM] - {Spam as detected by MailScanner} Invitation to >>Esther Dyson's PC Forum, March 20 to 22: Hello (new) World - Found >>word(s) to be removed register today in the HTML body >>MIME-Version: 1.0 >>Content-Type: text/html; >> charset="ISO-8859-1" >>Content-Transfer-Encoding: 7bit >>X-Mailer-Version: 3.5.5 build 727 >>X-Mailer: Accucast >>X-Accutrak: >>CNET_Networks_#3.139973.3432373335333234@newsletters.online.com >>X-MailScanner-From: >>cnet_networks_#3.139973.3432373335333234.b@newsletters.online.com >>Return-Path: >> >>X-OriginalArrivalTime: 07 Feb 2005 16:52:12.0103 (UTC) >>FILETIME=[5E92BD70:01C50D35] >> >> >> > > > David, > > What do you mean by "filtered out"? Do you mean it was quarantined or > deleted? What is in your maillog? > > What are your values for: > Spam Actions = > High Scoring Spam Actions = > Non Spam Actions = > > How about adding some verbosity to your MS setup? > Detailed Spam Report = yes > Include Scores In SpamAssassin Report = yes > Always Include SpamAssassin Report = yes > Log Spam = yes > Log Non Spam = yes (beware it can produce a lot a output) > > Denis > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Feb 9 11:40:18 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:29 2006 Subject: I don't fully understand how to change the way MailScanner handles spam. How can I change MailSc Message-ID: David I suggest to most people that they do it from SA. If you do it from MS than the RBL acts as a complete blacklist and you've not idea which RBL fired either. If you do it from SA then it only adds to the score and doesn't tend to trigger false positives. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 David Curtis wrote: > Yes, MS is doing rbl's. Every thing I have read told me to not have > spamassassin do them as it was to much load. > > Thanks. > > Thanks, > David Curtis > dcurtis@sbschools.net > (802) 652-7254 > South Burlington School District > 550 Dorset Street > South Burlington, Vt 05403 > >>>>martinh@SOLID-STATE-LOGIC.COM 02/09/05 4:49 AM >>> > > david > > are you doing RBL checks within MailScanner? If you are then I suggest > you use SA to do them as doing it in MS make the RBL act as a > blacklist. > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > David Curtis wrote: > >>It is being quarantined. This is the whole header from the e-mail. > > There are no spamassassin scores in it. It looks like MailScanner tags > it as spam and does not even rely on spamassassin. > >> >>>>>Denis.Beauchemin@USHERBROOKE.CA 2/8/2005 11:08:15 AM >>> >> >>David Curtis wrote: >> >> >> >>>I don't fully understand how to change the way MailScanner handles > > spam. > >>>How can I change MailScanner to not filter mail like the scoring it > > uses > >>>for Spamassassin? Below is an example of a header from a newsletter > > that > >>>is being filtered out but not because of Spamassassin scoring. I could >>>always add a whitelist entry but I would rather figure out how to > > change > >>>this. >>> >>>Thanks. >>> >>> >>>Subject: [SPAM] - {Spam as detected by MailScanner} Invitation to >>>Esther Dyson's PC Forum, March 20 to 22: Hello (new) World - Found >>>word(s) to be removed register today in the HTML body >>>MIME-Version: 1.0 >>>Content-Type: text/html; >>> charset="ISO-8859-1" >>>Content-Transfer-Encoding: 7bit >>>X-Mailer-Version: 3.5.5 build 727 >>>X-Mailer: Accucast >>>X-Accutrak: >>>CNET_Networks_#3.139973.3432373335333234@newsletters.online.com >>>X-MailScanner-From: >>>cnet_networks_#3.139973.3432373335333234.b@newsletters.online.com >>>Return-Path: >>> >>>X-OriginalArrivalTime: 07 Feb 2005 16:52:12.0103 (UTC) >>>FILETIME=[5E92BD70:01C50D35] >>> >>> >>> >> >> >>David, >> >>What do you mean by "filtered out"? Do you mean it was quarantined or >>deleted? What is in your maillog? >> >>What are your values for: >>Spam Actions = >>High Scoring Spam Actions = >>Non Spam Actions = >> >>How about adding some verbosity to your MS setup? >>Detailed Spam Report = yes >>Include Scores In SpamAssassin Report = yes >>Always Include SpamAssassin Report = yes >>Log Spam = yes >>Log Non Spam = yes (beware it can produce a lot a output) >> >>Denis >> > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From m.sapsed at BANGOR.AC.UK Wed Feb 9 12:06:07 2005 From: m.sapsed at BANGOR.AC.UK (M.Sapsed) Date: Thu Jan 12 21:28:29 2006 Subject: Speaking of AWL... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dave Duffner - NWCWEB.com wrote: > For some reason the List server didn't like this the > way it was, so we'll try it again. Thought it saw some > commands or something? > > >>-----Original Message----- >>From: Dave Duffner - NWCWEB.com [mailto:webalizer@nwcweb.com] >>Sent: Monday, February 07, 2005 6:12 PM >>To: 'MailScanner mailing list' >>Subject: RE: Speaking of AWL... >> >> >>Ok, >> [...] The OK was the problem. The Listserv software at JISCMail tries to spot messages to lists which should have gone to the listserv management address instead. OK on a line by itself is one of the things it looks for! This mainly catches unsubscribes going to the list but unfortunately it picks up on this too. Cheers, Martin (list co-owner with Julian) -- Martin Sapsed Information Services "Who do you say I am?" University of Wales, Bangor Jesus of Nazareth ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Wed Feb 9 12:42:42 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:29 2006 Subject: Text files Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I'm facing a strange problem here. I have a RHEL 3 server running Sendmail + Mailscanner. When I send a message with a text file attached from my Windows 98 machine (I use Outlook Express as my mail client), the text file, that was a DOS file, goes to the destinatary as an UNIX file. How can I solve this? Regards Roger Jochem ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Wed Feb 9 13:28:34 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:29 2006 Subject: AWL Still Message-ID: I have restarted. I have SA 3.X Thanks. >>> martinh@SOLID-STATE-LOGIC.COM 2/9/2005 4:40:46 AM >>> Dave have you restarted MailScanner after you made the change Als oif you are using SA 2.6x then you can get MS to do this as well..in MailScanner.conf set "SpamAssassin Auto Whitelist = no" -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 David Curtis wrote: > I hate to keep beating a dead horse but I still get e-mails that have > AWL scores in them. I have included "use_auto_whitelist 0" in the > spam.assassin.prefs.conf. > > Help. > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Wed Feb 9 13:29:26 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:29 2006 Subject: I don't fully understand how to change the way MailScanner handles spam. How can I change MailSc Message-ID: Thank you. I will give that a try. >>> martinh@SOLID-STATE-LOGIC.COM 2/9/2005 6:40:18 AM >>> David I suggest to most people that they do it from SA. If you do it from MS than the RBL acts as a complete blacklist and you've not idea which RBL fired either. If you do it from SA then it only adds to the score and doesn't tend to trigger false positives. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 David Curtis wrote: > Yes, MS is doing rbl's. Every thing I have read told me to not have > spamassassin do them as it was to much load. > > Thanks. > > Thanks, > David Curtis > dcurtis@sbschools.net > (802) 652-7254 > South Burlington School District > 550 Dorset Street > South Burlington, Vt 05403 > >>>>martinh@SOLID-STATE-LOGIC.COM 02/09/05 4:49 AM >>> > > david > > are you doing RBL checks within MailScanner? If you are then I suggest > you use SA to do them as doing it in MS make the RBL act as a > blacklist. > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > David Curtis wrote: > >>It is being quarantined. This is the whole header from the e-mail. > > There are no spamassassin scores in it. It looks like MailScanner tags > it as spam and does not even rely on spamassassin. > >> >>>>>Denis.Beauchemin@USHERBROOKE.CA 2/8/2005 11:08:15 AM >>> >> >>David Curtis wrote: >> >> >> >>>I don't fully understand how to change the way MailScanner handles > > spam. > >>>How can I change MailScanner to not filter mail like the scoring it > > uses > >>>for Spamassassin? Below is an example of a header from a newsletter > > that > >>>is being filtered out but not because of Spamassassin scoring. I could >>>always add a whitelist entry but I would rather figure out how to > > change > >>>this. >>> >>>Thanks. >>> >>> >>>Subject: [SPAM] - {Spam as detected by MailScanner} Invitation to >>>Esther Dyson's PC Forum, March 20 to 22: Hello (new) World - Found >>>word(s) to be removed register today in the HTML body >>>MIME-Version: 1.0 >>>Content-Type: text/html; >>> charset="ISO-8859-1" >>>Content-Transfer-Encoding: 7bit >>>X-Mailer-Version: 3.5.5 build 727 >>>X-Mailer: Accucast >>>X-Accutrak: >>>CNET_Networks_#3.139973.3432373335333234@newsletters.online.com >>>X-MailScanner-From: >>>cnet_networks_#3.139973.3432373335333234.b@newsletters.online.com >>>Return-Path: >>> >>>X-OriginalArrivalTime: 07 Feb 2005 16:52:12.0103 (UTC) >>>FILETIME=[5E92BD70:01C50D35] >>> >>> >>> >> >> >>David, >> >>What do you mean by "filtered out"? Do you mean it was quarantined or >>deleted? What is in your maillog? >> >>What are your values for: >>Spam Actions = >>High Scoring Spam Actions = >>Non Spam Actions = >> >>How about adding some verbosity to your MS setup? >>Detailed Spam Report = yes >>Include Scores In SpamAssassin Report = yes >>Always Include SpamAssassin Report = yes >>Log Spam = yes >>Log Non Spam = yes (beware it can produce a lot a output) >> >>Denis >> > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ccampbell at BRUEGGERS.COM Wed Feb 9 13:25:36 2005 From: ccampbell at BRUEGGERS.COM (Christian Campbell) Date: Thu Jan 12 21:28:29 2006 Subject: Blank Email Messages Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Recently we have been getting reports of blank or mostly > blank messages > being sent & received through our server. We have tried to > narrow dow the > problem and believe that MailScanner (or something related) > is altering the > HTML message and the mail client cannot display it properly. > We're seeing the exact same symptoms here too. We're running: mailscanner-4.35.11-1 spamassassin 2.63 RedHat 8.0 ClamAV/F-Prot/BitDefender/Razor/SURBL Christian Christian Campbell Systems Engineer, Sair LCP, A+, N+, i-Net+ Bruegger's Enterprises Desk: 802-652-9270 Cell: 802-734-5023 Fax: 802-660-4034 Email: ccampbell at brueggers dot com PGP Public Key available via PGP keyservers or http://www2.brueggers.com/pgp/ccampbell.html "We all know Linux is great... It does infinite loops in 5 seconds." -Linus Torvalds Christian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3-nr1 (Windows XP) - GPGshell v3.10 iD8DBQFCChCSbedHH5VEUwcRAqBzAJ41SOlAjm7koHng6s/qCWYiE4cVgACffq/6 6MdTMBlcPcp/iabIUI+idfs= =U2Q5 -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Feb 9 13:39:53 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:29 2006 Subject: Blank Email Messages Message-ID: Could be a problem with the MIME libraries. If you update to the latest version it has the latest MIME libraries in their an dit could well fix the issue. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Christian Campbell wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > >>Recently we have been getting reports of blank or mostly >>blank messages >>being sent & received through our server. We have tried to >>narrow dow the >>problem and believe that MailScanner (or something related) >>is altering the >>HTML message and the mail client cannot display it properly. >> > > > We're seeing the exact same symptoms here too. We're running: > > mailscanner-4.35.11-1 > spamassassin 2.63 > RedHat 8.0 > ClamAV/F-Prot/BitDefender/Razor/SURBL > > Christian > > > > Christian Campbell > Systems Engineer, Sair LCP, A+, N+, i-Net+ > Bruegger's Enterprises > Desk: 802-652-9270 > Cell: 802-734-5023 > Fax: 802-660-4034 > Email: ccampbell at brueggers dot com > > PGP Public Key available via PGP keyservers > or http://www2.brueggers.com/pgp/ccampbell.html > > "We all know Linux is great... > It does infinite loops in 5 seconds." > -Linus Torvalds > > > Christian > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.3-nr1 (Windows XP) - GPGshell v3.10 > > iD8DBQFCChCSbedHH5VEUwcRAqBzAJ41SOlAjm7koHng6s/qCWYiE4cVgACffq/6 > 6MdTMBlcPcp/iabIUI+idfs= > =U2Q5 > -----END PGP SIGNATURE----- > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Wed Feb 9 13:44:00 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:29 2006 Subject: Text files Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] The problem does not occur for all text files. I didn't figured out when it happens. The files where I encountered the problem are identified by the file comand as: ASCII text, with very long lines, with CRLF line terminators ----- Original Message ----- From: Roger Jochem To: MAILSCANNER@JISCMAIL.AC.UK Sent: Wednesday, February 09, 2005 10:42 AM Subject: Text files I'm facing a strange problem here. I have a RHEL 3 server running Sendmail + Mailscanner. When I send a message with a text file attached from my Windows 98 machine (I use Outlook Express as my mail client), the text file, that was a DOS file, goes to the destinatary as an UNIX file. How can I solve this? Regards Roger Jochem ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From G.Pentland at SOTON.AC.UK Wed Feb 9 13:57:06 2005 From: G.Pentland at SOTON.AC.UK (Pentland G.) Date: Thu Jan 12 21:28:29 2006 Subject: Blank Email Messages Message-ID: Did anyone get the response to this I sent yesterday? It appears that at least one of my posts on this hasn't worked/came back. Gary Martin Hepworth wrote: > Could be a problem with the MIME libraries. If you update to the > latest version it has the latest MIME libraries in their an dit could > well fix the issue. > > Christian Campbell wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >>> Recently we have been getting reports of blank or mostly blank >>> messages being sent & received through our server. We have tried >>> to narrow dow the problem and believe that MailScanner (or >>> something related) is altering the HTML message and the mail client >>> cannot display it properly. >>> >> >> >> We're seeing the exact same symptoms here too. We're running: >> >> mailscanner-4.35.11-1 >> spamassassin 2.63 >> RedHat 8.0 >> ClamAV/F-Prot/BitDefender/Razor/SURBL >> >> Christian >> >> >> >> Christian Campbell >> Systems Engineer, Sair LCP, A+, N+, i-Net+ >> Bruegger's Enterprises >> Desk: 802-652-9270 >> Cell: 802-734-5023 >> Fax: 802-660-4034 >> Email: ccampbell at brueggers dot com >> >> PGP Public Key available via PGP keyservers >> or http://www2.brueggers.com/pgp/ccampbell.html >> >> "We all know Linux is great... >> It does infinite loops in 5 seconds." >> -Linus Torvalds >> >> >> Christian >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.2.3-nr1 (Windows XP) - GPGshell v3.10 >> >> iD8DBQFCChCSbedHH5VEUwcRAqBzAJ41SOlAjm7koHng6s/qCWYiE4cVgACffq/6 >> 6MdTMBlcPcp/iabIUI+idfs= =U2Q5 >> -----END PGP SIGNATURE----- >> >> ------------------------ MailScanner list ------------------------ To >> unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >> mailscanner' in the body of the email. Before posting, read the MAQ >> (http://www.mailscanner.biz/maq/) and the archives >> (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept for the > presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Wed Feb 9 14:08:20 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:28:29 2006 Subject: I don't fully understand how to change the way MailScanner handles spam. How can I change MailSc Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin Hepworth wrote: > David > > I suggest to most people that they do it from SA. > > If you do it from MS than the RBL acts as a complete blacklist and > you've not idea which RBL fired either. > > If you do it from SA then it only adds to the score and doesn't tend to > trigger false positives. Martin, I agree with you it is better in SA but if you use them in MS you will know which one triggered as long as you enable some verbosity. As I log all spam to syslog I had the info there. Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From Glenn.Steen at AP1.SE Wed Feb 9 14:33:56 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:29 2006 Subject: I don't fully understand how to change the way MailScanner handles spam. How can I change MailSc Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] True, and if you use MW, you have it in the spamreport (in maillog). -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Denis Beauchemin > Sent: den 9 februari 2005 15:08 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: I don't fully understand how to change the way > MailScanner handles spam. How can I change MailSc > > > Martin Hepworth wrote: > > > David > > > > I suggest to most people that they do it from SA. > > > > If you do it from MS than the RBL acts as a complete blacklist and > > you've not idea which RBL fired either. > > > > If you do it from SA then it only adds to the score and > doesn't tend to > > trigger false positives. > > > Martin, > > I agree with you it is better in SA but if you use them in MS > you will > know which one triggered as long as you enable some > verbosity. As I log > all spam to syslog I had the info there. > > Denis > > -- > _ > °v° Denis Beauchemin, analyste > /(_)\ Université de Sherbrooke, S.T.I. > ^ ^ T: 819.821.8000x2252 F: 819.821.8045 > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From stef at L5NET.NET Wed Feb 9 14:57:25 2005 From: stef at L5NET.NET (Stef Morrell) Date: Thu Jan 12 21:28:29 2006 Subject: Spam detection software, running on the system ", has Message-ID: That looks like standard output from SpamAssassin. I'm not sure why you would see it if you were using it in conjunction with MailScanner. Both SA and MS can be configured to either send or discard spam emails, optionally marked as such in the subject line for filtering. It *might* be learning, if you have the auto-bayes turned on, but the message means no more or less than what it says. I guess in answer to the final question, yes - it's normal, if your system is set up that way. Perhaps better to say it's not abnormal. Stef -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of David Ballengee Sent: 07 February 2005 20:36 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Spam detection software, running on the system ", has I am reletively new to mail scanner and spamassassin. Anyway I am getting alot of message with Spam detection software, running on the system "", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. anyway is this normal? Is this just the system learning?? thanks Dave ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- This email has been scanned by Level 5 Internet for viruses, spam and dangerous content. For more information please visit http://www.l5net.net ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From webalizer at NWCWEB.COM Wed Feb 9 15:41:42 2005 From: webalizer at NWCWEB.COM (Dave Duffner - NWCWEB.com) Date: Thu Jan 12 21:28:29 2006 Subject: AWL Still Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Matt Kettler > Sent: Tuesday, February 08, 2005 6:46 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: AWL Still > > > At 02:32 PM 2/8/2005, Dave Duffner - NWCWEB.com wrote: > >X-Spam-Report: > > * 0.7 BIZ_TLD URI: Contains a URL in the BIZ > top-level domain > > * 43 AWL AWL: Auto-whitelist adjustment > >X-Spam-Status: Yes, hits=43.5 required=4.0 tests=AWL,BIZ_TLD > autolearn=no > > version=2.60 > > > > I note that any .biz traffic seems to have this issue, this > >time it came up with a 43 AWL adjustment out of the blue? > > The two rules are 100% unrelated... > > BIZ_TLD looks for URL's containing .biz as the TLD of their link. > > The AWL has nothing to do with URLs at all, so the match > between the two is not significant. > > Looks like you might want to run check-whitelist (from the SA > tarball, tools directory) and see what the AWL entries look > like... Sounds like GTUBE hangover, something that 2.6 is > subject to, but 3.0 is not. Gotcha, will check that out and see what it has to say... > >I'll check the local.cf and make sure it's not > >a factor in this, otherwise I'm lost as to why AWL's still > functioning. > > Since you're talking 2.6, don't look at local.cf.. > use_auto_whitelist is a SA 3.0 thing.. Actually I checked everywhere to ensure either these switches are off or 0 or non-existant. Can't find a single point where they would still be turned on. Also restarted all services after any changes as a normal policy, even a server reboot here and there just because. So any changes should have taken/been imported to eliminate AWL. And we see other changes that indicate it should have worked and is working, which is the strange part. > Also, don't you use MailScanner? Those headers look like they > were generated by a direct call to SA, not one made via MailScanner. Well we have MS/SA/ClamAV but on an Ensim Pro/RH Fedora Core 1 box. The Enism integration requires MS, but if you turn on the SA feature within it, it double-scans everything. So it's using MS to scope/scan it first, then hands off anything it deems acceptable to SA to then process. But it's MS calling it up to be used in the handoff, so the pref's conf file settings override any SA direct settings. But we did scope those SA conf & cf files, anything and everything should be killed for AWL? -- Message scanned by MailScanner, and is believed to be clean. CONFIDENTIALITY NOTICE: This transmission intended for the specified destination and person. If this is not you, this e-mail must be deleted immediately. www.nwcweb.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From harryh at CET.COM Wed Feb 9 15:49:56 2005 From: harryh at CET.COM (Harry Hanson) Date: Thu Jan 12 21:28:29 2006 Subject: Allowing PDF files Message-ID: I need to allow pdf files to be accepted and not stripped from the attachment. I looked through the MailScanner.conf file but could find where this was being denied, or I could allow this. Thanks --- [This E-mail scanned for viruses] ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Wed Feb 9 15:55:25 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:28:29 2006 Subject: Bayes and spam increase? Message-ID: Martin, Thanks, I'll give these a test drive in my spam.assassin.prefs.conf. time to look at rulesemporium again, haven't since SA 2.6. Jeff Earickson On Wed, 9 Feb 2005, Martin Hepworth wrote: > Date: Wed, 9 Feb 2005 09:33:49 +0000 > From: Martin Hepworth > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Bayes and spam increase? > > Jeff > > there's some good rules on www.rulesemporium.com than deal with bayes > posoining attacks... > > I also use the following in my local.cf > > ## look for strings of randoms words with no punctuation.. > rawbody CP_RANDOMWORD_10 > /(?:\b(?!(?:from|even|more|were|with)\b)[a-z]{4,12}\s+){10}/ > describe CP_RANDOMWORD_10 string of 10+ random words > score CP_RANDOMWORD_10 0.5 > > rawbody CP_RANDOMWORD_15 > /(?:\b(?!(?:from|even|more|were|with)\b)[a-z]{4,12}\s+){15}/ > describe CP_RANDOMWORD_15 string of 15+ random words > score CP_RANDOMWORD_15 2.5 > > uri BAYES_BUSTER /rx359|2004hosting|530000X|openseed|er5hdh|quickforms/i > describe BAYES_BUSTER Trying to bypass BAYES > score BAYES_BUSTER 10.0 > > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Jeff A. Earickson wrote: >> This sounds like the "bayes poisoning" issue that has been discussed >> numerous times on this list. I've kept the following in my >> spam.assassin.prefs.conf file: >> >> score BAYES_00 0 0 -0.05 -0.05 >> score BAYES_01 0 0 -0.04 -0.04 >> score BAYES_10 0 0 -0.03 -0.03 >> score BAYES_20 0 0 -0.02 -0.02 >> score BAYES_30 0 0 -0.01 -0.01 >> >> I don't trust Bayes enough to let it substantially lower a score -- >> only to increase a score. >> >> Jeff Earickson >> Colby College >> >> On Mon, 7 Feb 2005, Magda Hewryk wrote: >> >>> Date: Mon, 7 Feb 2005 13:22:41 -0500 >>> From: Magda Hewryk >>> Reply-To: MailScanner mailing list >>> To: MAILSCANNER@JISCMAIL.AC.UK >>> Subject: Re: Bayes and spam increase? >>> >>> Yes, I've got a lot untagged spam email on the weekend. I found >>> BAYES_00 >>> -2.60 attached to all of them. >>> >>> >>> Thanks, >>> >>> Magda >>> >>> >>> >>> Matt Kettler >>> >> .COM> To >>> Sent by: MAILSCANNER@JISCMAIL.AC.UK >>> MailScanner cc >>> mailing list >>> >> MAIL.AC.UK> Re: Bayes and spam increase? >>> >>> >>> 02/07/2005 11:23 >>> AM >>> >>> >>> Please respond to >>> MailScanner >>> mailing list >>> >> MAIL.AC.UK> >>> >>> >>> >>> >>> >>> >>> At 10:43 AM 2/7/2005, Fractal IT Dept. wrote: >>> >>>> Hi everyone! >>>> >>>> We've noticed an increase in the number of spam sneaking through with >>>> scores "just under" our threshold. After looking through the headers for >>>> these messages, I've noticed that bayes seems to have "no opinion" on >>>> the >>>> majority of these (ie. no bayes entry). Am I missing something? I >>>> thought >>>> bayes would score every message? >>> >>> >>> That's not entirely true, especially for the 2.6 series.. in 2.6x or >>> 2.5x, >>> In those any "no matches" or other 50/50 chance does not get a BAYES_ >>> rule >>> match. >>> >>> Can you tell us what version of SpamAssassin you are using? >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Feb 9 16:06:19 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:29 2006 Subject: Allowing PDF files Message-ID: Harry By default PDF's should flow OK. check your filename.rules.conf and filetype.rules.conf to make sure there's nothing there. Also there has been issues with Sophos not liking PDF's and falling over with an odd error. This can be alleviate by making sure MailScanner.conf has the following option set.. Allowed Sophos Error Messages = "corrupt", "format not supported" Of course if you're not using Sophos for anti-virus then you can ignore that. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Harry Hanson wrote: > I need to allow pdf files to be accepted and not stripped from the > attachment. > > I looked through the MailScanner.conf file but could find where this was > being denied, or I could allow this. > > Thanks > > > --- > [This E-mail scanned for viruses] > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From webalizer at NWCWEB.COM Wed Feb 9 16:46:48 2005 From: webalizer at NWCWEB.COM (Dave Duffner - NWCWEB.com) Date: Thu Jan 12 21:28:29 2006 Subject: Allowing PDF files Message-ID: Actually we had the same issue with ClamAV, it chews up the PDFs on a random basis so you can't open them. No pattern, just randomly makes them unreadable. Also noted this occurring when you forward a PDF from one person to another within the server. In the rules files mentioned below, you should find a section to have it actually ignore and allow to pass any PDF file so that it has a lowered effect on chewing them up. We added the pass filter, haven't had one mangled yet. Just our workaround. Dave > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth > Sent: Wednesday, February 09, 2005 11:06 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Allowing PDF files > > > Harry > > By default PDF's should flow OK. > > check your filename.rules.conf and filetype.rules.conf to > make sure there's nothing there. > > Also there has been issues with Sophos not liking PDF's and > falling over with an odd error. This can be alleviate by > making sure MailScanner.conf > has the following option set.. > > Allowed Sophos Error Messages = "corrupt", "format not supported" > > Of course if you're not using Sophos for anti-virus then you > can ignore that. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Harry Hanson wrote: > > I need to allow pdf files to be accepted and not stripped from the > > attachment. > > > > I looked through the MailScanner.conf file but could find > where this > > was being denied, or I could allow this. > > > > Thanks > > > > > > --- > > [This E-mail scanned for viruses] > > > > ------------------------ MailScanner list > ------------------------ To > > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > > mailscanner' in the body of the email. Before posting, read the MAQ > > (http://www.mailscanner.biz/maq/) and the archives > > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > ********************************************************************** > > This email and any files transmitted with it are confidential > and intended solely for the use of the individual or entity > to whom they are addressed. If you have received this email > in error please notify the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' > in the body of the email. Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > Message scanned by MailScanner, and is believed to be clean. > CONFIDENTIALITY NOTICE: This transmission intended for the > specified destination and person. If this is not you, this > e-mail must be deleted immediately. www.nwcweb.com > -- Message scanned by MailScanner, and is believed to be clean. CONFIDENTIALITY NOTICE: This transmission intended for the specified destination and person. If this is not you, this e-mail must be deleted immediately. www.nwcweb.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Wed Feb 9 16:51:43 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:28:29 2006 Subject: Allowing PDF files Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Harry Hanson > Sent: Wednesday, February 09, 2005 10:50 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Allowing PDF files > > > I need to allow pdf files to be accepted and not stripped from the > attachment. > > I looked through the MailScanner.conf file but could find where this was > being denied, or I could allow this. > > Thanks > If you are using clamav 0.82 check the clam list archives. I seem to recall seeing something yesterday about a problem with PDF files, I could be wrong it's been one of those weeks Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From splee at PLEXIO.COM Wed Feb 9 16:55:26 2005 From: splee at PLEXIO.COM (Stephen Lee) Date: Thu Jan 12 21:28:29 2006 Subject: Missing "local part" of address with MS4.38.10 / Exim 4.44 Message-ID: Hi, I installed the tarball version of MS 4.38.10 on a Trustix 2.2 box that is also running Exim 4.44 / Perl 5.8.5. The problem I'm having is that messages for local delivery have a corrupted address. Here's a piece of the Exim log: 2005-02-09 09:44:39 1CyuxD-0007eA-SB <= splee@cspmail.swage.ca U=splee P=local S=424 id=20050209164439.GE25858@cspmail.swage.ca 2005-02-09 09:44:47 1CyuxD-0007eA-SB ** `@swage.ca : Unrouteable address 2005-02-09 09:44:47 1CyuxL-0007eH-Ph <= <> R=1CyuxD-0007eA-SB U=exim P=local S=1446 2005-02-09 09:44:47 1CyuxL-0007eH-Ph ** `@swage.ca : Unrouteable address 2005-02-09 09:44:47 1CyuxL-0007eH-Ph Frozen (delivery error message) 2005-02-09 09:44:47 1CyuxD-0007eA-SB Completed Note that the local part of the address is missing "@swage.ca". The incoming exim queue shows an intact message, Mailscanner seems to deal with it fine and then when the message is dropped into the outgoing exim queue, the local part of the address gets stripped and hence the error message above. Here's the corresponding portion of the MailScanner logging: Feb 9 09:44:43 cspmail MailScanner[29393]: New Batch: Scanning 1 messages, 802 bytes Feb 9 09:44:43 cspmail MailScanner[29393]: Virus and Content Scanning: Starting Feb 9 09:44:47 cspmail MailScanner[29393]: Uninfected: Delivered 1 messages I have a feeling that I might be missing something with the MS configuration. When Debug is turned on and a message is processed, I get very little output to the console: root@cspmail /opt/MailScanner/etc# check_mailscanner Starting MailScanner... In Debugging mode, not forking... Stopping now as you are debugging me. root@cspmail /opt/MailScanner/etc# The MS installation seemed to run fine except for the following message: For some reason the tnef decoder did not compile properly. As an alternative, in MailScanner.conf set TNEF Expander = internal I installed TNEF tarball manually and it seemed to install without incident. One interesting twist is that outgoing messages (generated with Mutt) have no problems getting out intact. I would appreciate any suggestions on further debugging. Thanks, Stephen ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dfilchak at SYMPATICO.CA Wed Feb 9 16:59:20 2005 From: dfilchak at SYMPATICO.CA (Dave Filchak) Date: Thu Jan 12 21:28:29 2006 Subject: Cleaning and updating installs Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello to all, I want to apologize up front for this long winded message but it is all to do with my current issues. I am trying to clean up, organize and understand my MailScanner/ClamAV/Spamassassin installs. In trying to update my ClamAV, I seem to, in some cases, have things installed in two places. I know some directories changed with newer versions so what I would appreciate, is that someone would give me the definitive directory locations for the current versions. I also have managed to confuse myself as to what the best method of updating these applications. I have no problems with MailScanner but I am confused about ClamAV and Spamassassin. I have searched the archives but really have not found an answer. I used yum to update my ClamAV but I have also read that one should just get the tar ball and do it from source every time you need to upgrade. And SpamAssassin, I am not sure at all about the best way to go about updating. I am now receiving a --lint error that says: ***WARNING***: spamassassin --lint failed. Rolling configuration files back, not restarting SpamAssassin. Rollback command is: mv -f /etc/mail/spamassassin/70_sare_random.cf /etc/mail/spamassassin/RulesDuJour/70_sare_random.cf.2; mv -f /etc/mail/spamassassin/RulesDuJour/70_sare_random.cf.20050209-0330 /etc/mail/spamassassin/70_sare_random.cf; Lint output: warning: score set for non-existent rule X_OSIRU_DUL_FH warning: score set for non-existent rule RCVD_IN_OSIRUSOFT_COM warning: score set for non-existent rule X_OSIRU_SPAM_SRC warning: score set for non-existent rule X_OSIRU_OPEN_RELAY warning: score set for non-existent rule X_OSIRU_SPAMWARE_SITE warning: score set for non-existent rule X_OSIRU_DUL lint: 6 issues detected. please rerun with debug enabled for more information. This has just started today and so I am thinking though that it is because my SpamAssassin is out of date? My debug output looks fine with the exception of: LibClamAV Warning: **************************************************** LibClamAV Warning: *** This version of ClamAV engine is outdated. *** LibClamAV Warning: *** Please update it IMMEDIATELY! *** LibClamAV Warning: **************************************************** Here are where my current directories are and you will see that I have some duplicates here that I want to clear out. /usr/bin/clamav-config /usr/bin/clamscan /usr/bin/freshclam /usr/lib/libclamav.so.1.0.6 /usr/lib/libclamav.a /usr/lib/libclamav.so /usr/lib/libclamav.so.1 /usr/local/bin/clamscan /usr/local/bin/clamdscan /usr/local/bin/freshclam /usr/local/bin/clamav-config /usr/local/etc/clamav.conf /usr/local/etc/freshclam.conf /usr/local/etc/clamav.conf.101704 /usr/local/etc/clamd.conf /usr/local/etc/freshclam.conf.old /usr/local/include/clamav.h /usr/local/lib/libclamav.so.1.0.4 /usr/local/lib/libclamav.so.1 /usr/local/lib/libclamav.so /usr/local/lib/libclamav.la /usr/local/lib/libclamav.a /usr/local/lib/pkgconfig/libclamav.pc /usr/local/lib/libclamav.so.1.0.6 /usr/local/sbin/clamd /usr/local/share/clamav /usr/local/share/clamav/main.cvd /usr/local/share/clamav/daily.cvd /var/lib/clamav /var/lib/clamav/main.cvd.rpmsave /var/lib/clamav/daily.cvd.rpmsave /var/spool/mail/clamav /var/clamav /var/clamav/daily.cvd /var/clamav/main.cvd /etc/freshclam.conf /etc/clamd.conf.20041028 /etc/freshclam.conf.20041028 /etc/freshclam.conf.rpmnew ---------------- And here are the versions reported: This is MailScanner version 4.38.9 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.01 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.04 Fcntl 2.71 File::Basename 2.05 File::Copy 2.01 FileHandle 1.05 File::Path 0.13 File::Temp 1.29 HTML::Entities 3.45 HTML::Parser 2.30 HTML::TokeParser 1.20 IO 1.09 IO::File 1.122 IO::Pipe 3.05 MIME::Base64 5.417 MIME::Decoder 5.417 MIME::Decoder::UU 5.417 MIME::Head 5.417 MIME::Parser 3.03 MIME::QuotedPrint 5.417 MIME::Tools 0.10 Net::CIDR 1.05 POSIX 1.75 Socket 0.03 Sys::Syslog 1.02 Time::localtime Optional module versions are: 1.806 DB_File 1.08 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 0.44 Inline 0.13 Mail::ClamAV 3.000000 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.15 Net::CIDR::Lite 0.48 Net::DNS missing Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.2 Sys::Hostname::Long 2.42 Test::Harness 0.47 Test::Simple 1.89 Text::Balanced 1.35 URI ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dfilchak at SYMPATICO.CA Wed Feb 9 17:07:04 2005 From: dfilchak at SYMPATICO.CA (Dave Filchak) Date: Thu Jan 12 21:28:29 2006 Subject: Allowing PDF files Message-ID: PDF files are usually mangled when one is using Outlook or Outlook express to send them. I had this issue but since have been using Mozilla mail and have had no issues. Cheers Dave Rick Cooper wrote: >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >>Behalf Of Harry Hanson >>Sent: Wednesday, February 09, 2005 10:50 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Allowing PDF files >> >> >>I need to allow pdf files to be accepted and not stripped from the >>attachment. >> >>I looked through the MailScanner.conf file but could find where this was >>being denied, or I could allow this. >> >>Thanks >> >> >> > >If you are using clamav 0.82 check the clam list archives. I seem to recall >seeing something yesterday about a problem with PDF files, I could be wrong >it's been one of those weeks > >Rick > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ryan at MARINOCRANE.COM Wed Feb 9 17:16:30 2005 From: ryan at MARINOCRANE.COM (Ryan Pitt) Date: Thu Jan 12 21:28:29 2006 Subject: Allowing PDF files Message-ID: The MailScanner signature seemed to cause pdfs to become corrupt for me a while back. Turn it off and see if the issue gets resolved. Ryan Dave Filchak wrote: > PDF files are usually mangled when one is using Outlook or Outlook > express to send them. I had this issue but since have been using Mozilla > mail and have had no issues. > > Cheers > > Dave > > Rick Cooper wrote: > >>> -----Original Message----- >>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >>> Behalf Of Harry Hanson >>> Sent: Wednesday, February 09, 2005 10:50 AM >>> To: MAILSCANNER@JISCMAIL.AC.UK >>> Subject: Allowing PDF files >>> >>> >>> I need to allow pdf files to be accepted and not stripped from the >>> attachment. >>> >>> I looked through the MailScanner.conf file but could find where this >>> was >>> being denied, or I could allow this. >>> >>> Thanks >>> >>> >>> >> >> If you are using clamav 0.82 check the clam list archives. I seem to >> recall >> seeing something yesterday about a problem with PDF files, I could be >> wrong >> it's been one of those weeks >> >> Rick >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Wed Feb 9 17:14:41 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:29 2006 Subject: Notifications. Message-ID: I want to stop sending notifications about virus's but can't seem to see where to do this. This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Feb 9 17:19:48 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:29 2006 Subject: Notifications. Message-ID: David make sure this is set.. Notify Senders Of Viruses = no Should be the default by now anyway as most viruses fake the from address. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 David Curtis wrote: > I want to stop sending notifications about virus's but can't seem to see > where to do this. > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Wed Feb 9 17:24:19 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:29 2006 Subject: Notifications. Message-ID: Maybe I should have been more clear. Sorry. I have that set. I could care less about the sender any way...especially since most viruses use forged addresses. I am talking about notifications to recipient. Is there a way to turn those off? >>> martinh@SOLID-STATE-LOGIC.COM 2/9/2005 12:19:48 PM >>> David make sure this is set.. Notify Senders Of Viruses = no Should be the default by now anyway as most viruses fake the from address. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 David Curtis wrote: > I want to stop sending notifications about virus's but can't seem to see > where to do this. > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Feb 9 17:20:45 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:29 2006 Subject: Notifications. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] David Curtis wrote: > I want to stop sending notifications about virus's but can't seem to see > where to do this. It depends on if you want to stop sender notices or your users (receivers) -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Wed Feb 9 17:54:50 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:29 2006 Subject: Notifications. Message-ID: I don't care about the sender I just want to stop sending notices to the receiver. >>> ssilva@SGVWATER.COM 2/9/2005 12:20:45 PM >>> David Curtis wrote: > I want to stop sending notifications about virus's but can't seem to see > where to do this. It depends on if you want to stop sender notices or your users (receivers) -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Feb 9 17:59:52 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:29 2006 Subject: Notifications. Message-ID: David there must a 'notify' action in a ruleset or Mailscanner.conf. I can't any obvious setting that would do this, unless you've not got Silent Viruses set... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 David Curtis wrote: > I don't care about the sender I just want to stop sending notices to the > receiver. > > >>>>ssilva@SGVWATER.COM 2/9/2005 12:20:45 PM >>> > > David Curtis wrote: > >>I want to stop sending notifications about virus's but can't seem to > > see > >>where to do this. > > It depends on if you want to stop sender notices or your users > (receivers) > > -- > "If you have ever eaten crow, > It don't taste like chicken!!" > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Feb 9 17:35:37 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:30 2006 Subject: Notifications. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] And Still Deliver Silent Viruses = no for the internal ones. Martin Hepworth wrote: > David > > make sure this is set.. > > Notify Senders Of Viruses = no > > Should be the default by now anyway as most viruses fake the from address. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > David Curtis wrote: > >> I want to stop sending notifications about virus's but can't seem to see >> where to do this. >> >> >> >> >> >> >> >> This email may contain information protected under the Family >> Educational Rights and Privacy Act (FERPA) or the Health Insurance >> Portability and Accountability Act (HIPAA). If this email contains >> confidential and/or privileged health or student information and you >> are not entitled to access such information under FERPA or HIPAA, >> federal regulations require that you destroy this email without >> reviewing it and you may not forward it to anyone. >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Wed Feb 9 18:05:36 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:30 2006 Subject: Notifications. Message-ID: I have that set to no already. Thanks. >>> ssilva@SGVWATER.COM 2/9/2005 12:35:37 PM >>> And Still Deliver Silent Viruses = no for the internal ones. Martin Hepworth wrote: > David > > make sure this is set.. > > Notify Senders Of Viruses = no > > Should be the default by now anyway as most viruses fake the from address. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > David Curtis wrote: > >> I want to stop sending notifications about virus's but can't seem to see >> where to do this. >> >> >> >> >> >> >> >> This email may contain information protected under the Family >> Educational Rights and Privacy Act (FERPA) or the Health Insurance >> Portability and Accountability Act (HIPAA). If this email contains >> confidential and/or privileged health or student information and you >> are not entitled to access such information under FERPA or HIPAA, >> federal regulations require that you destroy this email without >> reviewing it and you may not forward it to anyone. >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Wed Feb 9 18:15:23 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:28:30 2006 Subject: Allowing PDF files Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Dave Filchak > Sent: Wednesday, February 09, 2005 12:07 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Allowing PDF files > > > PDF files are usually mangled when one is using Outlook or Outlook > express to send them. I had this issue but since have been using Mozilla > mail and have had no issues. > [...] I have heard others say this but I wonder. We have 100s of PDFs passing through our mail systems on a daily basis, pretty much all being sent and received by outlook and outlook express (although I would prefer they would use Thunderbird I can't force them) and never a problem. Ford Motor Company and other major vendors use PDFs as the primary format for all the documents they send (along with excel now and then). I can honestly say I have never had a complaint, problem or issue with anyone at any time. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Wed Feb 9 18:21:09 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:28:30 2006 Subject: Notifications. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] David Curtis wrote: >I want to stop sending notifications about virus's but can't seem to see >where to do this. > > David, Try: Still Deliver Silent Viruses = no Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From joshua.hirsh at PARTNERSOLUTIONS.CA Wed Feb 9 18:28:03 2005 From: joshua.hirsh at PARTNERSOLUTIONS.CA (Hirsh, Joshua) Date: Thu Jan 12 21:28:30 2006 Subject: Notifications. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] David, With all due respect, I really think that you should take a look at the online manual that Steve Swaney put together at: http://www.fsl.com/support/MailScanner-Manual-Version-1.0.1.pdf You should also consider buying Julian's book, which documents practically everything in MailScanner, from: http://www.cafepress.com/mailscanner2,mailscanner.13170076 If you were to read these (and read them carefully), as well as the actual comments in the configuration files, you would save yourself alot of time and trouble instead of having to ask the list a new question every hour or so. For example, in the MailScanner.conf file for the option "Still Deliver Silent Viruses": # Still deliver (after cleaning) messages that contained viruses listed # in the above option ("Silent Viruses") to the recipient? # Setting this to "yes" is good when you are testing everything, and # because it shows management that MailScanner is protecting them, # but it is bad because they have to filter/delete all the incoming virus # warnings. # # Note: Once you have deployed this into "production" use, you should set # Note: this option to "no" so you don't bombard thousands of people with # Note: useless messages they don't want! Regards, -Joshua ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dfilchak at SYMPATICO.CA Wed Feb 9 18:34:05 2005 From: dfilchak at SYMPATICO.CA (Dave Filchak) Date: Thu Jan 12 21:28:30 2006 Subject: Allowing PDF files Message-ID: Well .. then I think you have been fortunate. Even Julian admitted that there was some issues with Outlook or Express that mangled PDF file. Apparently, someone was working on a patch for this for users of Outlook but I have seen nothing come along. My issue was with PDF files which were created with Quickbooks and then sent through Outlook. They always ended up as empty documents. When I switched to Mozilla and send the very same PDF files, they were fine. If I sent PDF files through Outlook with MailScanner disabled, they were fine. So it appears to be a combination of the applications involved. Dave Rick Cooper wrote: >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >>Behalf Of Dave Filchak >>Sent: Wednesday, February 09, 2005 12:07 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: Allowing PDF files >> >> >>PDF files are usually mangled when one is using Outlook or Outlook >>express to send them. I had this issue but since have been using Mozilla >>mail and have had no issues. >> >> >> >[...] > >I have heard others say this but I wonder. We have 100s of PDFs passing >through our mail systems on a daily basis, pretty much all being sent and >received by outlook and outlook express (although I would prefer they would >use Thunderbird I can't force them) and never a problem. Ford Motor Company >and other major vendors use PDFs as the primary format for all the documents >they send (along with excel now and then). > >I can honestly say I have never had a complaint, problem or issue with >anyone at any time. > >Rick > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Wed Feb 9 18:36:42 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:30 2006 Subject: Notifications. Message-ID: Thanks for the advice. I have read the pdf. I will probably by the book. I usually only ask questions when I have read and searched for answers...but when the settings look right and I have not found an answer in my search I ask a question to the list. >>> joshua.hirsh@PARTNERSOLUTIONS.CA 2/9/2005 1:28:03 PM >>> David, With all due respect, I really think that you should take a look at the online manual that Steve Swaney put together at: http://www.fsl.com/support/MailScanner-Manual-Version-1.0.1.pdf You should also consider buying Julian's book, which documents practically everything in MailScanner, from: http://www.cafepress.com/mailscanner2,mailscanner.13170076 If you were to read these (and read them carefully), as well as the actual comments in the configuration files, you would save yourself alot of time and trouble instead of having to ask the list a new question every hour or so. For example, in the MailScanner.conf file for the option "Still Deliver Silent Viruses": # Still deliver (after cleaning) messages that contained viruses listed # in the above option ("Silent Viruses") to the recipient? # Setting this to "yes" is good when you are testing everything, and # because it shows management that MailScanner is protecting them, # but it is bad because they have to filter/delete all the incoming virus # warnings. # # Note: Once you have deployed this into "production" use, you should set # Note: this option to "no" so you don't bombard thousands of people with # Note: useless messages they don't want! Regards, -Joshua ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joshua.hirsh at PARTNERSOLUTIONS.CA Wed Feb 9 18:43:40 2005 From: joshua.hirsh at PARTNERSOLUTIONS.CA (Hirsh, Joshua) Date: Thu Jan 12 21:28:30 2006 Subject: Allowing PDF files Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I believe this was all part of the "PDF Woes" thread back in May of 2004. If I'm not mistaken, the problem had to do with PDF's that were sent as quoted printables as the mime type, which was causing some problems for MailScanner. The June release included a patch that was supposed to fix the problem. You can find the original thread here: http://www.jiscmail.ac.uk/cgi-bin/webadmin?S2=mailscanner&q=pdf+woes Regards, -Joshua ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ryan at MARINOCRANE.COM Wed Feb 9 18:50:11 2005 From: ryan at MARINOCRANE.COM (Ryan Pitt) Date: Thu Jan 12 21:28:30 2006 Subject: Allowing PDF files Message-ID: At the risk of sounding like a stuck record.... Does MailScanner add an inline signature to the emails? If so, turn this feature off and see if this sorts your issue out. I had the same problem before and had to do just this. I believe the setting is "Sign Clean Messages = no" Ryan Dave Filchak wrote: > Well .. then I think you have been fortunate. Even Julian admitted that > there was some issues with Outlook or Express that mangled PDF file. > Apparently, someone was working on a patch for this for users of Outlook > but I have seen nothing come along. My issue was with PDF files which > were created with Quickbooks and then sent through Outlook. They always > ended up as empty documents. When I switched to Mozilla and send the > very same PDF files, they were fine. If I sent PDF files through Outlook > with MailScanner disabled, they were fine. So it appears to be a > combination of the applications involved. > > Dave > > Rick Cooper wrote: > >>> -----Original Message----- >>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >>> Behalf Of Dave Filchak >>> Sent: Wednesday, February 09, 2005 12:07 PM >>> To: MAILSCANNER@JISCMAIL.AC.UK >>> Subject: Re: Allowing PDF files >>> >>> >>> PDF files are usually mangled when one is using Outlook or Outlook >>> express to send them. I had this issue but since have been using >>> Mozilla >>> mail and have had no issues. >>> >>> >>> >> [...] >> >> I have heard others say this but I wonder. We have 100s of PDFs passing >> through our mail systems on a daily basis, pretty much all being sent >> and >> received by outlook and outlook express (although I would prefer they >> would >> use Thunderbird I can't force them) and never a problem. Ford Motor >> Company >> and other major vendors use PDFs as the primary format for all the >> documents >> they send (along with excel now and then). >> >> I can honestly say I have never had a complaint, problem or issue with >> anyone at any time. >> >> Rick >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Wed Feb 9 18:48:26 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:30 2006 Subject: Allowing PDF files Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Maibe the problem with my text file (ASCII text, with very long lines, with CRLF line terminators) that changes size, and finished like an Unix file, have something to do with this PDF problem... The text attachmentment is also quoted printable in the e-mail... ----- Original Message ----- From: "Hirsh, Joshua" To: Sent: Wednesday, February 09, 2005 4:43 PM Subject: Re: Allowing PDF files > I believe this was all part of the "PDF Woes" thread back in May of 2004. > If I'm not mistaken, the problem had to do with PDF's that were sent as > quoted printables as the mime type, which was causing some problems for > MailScanner. > > The June release included a patch that was supposed to fix the problem. > > > You can find the original thread here: > > http://www.jiscmail.ac.uk/cgi-bin/webadmin?S2=mailscanner&q=pdf+woes > > > Regards, > -Joshua > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joshua.hirsh at PARTNERSOLUTIONS.CA Wed Feb 9 18:59:35 2005 From: joshua.hirsh at PARTNERSOLUTIONS.CA (Hirsh, Joshua) Date: Thu Jan 12 21:28:30 2006 Subject: Allowing PDF files Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Maibe the problem with my text file (ASCII text, with very > long lines, with CRLF line terminators) that changes size, > and finished like an Unix file, have something to do with > this PDF problem... The text attachmentment is also quoted > printable in the e-mail... It's quite possible. The comments on the patch that Julian applied read as follows: # Overload the MIME quoted-printable decoder. # This version will make lines that end in \n now end in \r\n. # This hopefully fixes problems with PDF files as they are now extracted # correctly. So it sounds like the cause to me, but most likely it's something Julian will have to look into. Regards, -Joshua ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From klowery at WHI.WTS.EDU Wed Feb 9 18:44:06 2005 From: klowery at WHI.WTS.EDU (Kirk Lowery) Date: Thu Jan 12 21:28:30 2006 Subject: Releasing quarantined messages with exim Message-ID: How does one use exim to release a quarantined message? The -M or -Mt options don't do it. I've looked through the Mailscanner docs and faqs, but no help there. TIA! Kirk ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rzewnickie at RFA.ORG Wed Feb 9 19:08:55 2005 From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki) Date: Thu Jan 12 21:28:30 2006 Subject: check_MailScanner.cron Message-ID: On Tue, Feb 08, 2005 at 12:50:53PM -0500, Philip Hachey wrote: > My install is in a slightly different location. However, > /usr/sbin/check_mailscanner is just a symlink to > /usr/sbin/check_MailScanner. > Eric Dantan Rzewnicki > Sent by: MailScanner mailing list > 2005-02-08 09:24 > > Hi Julian, > > Hope you're having a good vacation. > > I noticed that check_MailScanner.cron is trying to call > /opt/MailScanner/bin/check_MailScanner which has been renamed to > check_mailscanner (no caps). > -- I'm using the tarball, so everything is under /opt/. -- Eric Dantan Rzewnicki | Systems Engineer I Technical Operations Division | Radio Free Asia 2025 M Street, NW | Washington, DC 20036 | 202-530-4900 CONFIDENTIAL COMMUNICATION This e-mail message is intended only for the use of the addressee and may contain information that is privileged and confidential. Any unauthorized dissemination, distribution, or copying is strictly prohibited. If you receive this transmission in error, please contact network@rfa.org. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Wed Feb 9 20:05:57 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:28:30 2006 Subject: Releasing quarantined messages with exim Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Though I don't use exim, I would suggest looking at sendmail2 config in MailScanner.conf http://www.sng.ecs.soton.ac.uk/mailscanner/man/MailScanner.conf.5.html#Syste m%20Settings - dhawal Kirk Lowery writes: > How does one use exim to release a quarantined message? > The -M or -Mt options don't do it. I've looked through > the Mailscanner docs and faqs, but no help there. > > TIA! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From klowery at WHI.WTS.EDU Wed Feb 9 20:14:07 2005 From: klowery at WHI.WTS.EDU (Kirk Lowery) Date: Thu Jan 12 21:28:30 2006 Subject: Releasing quarantined messages with exim Message-ID: Dhawal Doshy NETMAGICSOLUTIONS.COM> writes: > > Though I don't use exim, I would suggest looking at sendmail2 config in > MailScanner.conf > http://www.sng.ecs.soton.ac.uk/mailscanner/man/MailScanner.conf.5.html#Syste > m%20Settings > > - dhawal > > Kirk Lowery writes: > > > How does one use exim to release a quarantined message? > > The -M or -Mt options don't do it. I've looked through > > the Mailscanner docs and faqs, but no help there. Thanks for your response. But this url is not what I'm looking for. Let me clarify: When MailScanner decides something is a virus or spam, it places it in the /var/spool/MailScanner/quarantine directory. Of course, there are going to be "false positives", that is, messages placed there because MailScanner thought it was infected or spam. But when I, as the administrator, decide that a message should be delivered anyway, how do I do that, using exim? Kirk ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Feb 9 21:12:28 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:30 2006 Subject: Releasing quarantined messages with exim Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kirk Lowery wrote: > Dhawal Doshy NETMAGICSOLUTIONS.COM> writes: > > >>Though I don't use exim, I would suggest looking at sendmail2 config in >>MailScanner.conf >>http://www.sng.ecs.soton.ac.uk/mailscanner/man/MailScanner.conf.5.html#Syste >>m%20Settings >> >> - dhawal >> >>Kirk Lowery writes: >> >> >>>How does one use exim to release a quarantined message? >>>The -M or -Mt options don't do it. I've looked through >>>the Mailscanner docs and faqs, but no help there. > > > Thanks for your response. But this url is not what I'm looking for. Let me > clarify: > > When MailScanner decides something is a virus or spam, it places it in the > /var/spool/MailScanner/quarantine directory. Of course, there are going to be > "false positives", that is, messages placed there because MailScanner thought it > was infected or spam. But when I, as the administrator, decide that a message > should be delivered anyway, how do I do that, using exim? > > Kirk > I don't use Exim, but ; # Do you want to quarantine the original *entire* message as well as # just the infected attachments? # This can also be the filename of a ruleset. Quarantine Whole Message = yes # When you quarantine an entire message, do you want to store it as # raw mail queue files (so you can easily send them onto users) or # as human-readable files (header then body in 1 file)? Quarantine Whole Messages As Queue Files = yes Then you should be able to copy the queue files to outgoing queue directory. -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From b.addis at TIMESMEDIA.CO.NZ Wed Feb 9 21:31:56 2005 From: b.addis at TIMESMEDIA.CO.NZ (Brent Addis) Date: Thu Jan 12 21:28:30 2006 Subject: Releasing quarantined messages with exim Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Or you could setup mailwatch. Much cooler. http://mailwatch.sourceforge.net Regards, Brent Addis Group Systems Administrator Times Media Group "He who knows, does not speak. He who speaks, does not know". -- Lao Tsu Scott Silva wrote: > Kirk Lowery wrote: > >> Dhawal Doshy NETMAGICSOLUTIONS.COM> writes: >> >> >>> Though I don't use exim, I would suggest looking at sendmail2 config in >>> MailScanner.conf >>> http://www.sng.ecs.soton.ac.uk/mailscanner/man/MailScanner.conf.5.html#Syste >>> >>> m%20Settings >>> >>> - dhawal >>> >>> Kirk Lowery writes: >>> >>> >>>> How does one use exim to release a quarantined message? >>>> The -M or -Mt options don't do it. I've looked through >>>> the Mailscanner docs and faqs, but no help there. >>> >> >> >> Thanks for your response. But this url is not what I'm looking for. >> Let me >> clarify: >> >> When MailScanner decides something is a virus or spam, it places it >> in the >> /var/spool/MailScanner/quarantine directory. Of course, there are >> going to be >> "false positives", that is, messages placed there because MailScanner >> thought it >> was infected or spam. But when I, as the administrator, decide that a >> message >> should be delivered anyway, how do I do that, using exim? >> >> Kirk >> > I don't use Exim, but ; > # Do you want to quarantine the original *entire* message as well as > # just the infected attachments? > # This can also be the filename of a ruleset. > Quarantine Whole Message = yes > > # When you quarantine an entire message, do you want to store it as > # raw mail queue files (so you can easily send them onto users) or > # as human-readable files (header then body in 1 file)? > Quarantine Whole Messages As Queue Files = yes > > > Then you should be able to copy the queue files to outgoing queue > directory. > > -- > "If you have ever eaten crow, > It don't taste like chicken!!" > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brad at BECKENHAUER.COM Wed Feb 9 21:34:04 2005 From: brad at BECKENHAUER.COM (Brad Beckenhauer) Date: Thu Jan 12 21:28:30 2006 Subject: check_MailScanner.cron Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Eric, I used the latest tarball (4.35.11) also and it does have the miss-named references just as you mentioned. I reported this on 2/2/05 and I'm sure Julian will get this updated in the next release. Looks like you already have the solution, so I'll repost the solution in case anyone else is interested. Solution (pay attention to the case of the file name): edit the /opt/MailScanner/bin/cron/check_MailScanner.cron file and change the filename case in line 19 from: /opt/MailScanner/bin/check_MailScanner to: /opt/MailScanner/bin/check_mailscanner >>> Eric Dantan Rzewnicki 2/9/2005 1:08:55 PM >>> On Tue, Feb 08, 2005 at 12:50:53PM -0500, Philip Hachey wrote: > My install is in a slightly different location. However, > /usr/sbin/check_mailscanner is just a symlink to > /usr/sbin/check_MailScanner. > Eric Dantan Rzewnicki > Sent by: MailScanner mailing list > 2005-02-08 09:24 > > Hi Julian, > > Hope you're having a good vacation. > > I noticed that check_MailScanner.cron is trying to call > /opt/MailScanner/bin/check_MailScanner which has been renamed to > check_mailscanner (no caps). > -- I'm using the tarball, so everything is under /opt/. -- Eric Dantan Rzewnicki | Systems Engineer I Technical Operations Division | Radio Free Asia 2025 M Street, NW | Washington, DC 20036 | 202-530-4900 CONFIDENTIAL COMMUNICATION This e-mail message is intended only for the use of the addressee and may contain information that is privileged and confidential. Any unauthorized dissemination, distribution, or copying is strictly prohibited. If you receive this transmission in error, please contact network@rfa.org. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Wed Feb 9 21:39:53 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:28:30 2006 Subject: Blank Email Messages Message-ID: Christian Campbell wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > >> Recently we have been getting reports of blank or mostly blank >> messages being sent & received through our server. We have tried to >> narrow dow the problem and believe that MailScanner (or something >> related) is altering the HTML message and the mail client cannot >> display it properly. >> > > We're seeing the exact same symptoms here too. We're running: > > mailscanner-4.35.11-1 > spamassassin 2.63 > RedHat 8.0 > ClamAV/F-Prot/BitDefender/Razor/SURBL > > Christian I used to get a few of those, but they'd say something about "no message body" or something to that effect. Changing the locktype to posix from flock fixed it for me. May be a different issue, but it's a fast easy change that you can roll back if it doesn't do the trick... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rzewnickie at RFA.ORG Wed Feb 9 22:28:45 2005 From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki) Date: Thu Jan 12 21:28:30 2006 Subject: check_MailScanner.cron Message-ID: On Wed, Feb 09, 2005 at 03:34:04PM -0600, Brad Beckenhauer wrote: > Hi Eric, > I used the latest tarball (4.35.11) also and it does have the miss-named references just as you mentioned. I reported this on 2/2/05 and I'm sure Julian will get this updated in the next release. > Looks like you already have the solution, so I'll repost the solution in case anyone else is interested. > Solution (pay attention to the case of the file name): > edit the /opt/MailScanner/bin/cron/check_MailScanner.cron file and change the filename case in line 19 > from: > /opt/MailScanner/bin/check_MailScanner > to: > /opt/MailScanner/bin/check_mailscanner Ah. ok. I must have missed your post. Sorry for the duplicate report. -- Eric Dantan Rzewnicki | Systems Administrator Technical Operations Division | Radio Free Asia 2025 M Street, NW | Washington, DC 20036 | 202-530-4900 CONFIDENTIAL COMMUNICATION This e-mail message is intended only for the use of the addressee and may contain information that is privileged and confidential. Any unauthorized dissemination, distribution, or copying is strictly prohibited. If you receive this transmission in error, please contact network@rfa.org. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Wed Feb 9 22:30:18 2005 From: pete at ENITECH.COM.AU (Enitech IT (Peter Russell)) Date: Thu Jan 12 21:28:30 2006 Subject: MCP Doco and questions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, we are about to implement 3 mailscanner machines. We are newly merged company with Notes and Exchange. We have multiple campuses in multiple states. We currently have MS recieving mail for 2 domains at one site and it works perfectly. We have a requirement to have 2 inbound machines on 2 different physical network for redundancy. We also have a need to filter outbound mail. I have never used MCP and cant find much doco. IS it better to run MCP on our primary inbound machine, or should we run a seperate machine to handle all outbound content filtering? We are educational facility and want to amek sure that our students cannot send ANY bulk emails (nothing will more than say 15 addresses), no virus and no products of virus. This outbound machine will be the sole relay for all company wide outbound traffic. Is MCP the best solution for this? Pete ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Wed Feb 9 22:55:23 2005 From: steve.swaney at FSL.COM (Steve Swaney) Date: Thu Jan 12 21:28:30 2006 Subject: MCP Doco and questions Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Enitech IT (Peter Russell) > Sent: Wednesday, February 09, 2005 5:30 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: MCP Doco and questions > > Hi, we are about to implement 3 mailscanner machines. > > We are newly merged company with Notes and Exchange. We have multiple > campuses in multiple states. > > We currently have MS recieving mail for 2 domains at one site and it > works perfectly. > > We have a requirement to have 2 inbound machines on 2 different physical > network for redundancy. We also have a need to filter outbound mail. > > I have never used MCP and cant find much doco. > > IS it better to run MCP on our primary inbound machine, or should we run > a seperate machine to handle all outbound content filtering? > > We are educational facility and want to amek sure that our students > cannot send ANY bulk emails (nothing will more than say 15 addresses), > no virus and no products of virus. This outbound machine will be the > sole relay for all company wide outbound traffic. > > Is MCP the best solution for this? > No. MCP stand for 'Message Content Protection'. It's essentially another instance of SpamAssassin that can search messages for sensitive key words. What you might want to do is to funnel all outgoing email throught gateways where the messages are checked for viruses and a "rate throttling" controls is implemented. The type of "rate throttling" you use used really depends on the MTA you use and how comfortable you are implementing different technologies. Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Wed Feb 9 23:29:33 2005 From: pete at ENITECH.COM.AU (Enitech IT (Peter Russell)) Date: Thu Jan 12 21:28:30 2006 Subject: MCP Doco and questions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] So just run MailScanner as per usual, but as a relay for outbound mail? > > No. MCP stand for 'Message Content Protection'. It's essentially another > instance of SpamAssassin that can search messages for sensitive key words. > > What you might want to do is to funnel all outgoing email throught gateways > where the messages are checked for viruses and a "rate throttling" controls > is implemented. > > The type of "rate throttling" you use used really depends on the MTA you use > and how comfortable you are implementing different technologies. > > Steve > > Steve Swaney > President > Fortress Systems Ltd. > Phone: 202 338-1670 > Cell: 202 352-3262 > www.fsl.com > steve.swaney@fsl.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john.clancy at businessworld.ie Thu Feb 10 08:34:29 2005 From: john.clancy at businessworld.ie (John Clancy) Date: Thu Jan 12 21:28:30 2006 Subject: Security problem reported with Postfix Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Folks, I'm sure most people on the list who might use Postfix are already aware of this but I thought I should probably post it anyway 21. Postfix IPv6 Unauthorized Mail Relay Vulnerability BugTraq ID: 12445 Remote: Yes Date Published: Feb 04 2005 Relevant URL: http://www.securityfocus.com/bid/12445 Summary: Postfix is prone to a vulnerability that allows the application to be abused as a mail relay. Arbitrary mail may be sent to any MX host with an IPv6 address. This could be exploited by spammers or other malicious parties. Postfix 2.1.3 is reported prone to this issue. It is possible that other versions are affected as well. JC ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Feb 10 09:14:05 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:30 2006 Subject: Releasing quarantined messages with exim Message-ID: Kirk assuming there's a 'message' file in the quarantine// directory, then this will do it.. exim -C /usr/local/etc/exim/configure.out -t < message (or where ever your configure.out is...) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Kirk Lowery wrote: > How does one use exim to release a quarantined message? > The -M or -Mt options don't do it. I've looked through > the Mailscanner docs and faqs, but no help there. > > TIA! > > Kirk > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Thu Feb 10 11:41:45 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:30 2006 Subject: Cleaning and updating installs Message-ID: You seem to have both rpm version (or "residue" thereof) and a "built from source" version of clamav. Get rid of the rpm one, you really don't want to wait around for someone to take the trouble of building a package... Not when the source install is so straightforward. Be sure to build/install 0.82 (although this seems to be the one you have in /usr/local?) and to adjust /etc/Mailscanner/virus.scanners.conf to reflect that it's in /usr/local now. If you want to play it safe, use more than one AV... That way you can always "remove" a botched/missbehaving one while you tinker with it, and still have the other scanner securing your mails. For SA the need to be up to the very latest isn't as obvious, so there one could probably live well with a "prebuilt" install. HtH -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Dave Filchak > Sent: den 9 februari 2005 17:59 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Cleaning and updating installs > > > Hello to all, > > I want to apologize up front for this long winded message but > it is all > to do with my current issues. > > I am trying to clean up, organize and understand my > MailScanner/ClamAV/Spamassassin installs. In trying to update > my ClamAV, > I seem to, in some cases, have things installed in two places. I know > some directories changed with newer versions so what I would > appreciate, > is that someone would give me the definitive directory > locations for the > current versions. > > I also have managed to confuse myself as to what the best method of > updating these applications. I have no problems with MailScanner but I > am confused about ClamAV and Spamassassin. I have searched > the archives > but really have not found an answer. I used yum to update my > ClamAV but > I have also read that one should just get the tar ball and do it from > source every time you need to upgrade. And SpamAssassin, I am not sure > at all about the best way to go about updating. I am now receiving a > --lint error that says: > > ***WARNING***: spamassassin --lint failed. > Rolling configuration files back, not restarting SpamAssassin. > Rollback command is: mv -f > /etc/mail/spamassassin/70_sare_random.cf > /etc/mail/spamassassin/RulesDuJour/70_sare_random.cf.2; mv -f > /etc/mail/spamassassin/RulesDuJour/70_sare_random.cf.20050209- > 0330 /etc/mail/spamassassin/70_sare_random.cf; > > Lint output: warning: score set for non-existent rule X_OSIRU_DUL_FH > warning: score set for non-existent rule RCVD_IN_OSIRUSOFT_COM > warning: score set for non-existent rule X_OSIRU_SPAM_SRC > warning: score set for non-existent rule X_OSIRU_OPEN_RELAY > warning: score set for non-existent rule X_OSIRU_SPAMWARE_SITE > warning: score set for non-existent rule X_OSIRU_DUL > lint: 6 issues detected. please rerun with debug enabled for > more information. > > This has just started today and so I am thinking though that > it is because my SpamAssassin is out of date? My debug output > looks fine with the exception of: > > LibClamAV Warning: > **************************************************** > LibClamAV Warning: *** This version of ClamAV engine is > outdated. *** > LibClamAV Warning: *** Please update it IMMEDIATELY! > *** > LibClamAV Warning: > **************************************************** > > > Here are where my current directories are and you will see > that I have some duplicates here that I want to clear out. > > > /usr/bin/clamav-config > /usr/bin/clamscan > /usr/bin/freshclam > > /usr/lib/libclamav.so.1.0.6 > /usr/lib/libclamav.a > /usr/lib/libclamav.so > /usr/lib/libclamav.so.1 > > /usr/local/bin/clamscan > /usr/local/bin/clamdscan > /usr/local/bin/freshclam > /usr/local/bin/clamav-config > /usr/local/etc/clamav.conf > /usr/local/etc/freshclam.conf > /usr/local/etc/clamav.conf.101704 > /usr/local/etc/clamd.conf > /usr/local/etc/freshclam.conf.old > > /usr/local/include/clamav.h > /usr/local/lib/libclamav.so.1.0.4 > /usr/local/lib/libclamav.so.1 > /usr/local/lib/libclamav.so > /usr/local/lib/libclamav.la > /usr/local/lib/libclamav.a > /usr/local/lib/pkgconfig/libclamav.pc > /usr/local/lib/libclamav.so.1.0.6 > /usr/local/sbin/clamd > /usr/local/share/clamav > /usr/local/share/clamav/main.cvd > /usr/local/share/clamav/daily.cvd > > /var/lib/clamav > /var/lib/clamav/main.cvd.rpmsave > /var/lib/clamav/daily.cvd.rpmsave > > /var/spool/mail/clamav > > /var/clamav > /var/clamav/daily.cvd > /var/clamav/main.cvd > > /etc/freshclam.conf > /etc/clamd.conf.20041028 > /etc/freshclam.conf.20041028 > /etc/freshclam.conf.rpmnew > > ---------------- > > And here are the versions reported: > > This is MailScanner version 4.38.9 > Module versions are: > 1.00 AnyDBM_File > 1.14 Archive::Zip > 1.01 Carp > 1.119 Convert::BinHex > 1.00 DirHandle > 1.04 Fcntl > 2.71 File::Basename > 2.05 File::Copy > 2.01 FileHandle > 1.05 File::Path > 0.13 File::Temp > 1.29 HTML::Entities > 3.45 HTML::Parser > 2.30 HTML::TokeParser > 1.20 IO > 1.09 IO::File > 1.122 IO::Pipe > 3.05 MIME::Base64 > 5.417 MIME::Decoder > 5.417 MIME::Decoder::UU > 5.417 MIME::Head > 5.417 MIME::Parser > 3.03 MIME::QuotedPrint > 5.417 MIME::Tools > 0.10 Net::CIDR > 1.05 POSIX > 1.75 Socket > 0.03 Sys::Syslog > 1.02 Time::localtime > > Optional module versions are: > 1.806 DB_File > 1.08 Digest > 1.01 Digest::HMAC > 2.33 Digest::MD5 > 2.10 Digest::SHA1 > 0.44 Inline > 0.13 Mail::ClamAV > 3.000000 Mail::SpamAssassin > 1.997 Mail::SPF::Query > 0.15 Net::CIDR::Lite > 0.48 Net::DNS > missing Net::LDAP > 1.94 Parse::RecDescent > missing SAVI > 1.2 Sys::Hostname::Long > 2.42 Test::Harness > 0.47 Test::Simple > 1.89 Text::Balanced > 1.35 URI > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dannyh at aac-services.co.uk Thu Feb 10 11:43:56 2005 From: dannyh at aac-services.co.uk (Dan Harris) Date: Thu Jan 12 21:28:30 2006 Subject: Web tools (was RE: Releasing quarantined messages with exim) Message-ID: >-----Original Message----- >From: Brent Addis > >Or you could setup mailwatch. > >Much cooler. > >http://mailwatch.sourceforge.net > I've been considering something like this for some time now so that some of my less Linux savvy colleagues can keep an eye on things when I'm out of the office, so if anyone has used them I'd be interested to know how Mailwatch compares to Vispan? I know that there is also a Webmin MailScanner module, but I believe that it is a fairly limited config only tool, so a Mailwatch/Vispan comparison would probably be more worthwhile. I'm currently using Exim4 with SA3, McAfee, Kaspersky, Bit Defender and ClamAV on a Debian box. Many thanks, Dan Harris. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Thu Feb 10 12:06:10 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:28:30 2006 Subject: Web tools (was RE: Releasing quarantined messages with exim) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dan Harris wrote: > > I've been considering something like this for some time now so that some of > my less Linux savvy colleagues can keep an eye on things when I'm out of the > office, so if anyone has used them I'd be interested to know how Mailwatch > compares to Vispan? I know that there is also a Webmin MailScanner module, > but I believe that it is a fairly limited config only tool, so a > Mailwatch/Vispan comparison would probably be more worthwhile. > > I'm currently using Exim4 with SA3, McAfee, Kaspersky, Bit Defender and > ClamAV on a Debian box. > AFAIK, vispan has no tool for releasing messages and is mostly used for statistics and for blocking ip addresses that continuously abuse your system (either via a sendmail access file or IPtables) mailwatch is quite complete, though there is no management module. Again mailwatch has no capabilities to block ip addresses unlike vispan. The is also fwspam (http://freshmeat.net/projects/fwspam/) which takes care of the ip address blocking part, OR you could use the IPBlock code in CustomConfig to take care of rate-limiting. Ideally you should be happy with a combination of mailwatch (and the contributed luser interface) + mailscanner-mrtg (for some brilliant mrtg like stats) + msre (msre.sf.net) for managing mailscanner rules. Whats lacking in the above setup is mailscanner config management, which most of us (I assume) are happy doing through 'vi' (or any other editor) And finally coming to your core requirement, mailwatch should take care of releasing messages quite comfortably. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Feb 10 12:08:04 2005 From: pete at ENITECH.COM.AU (Enitech IT (Pete)) Date: Thu Jan 12 21:28:30 2006 Subject: Web tools (was RE: Releasing quarantined messages with exim) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Mailwatch is awesome. I wonder if development has ceased on this project or there is just nothing to do for such a long time - i hope he hasnt chucked it in. Either way .51 will work fine. Dan Harris wrote: >>-----Original Message----- >>From: Brent Addis >> >>Or you could setup mailwatch. >> >>Much cooler. >> >>http://mailwatch.sourceforge.net >> > > > I've been considering something like this for some time now so that some of > my less Linux savvy colleagues can keep an eye on things when I'm out of the > office, so if anyone has used them I'd be interested to know how Mailwatch > compares to Vispan? I know that there is also a Webmin MailScanner module, > but I believe that it is a fairly limited config only tool, so a > Mailwatch/Vispan comparison would probably be more worthwhile. > > I'm currently using Exim4 with SA3, McAfee, Kaspersky, Bit Defender and > ClamAV on a Debian box. > > Many thanks, > > Dan Harris. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > -- Kind regards Peter Russell Enitech IT 3a Grainstore crt Langwarrin Victoria 3910 0419 346 244 pete@enitech.com.au www.enitech.com.au ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Feb 10 12:13:40 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:30 2006 Subject: Web tools (was RE: Releasing quarantined messages with exim) Message-ID: no - development is still active. 0.6 should be released in March. the primary developer has been v.busy with work commitments so things have been quite slow. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Enitech IT (Pete) wrote: > Mailwatch is awesome. > > I wonder if development has ceased on this project or there is just > nothing to do for such a long time - i hope he hasnt chucked it in. > > Either way .51 will work fine. > > > Dan Harris wrote: > >>> -----Original Message----- >>> From: Brent Addis >>> >>> Or you could setup mailwatch. >>> >>> Much cooler. >>> >>> http://mailwatch.sourceforge.net >>> >> >> >> I've been considering something like this for some time now so that >> some of >> my less Linux savvy colleagues can keep an eye on things when I'm out >> of the >> office, so if anyone has used them I'd be interested to know how >> Mailwatch >> compares to Vispan? I know that there is also a Webmin MailScanner >> module, >> but I believe that it is a fairly limited config only tool, so a >> Mailwatch/Vispan comparison would probably be more worthwhile. >> >> I'm currently using Exim4 with SA3, McAfee, Kaspersky, Bit Defender and >> ClamAV on a Debian box. >> >> Many thanks, >> >> Dan Harris. >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > > -- > Kind regards > > > > Peter Russell > > Enitech IT > 3a Grainstore crt > Langwarrin Victoria 3910 > > 0419 346 244 > pete@enitech.com.au > www.enitech.com.au > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Thu Feb 10 12:24:30 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:30 2006 Subject: Security problem reported with Postfix Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of John Clancy > Sent: den 10 februari 2005 09:34 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Security problem reported with Postfix > > > Hi Folks, > > I'm sure most people on the list who might use Postfix are > already aware of > this but I thought I should probably post it anyway http://news.gmane.org/gmane.mail.postfix.announce/cutoff=75 Look at Wietses comment on Postfix vulnerability... Not all of us using postfix would be affected, not even if we do use linux. -- Glenn > > 21. Postfix IPv6 Unauthorized Mail Relay Vulnerability > BugTraq ID: 12445 > Remote: Yes > Date Published: Feb 04 2005 > Relevant URL: http://www.securityfocus.com/bid/12445 > Summary: > Postfix is prone to a vulnerability that allows the > application to be abused > as a mail relay. > > Arbitrary mail may be sent to any MX host with an IPv6 > address. This could > be exploited by spammers or other malicious parties. > > Postfix 2.1.3 is reported prone to this issue. It is > possible that other > versions are affected as well. > > > JC > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHTSOLUTIONS.COM Thu Feb 10 13:40:29 2005 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:28:30 2006 Subject: OT: Mail monitoring on network Message-ID: A client who is using our services requires a solution for tracking all inbound and outbound emails. They need to be able to see who is emailing who, though they do not need to see the contents of the emails The solutions needs to be (l)user-friendly and run on windows Any suggestions on or offlist would be welcome Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 Fax. +353 59 9146970 http://www.blacknight.ie/specialoffers.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From eneal at dfi-intl.com Thu Feb 10 00:00:00 2005 From: eneal at dfi-intl.com (Errol Uriel Neal Jr.) Date: Thu Jan 12 21:28:30 2006 Subject: OT: Mail monitoring on network Message-ID: Do they need this in real time? -----Original Message----- From: "Michele Neylon :: Blacknight Solutions" Date: Thu, 10 Feb 2005 13:40:29 To:MAILSCANNER@JISCMAIL.AC.UK Subject: OT: Mail monitoring on network A client who is using our services requires a solution for tracking all inbound and outbound emails. They need to be able to see who is emailing who, though they do not need to see the contents of the emails The solutions needs to be (l)user-friendly and run on windows Any suggestions on or offlist would be welcome Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 Fax. +353 59 9146970 http://www.blacknight.ie/specialoffers.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! __________________________________________ Errol Uriel Neal Jr. Network Administrator DFI International, Inc. 1717 Pennsylvania Ave NW, Suite 1300 Washington, DC 20006 Tel (202)452-6955 Fax (202)452-6910 eneal@dfi-intl.com www.dfi-intl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Thu Feb 10 13:53:30 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:30 2006 Subject: OT: Mail monitoring on network Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Michele > Neylon :: Blacknight Solutions > Sent: den 10 februari 2005 14:40 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: OT: Mail monitoring on network > > > A client who is using our services requires a solution for > tracking all > inbound and outbound emails. > They need to be able to see who is emailing who, though they > do not need to > see the contents of the emails > > The solutions needs to be (l)user-friendly and run on windows And the use of a windoze-based browser and MWs "domain admin" thing wouldn't do? -- Glenn > > Any suggestions on or offlist would be welcome > > Mr Michele Neylon > Blacknight Internet Solutions Ltd > Hosting, co-location & domains > http://www.blacknight.ie/ > Tel. +353 59 9137101 > Fax. +353 59 9146970 > http://www.blacknight.ie/specialoffers.html > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From klowery at WHI.WTS.EDU Thu Feb 10 14:01:02 2005 From: klowery at WHI.WTS.EDU (Kirk Lowery) Date: Thu Jan 12 21:28:30 2006 Subject: Releasing quarantined messages with exim Message-ID: Scott Silva SGVWATER.COM> writes: > I don't use Exim, but ; > # Do you want to quarantine the original *entire* message as well as > # just the infected attachments? > # This can also be the filename of a ruleset. > Quarantine Whole Message = yes > > # When you quarantine an entire message, do you want to store it as > # raw mail queue files (so you can easily send them onto users) or > # as human-readable files (header then body in 1 file)? > Quarantine Whole Messages As Queue Files = yes > > Then you should be able to copy the queue files to outgoing queue directory. Yes, yes, of course! I remember this now. I moved to new hardware a couple of months ago and forgot about this option...and then exim -M [messageID] JustWorks(tm). Thanks! Kirk ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joshua.hirsh at PARTNERSOLUTIONS.CA Thu Feb 10 14:16:50 2005 From: joshua.hirsh at PARTNERSOLUTIONS.CA (Hirsh, Joshua) Date: Thu Jan 12 21:28:30 2006 Subject: Mail monitoring on network Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Parse your SMTP logs and build a list of who's talking to who. It's not hard to do and can be done with a few lines of Perl. See the attached code for a Postfix example. It's not perfect and will need a few tweaks (locally sent email doesn't show up properly, but my server is for relaying only, inbound and outbound on the same server). I use the output file to import into Excel for "pretty reports" for the manager types. The standard disclaimer applies. This works for me, it may not work for you. If you don't understand the code, don't run it, etc.. etc.. ;-) The code can be better organised (and optimized), but it was a quick write late at night for something I needed to look at quickly. Regards, -Joshua ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/OCTET-STREAM (Name: ] [ "Postfix_Email_Traffic_Report.pl") 2.4KB. ] [ Unable to print this part. ] From klowery at WHI.WTS.EDU Thu Feb 10 14:03:12 2005 From: klowery at WHI.WTS.EDU (Kirk Lowery) Date: Thu Jan 12 21:28:30 2006 Subject: Releasing quarantined messages with exim Message-ID: Brent Addis TIMESMEDIA.CO.NZ> writes: > > Or you could setup mailwatch. > > Much cooler. > > http://mailwatch.sourceforge.net Thanks for this recommendation. I agree, it's a far better solution and more general solution to MailScanner management. The installations complex...wish there was just an install script...guess I'll write one... :-) Kirk ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From eneal at DFI-INTL.COM Thu Feb 10 14:32:19 2005 From: eneal at DFI-INTL.COM (Errol Neal) Date: Thu Jan 12 21:28:30 2006 Subject: Mail monitoring on network Message-ID: Joshua Hirsh wrote: > Parse your SMTP logs and build a list of who's talking to who. It's not hard to do and can be done with a few > lines of Perl. There is actually a webmin module that does this already.. And quite nicely. It is a resouce hog however and I would suggest you run it on a separate box. Here is the link: http://www.netorbit.it/maillog.html Errol ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From P.G.M.Peters at UTWENTE.NL Thu Feb 10 14:32:48 2005 From: P.G.M.Peters at UTWENTE.NL (Peter Peters) Date: Thu Jan 12 21:28:30 2006 Subject: Mail monitoring on network Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hirsh, Joshua wrote on 10-2-2005 15:16: > Parse your SMTP logs and build a list of who's talking to who. It's not > hard to do and can be done with a few lines of Perl. > > See the attached code for a Postfix example. It's not perfect and will need > a few tweaks (locally sent email doesn't show up properly, but my server is > for relaying only, inbound and outbound on the same server). A tool for qmail, postfix, sendmail is maillogconvert.pl (google for it). -- Peter Peters, senior beheerder (Security) Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Thu Feb 10 16:34:31 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:28:30 2006 Subject: Mail monitoring on network Message-ID: Hi there, > > A tool for qmail, postfix, sendmail is maillogconvert.pl (google for it). > maillogconvert.pl is also a part of the Stats-Script awstats ( http://awstats.sourceforge.net/ ), which is also capable of generating a stats out of these logs.. Greetings Marcel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Feb 10 16:58:25 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:30 2006 Subject: Releasing quarantined messages with exim Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kirk Lowery wrote: > Brent Addis TIMESMEDIA.CO.NZ> writes: > > >>Or you could setup mailwatch. >> >>Much cooler. >> >>http://mailwatch.sourceforge.net > > > Thanks for this recommendation. I agree, it's a far better solution and more > general solution to MailScanner management. The installations complex...wish > there was just an install script...guess I'll write one... :-) > > Kirk > Please do! I have been wanting to try MailWatch, but don't have the time to mess with the install, or possible hosing of my server. -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Thu Feb 10 18:42:52 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:30 2006 Subject: mailwatch Message-ID: I have been seeing a lot of talk about Mailwatch. I am using postfix with MS. Does any one have input on what I could get by using Mailwatch. It looks like most of what I would want out of it only works with sendmail. This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john.crossan at valleypres.org Thu Feb 10 18:47:59 2005 From: john.crossan at valleypres.org (John Crossan) Date: Thu Jan 12 21:28:30 2006 Subject: mailwatch Message-ID: Mailwatch provides a GUI, for generating reports and releasing messages from quarantine. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of David Curtis Sent: Thursday, February 10, 2005 10:43 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: mailwatch I have been seeing a lot of talk about Mailwatch. I am using postfix with MS. Does any one have input on what I could get by using Mailwatch. It looks like most of what I would want out of it only works with sendmail. This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Thu Feb 10 19:13:45 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:28:30 2006 Subject: mailwatch Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Read: http://mailwatch.sourceforge.net/ http://mailwatch.sourceforge.net/faq.html I use it with postfix and find it to quite brilliant.. what features are you looking at? You could also search / subscribe to the mailwatch-users mailing list for your missing features.. - dhawal David Curtis writes: > I have been seeing a lot of talk about Mailwatch. I am using postfix > with MS. Does any one have input on what I could get by using Mailwatch. > It looks like most of what I would want out of it only works with > sendmail. > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mark at TIPPINGMAR.COM Thu Feb 10 19:14:03 2005 From: mark at TIPPINGMAR.COM (Mark Nienberg) Date: Thu Jan 12 21:28:30 2006 Subject: spam to delete is now virus scanned? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] In previous versions of MailScanner I'm pretty sure that if a message was determined to be high scoring spam and the high scoring spam actions were to delete the message, then MailScaner would not bother perfoming a virus scan also. Now it seems MailScanner does a virus scan on the message even though it will be deleted. Did this change by intention? I'm using 4.37.7 Example log follows: Feb 10 09:58:24 gingham sendmail[10335]: j1AHwM2t010335: from=, size=38893, class=0, nrcpts=1, msgid=<200502101758.j1AHwM2t010335@mail.tip pingmar.com>, proto=ESMTP, daemon=MTA, relay=h-68-166-219-79.snvacaid.covad.net [68.166.219.79] Feb 10 09:58:29 gingham MailScanner[9365]: New Batch: Scanning 1 messages, 39455 bytes Feb 10 09:58:30 gingham MailScanner[9365]: Spam Checks: Starting Feb 10 09:58:35 gingham MailScanner[9365]: Message j1AHwM2t010335 from 68.166.21 9.79 (mchristie@wpceng.com) to tippingmar.com is spam, SpamAssassin (score=19.39 8, required 5.5, autolearn=spam, ADDRESS_IN_SUBJECT 1.80, BAYES_80 2.50, DCC_CHE CK 2.17, MIME_BOUND_NEXTPART 0.00, MISSING_MIMEOLE 0.01, MSGID_FROM_MTA_ID 1.72, NO_REAL_NAME 0.01, PRIORITY_NO_NAME 1.10, RCVD_IN_XBL 3.08, SPF_HELO_FAIL 1.00, TMA_SPOOF_MACHINE 6.00, TMA_SPOOF_MACHNAME 0.01) Feb 10 09:58:35 gingham MailScanner[9365]: Spam Checks: Found 1 spam messages Feb 10 09:58:35 gingham MailScanner[9365]: Spam Actions: message j1AHwM2t010335 actions are delete Feb 10 09:58:36 gingham MailScanner[9365]: Virus and Content Scanning: Starting Feb 10 09:58:36 gingham MailScanner[9365]: SophosSAVI::INFECTED:: W32/Netsky-Q:: ./j1AHwM2t010335/msg9806.pif Feb 10 09:58:36 gingham MailScanner[9365]: Virus Scanning: SophosSAVI found 1 in fections Feb 10 09:58:37 gingham MailScanner[9365]: ClamAVModule::INFECTED:: Worm.SomeFoo l.Q:: ./j1AHwM2t010335/msg9806.pif Feb 10 09:58:37 gingham MailScanner[9365]: Virus Scanning: ClamAV Module found 1 infections Feb 10 09:58:37 gingham MailScanner[9365]: Infected message j1AHwM2t010335 came from 68.166.219.79 Feb 10 09:58:37 gingham MailScanner[9365]: Virus Scanning: Found 1 viruses Feb 10 09:58:37 gingham MailScanner[9365]: Filename Checks: Allowing j1AHwM2t010 335 msg-9365-37.txt Feb 10 09:58:37 gingham MailScanner[9365]: Filename Checks: Possible MS-Dos prog ram shortcut attack (j1AHwM2t010335 msg9806.pif) Feb 10 09:58:37 gingham MailScanner[9365]: Other Checks: Found 1 problems Feb 10 09:58:37 gingham MailScanner[9365]: Saved infected "msg9806.pif" to /var/ spool/MailScanner/quarantine/20050210/j1AHwM2t010335 Feb 10 09:58:37 gingham sendmail[10343]: j1AHwbPY010343: from=postmaster, size=1 235, class=0, nrcpts=1, msgid=<200502101758.j1AHwbPY010343@gingham.tippingmar.co m>, relay=root@localhost -- Mark Nienberg, SE Tipping Mar + associates 1906 Shattuck Ave Berkeley, CA 94704 http://www.tippingmar.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Feb 10 20:28:05 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:30 2006 Subject: MailScanner for outbound only Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have been asked to provide a machine that can scan all outbound smtp traffic on the network. We have loads of students and some use own mail clients, they ahve own unprotected laptops etc etc - so we will make a firewall rule that all outbound on port 25 goes to this new mail relay. I am already familiar with mailscanner and postfix. Is this simply a matter of building a mailscanner machine, config postfix to access mail from the firewall interface only, and bob's your mothers brother? Who does aoutbound scanning - how do you do it? anyone got any better suggestions for wyhole of company outbound scanning? Thanks Pete ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Thu Feb 10 20:43:10 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:28:30 2006 Subject: MailScanner for outbound only Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Russell wrote: > I have been asked to provide a machine that can scan all outbound smtp > traffic on the network. We have loads of students and some use own mail > clients, they ahve own unprotected laptops etc etc - so we will make a > firewall rule that all outbound on port 25 goes to this new mail relay. > > I am already familiar with mailscanner and postfix. > > Is this simply a matter of building a mailscanner machine, config > postfix to access mail from the firewall interface only, and bob's your > mothers brother? > > Who does aoutbound scanning - how do you do it? anyone got any better > suggestions for wyhole of company outbound scanning? > Pete, We have 2 MS servers for inside use: they both answer to the name smtp.usherbrooke.ca through our DNS setup. To make sure they would not get outside mail I have allowed only internal IP addresses through iptables. All computers use smtp.usherbrooke.ca as their outgoing server while our MX are on 2 different servers. This makes it possible to have different MS rules for inbound and outbound email. Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From raylund.lai at KANKANWOO.COM Thu Feb 10 20:48:36 2005 From: raylund.lai at KANKANWOO.COM (Raylund Lai) Date: Thu Jan 12 21:28:30 2006 Subject: MailScanner for outbound only Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] We do. But we use sendmail. It's simply set sendmail (the mailscanner server) to be a relay of the internal mail server. We're allowing relay by the mail server ip address. Cheers Raylund ----- Original Message ----- From: "Peter Russell" To: Sent: Thursday, February 10, 2005 3:28 PM Subject: MailScanner for outbound only >I have been asked to provide a machine that can scan all outbound smtp > traffic on the network. We have loads of students and some use own mail > clients, they ahve own unprotected laptops etc etc - so we will make a > firewall rule that all outbound on port 25 goes to this new mail relay. > > I am already familiar with mailscanner and postfix. > > Is this simply a matter of building a mailscanner machine, config > postfix to access mail from the firewall interface only, and bob's your > mothers brother? > > Who does aoutbound scanning - how do you do it? anyone got any better > suggestions for wyhole of company outbound scanning? > > Thanks > Pete > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Thu Feb 10 21:00:55 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:30 2006 Subject: small spam score Message-ID: I am still playing with spam scores. I had this e-mail make it through. The score is correct but I would consider this spam. I would think that an e-mail like this would make a higher score. Any advice would be welcome. SpamCheck: not spam, SpamAssassin (score=3.214, required 4.5, BAYES_00 0.60, HTML_30_40 0.02, HTML_MESSAGE 0.00, MIME_QP_LONG_LINE 0.34, MISSING_MIMEOLE 0.01, RCVD_IN_BSP_TRUSTED 2.22, TO_ADDRESS_EQ_REAL 0.03) X-sbschools.net-MailScanner-SpamScore: 3 X-MailScanner-From: top25@shermanstravel.com ----NEXT_BM_08277749300B4CE78BC2A678B08B728D Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: Quoted-Printable Welcome to Sherman's Top 25 List Welcome to Sherman's Top 25 List, our weekly e-newsletter, serving a s your unbiased guide to top travel deals and destinations!

If you or your ISP has implemented spam controls, please remember to add top25@shermanstravel.com and bulletin@shermanstravel.com to you r contact or exemptions list to ensure delivery. We will only send our Top 25 weekly newsletter and an occasional ShermansTr avel Special Issue or BULLETIN, announcing newly released deals screened by our editors, from these addresses.

Thank you for your interest. You'll find some of this week's top screened d eals, below. Click the links for more details.

If you do not see your desired deal on the list below, please view This Week's Top 25 for a large r selection.

$79+ OW: Clearance AIR SALE to US, Europe, more
Source: United
ht tp://www.shermanstravel.com/SnapShot.asp?SnapShotID=1579

$144: Air & 2-nt stay at TI-Mirage in LAS VEGAS
Source: Orbitz
ht tp://www.shermanstravel.com/SnapShot.asp?SnapShotID=1212

$158+ RT: Huge CARIBBEAN air sale
Source: US Airways
ht tp://www.shermanstravel.com/SnapShot.asp?SnapShotID=1580

$599: 5-nt MAUI air/hotel from both coasts
Source: Pleasant Holidays
htt p://www.shermanstravel.com/SnapShot.asp?SnapShotID=920

$405+: Air & 4-nt beachfront BAHAMAS stay
Source: Expedia
ht tp://www.shermanstravel.com/SnapShot.asp?SnapShotID=1581

$83+ RT: AirTran fare SALE across USA
Source: Expedia
ht tp://www.shermanstravel.com/SnapShot.asp?SnapShotID=1584

$333+: 3-nt air & hotel SKI SALE in Aspen, Vail, & more
Source: Expedia
http://www.shermanstravel.com/SnapShotImg.asp?SnapShotID=1585

$389+: LONDON or PARIS super sale with air & 4-nt hotel
Source: Gate1Travel.com
ht tp://www.shermanstravel.com/SnapShot.asp?SnapShotID=1582

$272+: Quickie beach trips w/air to FLORIDA, Caribbean, more
Source: Expedia
ht tp://www.shermanstravel.com/SnapShot.asp?SnapShotID=1435

$299+: Air & 2 nts at 4-star hotel in ICELAND thru March
Source: Icelandair
ht tp://www.shermanstravel.com/SnapShot.asp?SnapShotID=1583

More deals at:
http://www.ShermansTravel.c om/Top25

Sincerely,

James Sherman
Publisher

P.S. Remember, since we don't book tickets, we offer you objective editoria l!

If you did not mean to subscribe to this free e-newsletter, then please cli ck below to unsubscribe (or use the unsubscribe link on your first newslett er).

http://nl.shermanstravel.com /u.php

For general inquiries:
info@shermanstravel.com; 212-417-9130 ext. 107
224 W 30 St., Suite 802
New York, NY 10001

Privacy Policy:
http://www.shermanstr avel.com/privacy.asp Welcome to Sherman's Top 25 List, our weekly e-newsletter, serving as your unbiased guide to top travel deals and destinations! If you or your ISP has implemented spam controls, please remember to add to p25@shermanstravel.com and bulletin@shermanstravel.com to your contact or e xemptions list to ensure delivery. We will only send our Top 25 weekly news letter and an occasional ShermansTravel Special Issue or BULLETIN, announci ng newly released deals screened by our editors, from these addresses. Thank you for your interest. You'll find some of this week's top screened d eals, below. Click the links for more details. If you do not see your desired deal on the list below, please view This Wee k's Top 25 for a larger selection. $79+ OW: Clearance AIR SALE to US, Europe, more Source: United http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1579 $144: Air & 2-nt stay at TI-Mirage in LAS VEGAS Source: Orbitz http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1212 $158+ RT: Huge CARIBBEAN air sale Source: US Airways http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1580 $599: 5-nt MAUI air/hotel from both coasts Source: Pleasant Holidays http://www.shermanstravel.com/SnapShot.asp?SnapShotID=920 $405+: Air & 4-nt beachfront BAHAMAS stay Source: Expedia http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1581 $83+ RT: AirTran fare SALE across USA Source: Expedia http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1584 $333+: 3-nt air & hotel SKI SALE in Aspen, Vail, & more Source: Expedia http://www.shermanstravel.com/SnapShotImg.asp?SnapShotID=1585 $389+: LONDON or PARIS super sale with air & 4-nt hotel Source: Gate1Travel.com http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1582 $272+: Quickie beach trips w/air to FLORIDA, Caribbean, more Source: Expedia http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1435 $299+: Air & 2 nts at 4-star hotel in ICELAND thru March Source: Icelandair http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1583 More deals at: http://www.ShermansTravel.com/Top25 Sincerely, James Sherman Publisher P.S. Remember, since we don't book tickets, we offer you objective editoria l! If you did not mean to subscribe to this free e-newsletter, then please cli ck below to unsubscribe (or use the unsubscribe link on your first newslett er). http://nl.shermanstravel.com/u.php For general inquiries: info@shermanstravel.com; 212-417-9130 ext. 107 224 W 30 St., Suite 802 New York, NY 10001 Privacy Policy: http://www.shermanstravel.com/privacy.asp ----NEXT_BM_08277749300B4CE78BC2A678B08B728D Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: Quoted-Printable Welcome to Sherman's Top 25 List Welcome to Sherman's Top 25 List, our weekly e-newsletter, serving a s your unbiased guide to top travel deals and destinations!

If you or your ISP has implemented spam controls, please remember to add top25@shermanstravel.com and bulletin@shermanstravel.com to you r contact or exemptions list to ensure delivery. We will only send our Top 25 weekly newsletter and an occasional ShermansTr avel Special Issue or BULLETIN, announcing newly released deals screened by our editors, from these addresses.

Thank you for your interest. You'll find some of this week's top screened d eals, below. Click the links for more details.

If you do not see your desired deal on the list below, please view This Week's Top 25 for a large r selection.

$79+ OW: Clearance AIR SALE to US, Europe, more
Source: United
ht tp://www.shermanstravel.com/SnapShot.asp?SnapShotID=1579

$144: Air & 2-nt stay at TI-Mirage in LAS VEGAS
Source: Orbitz
ht tp://www.shermanstravel.com/SnapShot.asp?SnapShotID=1212

$158+ RT: Huge CARIBBEAN air sale
Source: US Airways
ht tp://www.shermanstravel.com/SnapShot.asp?SnapShotID=1580

$599: 5-nt MAUI air/hotel from both coasts
Source: Pleasant Holidays
htt p://www.shermanstravel.com/SnapShot.asp?SnapShotID=920

$405+: Air & 4-nt beachfront BAHAMAS stay
Source: Expedia
ht tp://www.shermanstravel.com/SnapShot.asp?SnapShotID=1581

$83+ RT: AirTran fare SALE across USA
Source: Expedia
ht tp://www.shermanstravel.com/SnapShot.asp?SnapShotID=1584

$333+: 3-nt air & hotel SKI SALE in Aspen, Vail, & more
Source: Expedia
http://www.shermanstravel.com/SnapShotImg.asp?SnapShotID=1585

$389+: LONDON or PARIS super sale with air & 4-nt hotel
Source: Gate1Travel.com
ht tp://www.shermanstravel.com/SnapShot.asp?SnapShotID=1582

$272+: Quickie beach trips w/air to FLORIDA, Caribbean, more
Source: Expedia
ht tp://www.shermanstravel.com/SnapShot.asp?SnapShotID=1435

$299+: Air & 2 nts at 4-star hotel in ICELAND thru March
Source: Icelandair
ht tp://www.shermanstravel.com/SnapShot.asp?SnapShotID=1583

More deals at:
http://www.ShermansTravel.c om/Top25

Sincerely,

James Sherman
Publisher

P.S. Remember, since we don't book tickets, we offer you objective editoria l!

If you did not mean to subscribe to this free e-newsletter, then please cli ck below to unsubscribe (or use the unsubscribe link on your first newslett er).

http://nl.shermanstravel.com /u.php

For general inquiries:
info@shermanstravel.com; 212-417-9130 ext. 107
224 W 30 St., Suite 802
New York, NY 10001

Privacy Policy:
http://www.shermanstr avel.com/privacy.asp ----NEXT_BM_08277749300B4CE78BC2A678B08B728D-- This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Feb 10 21:06:23 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:30 2006 Subject: small spam score Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] But its a newsletter rather UCE isnt it? Did some one subscibe to it, now doesnt want the newsletter anymore and now calls it spam, even though the sender is actually legit? Anyway learn it in bayes as spam and you'll be right. David Curtis wrote: > I am still playing with spam scores. I had this e-mail make it through. > The score is correct but I would consider this spam. I would think that > an e-mail like this would make a higher score. Any advice would be > welcome. > > SpamCheck: not spam, SpamAssassin (score=3.214, > required 4.5, BAYES_00 0.60, HTML_30_40 0.02, HTML_MESSAGE > 0.00, > MIME_QP_LONG_LINE 0.34, MISSING_MIMEOLE 0.01, > RCVD_IN_BSP_TRUSTED 2.22, TO_ADDRESS_EQ_REAL 0.03) > X-sbschools.net-MailScanner-SpamScore: 3 > X-MailScanner-From: top25@shermanstravel.com > > > ----NEXT_BM_08277749300B4CE78BC2A678B08B728D > Content-Type: text/plain; > charset="iso-8859-1" > Content-Transfer-Encoding: Quoted-Printable > > > > > Welcome to Sherman's Top 25 List > > > > Welcome to Sherman's Top 25 List, our weekly e-newsletter, > serving a > s your unbiased guide to top travel deals and destinations! >

> If you or your ISP has implemented spam controls, please remember to > add >>top25@shermanstravel.com and bulletin@shermanstravel.com to > > you > r contact or exemptions list to ensure delivery. > We will only send our Top 25 weekly newsletter and an occasional > ShermansTr > avel Special Issue or BULLETIN, announcing newly released deals > screened by > our editors, from these addresses. >

> Thank you for your interest. You'll find some of this week's top > screened d > eals, below. Click the links for more details. >

> If you do not see your desired deal on the list below, please view href > ="http://www.shermanstravel.com/top25">This Week's Top 25 for a > large > r selection. > >

> $79+ OW: Clearance AIR SALE to US, Europe, more >
> Source: > United >
> href="http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1579">ht > tp://www.shermanstravel.com/SnapShot.asp?SnapShotID=1579 > >

> $144: Air & 2-nt stay at TI-Mirage in LAS VEGAS >
> Source: > Orbitz >
> href="http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1212">ht > tp://www.shermanstravel.com/SnapShot.asp?SnapShotID=1212 > >

> $158+ RT: Huge CARIBBEAN air sale >
> Source: > US Airways >
> href="http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1580">ht > tp://www.shermanstravel.com/SnapShot.asp?SnapShotID=1580 > >

> $599: 5-nt MAUI air/hotel from both coasts >
> Source: > Pleasant Holidays >
> href="http://www.shermanstravel.com/SnapShot.asp?SnapShotID=920">htt > p://www.shermanstravel.com/SnapShot.asp?SnapShotID=920 > >

> $405+: Air & 4-nt beachfront BAHAMAS stay >
> Source: > Expedia >
> href="http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1581">ht > tp://www.shermanstravel.com/SnapShot.asp?SnapShotID=1581 > >

> $83+ RT: AirTran fare SALE across USA >
> Source: > Expedia >
> href="http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1584">ht > tp://www.shermanstravel.com/SnapShot.asp?SnapShotID=1584 > >

> $333+: 3-nt air & hotel SKI SALE in Aspen, Vail, & more >
> Source: > Expedia >
> href="http://www.shermanstravel.com/SnapShotImg.asp?SnapShotID=1585" > >>http://www.shermanstravel.com/SnapShotImg.asp?SnapShotID=1585 > > >

> $389+: LONDON or PARIS super sale with air & 4-nt hotel >
> Source: > Gate1Travel.com >
> href="http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1582">ht > tp://www.shermanstravel.com/SnapShot.asp?SnapShotID=1582 > >

> $272+: Quickie beach trips w/air to FLORIDA, Caribbean, more >
> Source: > Expedia >
> href="http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1435">ht > tp://www.shermanstravel.com/SnapShot.asp?SnapShotID=1435 > >

> $299+: Air & 2 nts at 4-star hotel in ICELAND thru March >
> Source: > Icelandair >
> href="http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1583">ht > tp://www.shermanstravel.com/SnapShot.asp?SnapShotID=1583 > >

> More deals at:
> href="http://www.ShermansTravel.com/Top25">http://www.ShermansTravel.c > > om/Top25 >

> Sincerely, >

> James Sherman
> Publisher >

> P.S. Remember, since we don't book tickets, we offer you objective > editoria > l! >

> If you did not mean to subscribe to this free e-newsletter, then please > cli > ck below to unsubscribe (or use the unsubscribe link on your first > newslett > er). >

> href="http://nl.shermanstravel.com/u.php">http://nl.shermanstravel.com > > /u.php >

> For general inquiries:
> info@shermanstravel.com; 212-417-9130 ext. 107
> 224 W 30 St., Suite 802
> New York, NY 10001 >

> Privacy Policy:
> href="http://www.shermanstravel.com/privacy.asp">http://www.shermanstr > > avel.com/privacy.asp > > > > Welcome to Sherman's Top 25 List, our weekly e-newsletter, serving as > your > unbiased guide to top travel deals and destinations! > If you or your ISP has implemented spam controls, please remember to > add to > p25@shermanstravel.com and bulletin@shermanstravel.com to your contact > or e > xemptions list to ensure delivery. We will only send our Top 25 weekly > news > letter and an occasional ShermansTravel Special Issue or BULLETIN, > announci > ng newly released deals screened by our editors, from these addresses. > > Thank you for your interest. You'll find some of this week's top > screened d > eals, below. Click the links for more details. > > If you do not see your desired deal on the list below, please view This > Wee > k's Top 25 for a larger selection. > > $79+ OW: Clearance AIR SALE to US, Europe, more > Source: United > http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1579 > > $144: Air & 2-nt stay at TI-Mirage in LAS VEGAS > Source: Orbitz > http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1212 > > $158+ RT: Huge CARIBBEAN air sale > Source: US Airways > http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1580 > > $599: 5-nt MAUI air/hotel from both coasts > Source: Pleasant Holidays > http://www.shermanstravel.com/SnapShot.asp?SnapShotID=920 > > $405+: Air & 4-nt beachfront BAHAMAS stay > Source: Expedia > http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1581 > > $83+ RT: AirTran fare SALE across USA > Source: Expedia > http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1584 > > $333+: 3-nt air & hotel SKI SALE in Aspen, Vail, & more > Source: Expedia > http://www.shermanstravel.com/SnapShotImg.asp?SnapShotID=1585 > > $389+: LONDON or PARIS super sale with air & 4-nt hotel > Source: Gate1Travel.com > http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1582 > > $272+: Quickie beach trips w/air to FLORIDA, Caribbean, more > Source: Expedia > http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1435 > > $299+: Air & 2 nts at 4-star hotel in ICELAND thru March > Source: Icelandair > http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1583 > > More deals at: > http://www.ShermansTravel.com/Top25 > > Sincerely, > > James Sherman > Publisher > > P.S. Remember, since we don't book tickets, we offer you objective > editoria > l! > > If you did not mean to subscribe to this free e-newsletter, then please > cli > ck below to unsubscribe (or use the unsubscribe link on your first > newslett > er). > > http://nl.shermanstravel.com/u.php > > For general inquiries: > info@shermanstravel.com; 212-417-9130 ext. 107 > 224 W 30 St., Suite 802 > New York, NY 10001 > > Privacy Policy: > http://www.shermanstravel.com/privacy.asp > > > ----NEXT_BM_08277749300B4CE78BC2A678B08B728D > Content-Type: text/html; > charset="iso-8859-1" > Content-Transfer-Encoding: Quoted-Printable > > > > > Welcome to Sherman's Top 25 List > > > > Welcome to Sherman's Top 25 List, our weekly e-newsletter, > serving a > s your unbiased guide to top travel deals and destinations! >

> If you or your ISP has implemented spam controls, please remember to > add >>top25@shermanstravel.com and bulletin@shermanstravel.com to > > you > r contact or exemptions list to ensure delivery. > We will only send our Top 25 weekly newsletter and an occasional > ShermansTr > avel Special Issue or BULLETIN, announcing newly released deals > screened by > our editors, from these addresses. >

> Thank you for your interest. You'll find some of this week's top > screened d > eals, below. Click the links for more details. >

> If you do not see your desired deal on the list below, please view href > ="http://www.shermanstravel.com/top25">This Week's Top 25 for a > large > r selection. > >

> $79+ OW: Clearance AIR SALE to US, Europe, more >
> Source: > United >
> href="http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1579">ht > tp://www.shermanstravel.com/SnapShot.asp?SnapShotID=1579 > >

> $144: Air & 2-nt stay at TI-Mirage in LAS VEGAS >
> Source: > Orbitz >
> href="http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1212">ht > tp://www.shermanstravel.com/SnapShot.asp?SnapShotID=1212 > >

> $158+ RT: Huge CARIBBEAN air sale >
> Source: > US Airways >
> href="http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1580">ht > tp://www.shermanstravel.com/SnapShot.asp?SnapShotID=1580 > >

> $599: 5-nt MAUI air/hotel from both coasts >
> Source: > Pleasant Holidays >
> href="http://www.shermanstravel.com/SnapShot.asp?SnapShotID=920">htt > p://www.shermanstravel.com/SnapShot.asp?SnapShotID=920 > >

> $405+: Air & 4-nt beachfront BAHAMAS stay >
> Source: > Expedia >
> href="http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1581">ht > tp://www.shermanstravel.com/SnapShot.asp?SnapShotID=1581 > >

> $83+ RT: AirTran fare SALE across USA >
> Source: > Expedia >
> href="http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1584">ht > tp://www.shermanstravel.com/SnapShot.asp?SnapShotID=1584 > >

> $333+: 3-nt air & hotel SKI SALE in Aspen, Vail, & more >
> Source: > Expedia >
> href="http://www.shermanstravel.com/SnapShotImg.asp?SnapShotID=1585" > >>http://www.shermanstravel.com/SnapShotImg.asp?SnapShotID=1585 > > >

> $389+: LONDON or PARIS super sale with air & 4-nt hotel >
> Source: > Gate1Travel.com >
> href="http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1582">ht > tp://www.shermanstravel.com/SnapShot.asp?SnapShotID=1582 > >

> $272+: Quickie beach trips w/air to FLORIDA, Caribbean, more >
> Source: > Expedia >
> href="http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1435">ht > tp://www.shermanstravel.com/SnapShot.asp?SnapShotID=1435 > >

> $299+: Air & 2 nts at 4-star hotel in ICELAND thru March >
> Source: > Icelandair >
> href="http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1583">ht > tp://www.shermanstravel.com/SnapShot.asp?SnapShotID=1583 > >

> More deals at:
> href="http://www.ShermansTravel.com/Top25">http://www.ShermansTravel.c > > om/Top25 >

> Sincerely, >

> James Sherman
> Publisher >

> P.S. Remember, since we don't book tickets, we offer you objective > editoria > l! >

> If you did not mean to subscribe to this free e-newsletter, then please > cli > ck below to unsubscribe (or use the unsubscribe link on your first > newslett > er). >

> href="http://nl.shermanstravel.com/u.php">http://nl.shermanstravel.com > > /u.php >

> For general inquiries:
> info@shermanstravel.com; 212-417-9130 ext. 107
> 224 W 30 St., Suite 802
> New York, NY 10001 >

> Privacy Policy:
> href="http://www.shermanstravel.com/privacy.asp">http://www.shermanstr > > avel.com/privacy.asp > > > > > > ----NEXT_BM_08277749300B4CE78BC2A678B08B728D-- > > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Feb 10 21:19:57 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:30 2006 Subject: small spam score Message-ID: At 04:00 PM 2/10/2005, David Curtis wrote: >I am still playing with spam scores. I had this e-mail make it through. >The score is correct but I would consider this spam. I would think that >an e-mail like this would make a higher score. Any advice would be >welcome. > >SpamCheck: not spam, SpamAssassin (score=3.214, > required 4.5, BAYES_00 0.60, HTML_30_40 0.02, HTML_MESSAGE >0.00, > MIME_QP_LONG_LINE 0.34, MISSING_MIMEOLE 0.01, > RCVD_IN_BSP_TRUSTED 2.22, TO_ADDRESS_EQ_REAL 0.03) Really, everything in that header would suggest the message should be very strong non-spam. Is your system heavily corrupted? RCVD_IN_BSP_TRUSTED should have a negative score as it is a whitelist of legitimate mailers who are willing to pay cash if their subscribers complain to bonded sender about spamming. BAYES_00 should have a negative score. 1) are you positive it really is spam? It really looks like a legitimate subscriber-only newsletter to me. If it really is spam, file an abuse complaint with BondedSender.com right away. (see "report abuse" all the way at the bottom of the left column on their website.) Why is your BSP_TRUSTED rule set to a positive score anyway? Have you had frequent FP problems here and set it positive as a reaction? Is your trusted_networks set correctly? 2) If it really is spam, why is it hitting BAYES_00.. is your bayes DB corrupt or mistrained? It looks like someone hand over-rode it to a positive score.. If you're having to do something that extreme to avoid large numbers of FNs, you've got big problems in your bayes DB and you should consider just turning it off entirely, or wiping and starting fresh. You might also want to consider modifying the bayes_auto_learn_threshold_nonspam to something lower than the default. From the looks of how you've scored BAYES_00 you've got poisoning problems. You really should not be seeing either BSP_TRUSTED or BAYES_00 in spam aside from a rare few. If these are common in spam, you may need to do some more detailed examination of your setup. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Thu Feb 10 21:34:42 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:30 2006 Subject: small spam score Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] David Curtis wrote: > X-sbschools.net-MailScanner-SpamScore: 3 Remove the dot in your %org-name%. The idea is just to make your headers unique, not to include your complete domain name. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Thu Feb 10 21:40:03 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:30 2006 Subject: small spam score Message-ID: Yes it is probably something someone subscribed to. I don't really know much about bayes scoring. Any advice on bayes? >>> pete@ENITECH.COM.AU 2/10/2005 4:06:23 PM >>> But its a newsletter rather UCE isnt it? Did some one subscibe to it, now doesnt want the newsletter anymore and now calls it spam, even though the sender is actually legit? Anyway learn it in bayes as spam and you'll be right. David Curtis wrote: > I am still playing with spam scores. I had this e-mail make it through. > The score is correct but I would consider this spam. I would think that > an e-mail like this would make a higher score. Any advice would be > welcome. > > SpamCheck: not spam, SpamAssassin (score=3.214, > required 4.5, BAYES_00 0.60, HTML_30_40 0.02, HTML_MESSAGE > 0.00, > MIME_QP_LONG_LINE 0.34, MISSING_MIMEOLE 0.01, > RCVD_IN_BSP_TRUSTED 2.22, TO_ADDRESS_EQ_REAL 0.03) > X-sbschools.net-MailScanner-SpamScore: 3 > X-MailScanner-From: top25@shermanstravel.com > > > ----NEXT_BM_08277749300B4CE78BC2A678B08B728D > Content-Type: text/plain; > charset="iso-8859-1" > Content-Transfer-Encoding: Quoted-Printable > > > > > Welcome to Sherman's Top 25 List > > > > Welcome to Sherman's Top 25 List, our weekly e-newsletter, > serving a > s your unbiased guide to top travel deals and destinations! >

> If you or your ISP has implemented spam controls, please remember to > add >>top25@shermanstravel.com and bulletin@shermanstravel.com to > > you > r contact or exemptions list to ensure delivery. > We will only send our Top 25 weekly newsletter and an occasional > ShermansTr > avel Special Issue or BULLETIN, announcing newly released deals > screened by > our editors, from these addresses. >

> Thank you for your interest. You'll find some of this week's top > screened d > eals, below. Click the links for more details. >

> If you do not see your desired deal on the list below, please view href > ="http://www.shermanstravel.com/top25">This Week's Top 25 for a > large > r selection. > >

> $79+ OW: Clearance AIR SALE to US, Europe, more >
> Source: > United >
> href="http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1579">ht > tp://www.shermanstravel.com/SnapShot.asp?SnapShotID=1579 > >

> $144: Air & 2-nt stay at TI-Mirage in LAS VEGAS >
> Source: > Orbitz >
> href="http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1212">ht > tp://www.shermanstravel.com/SnapShot.asp?SnapShotID=1212 > >

> $158+ RT: Huge CARIBBEAN air sale >
> Source: > US Airways >
> href="http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1580">ht > tp://www.shermanstravel.com/SnapShot.asp?SnapShotID=1580 > >

> $599: 5-nt MAUI air/hotel from both coasts >
> Source: > Pleasant Holidays >
> href="http://www.shermanstravel.com/SnapShot.asp?SnapShotID=920">htt > p://www.shermanstravel.com/SnapShot.asp?SnapShotID=920 > >

> $405+: Air & 4-nt beachfront BAHAMAS stay >
> Source: > Expedia >
> href="http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1581">ht > tp://www.shermanstravel.com/SnapShot.asp?SnapShotID=1581 > >

> $83+ RT: AirTran fare SALE across USA >
> Source: > Expedia >
> href="http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1584">ht > tp://www.shermanstravel.com/SnapShot.asp?SnapShotID=1584 > >

> $333+: 3-nt air & hotel SKI SALE in Aspen, Vail, & more >
> Source: > Expedia >
> href="http://www.shermanstravel.com/SnapShotImg.asp?SnapShotID=1585" > >>http://www.shermanstravel.com/SnapShotImg.asp?SnapShotID=1585 > > >

> $389+: LONDON or PARIS super sale with air & 4-nt hotel >
> Source: > Gate1Travel.com >
> href="http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1582">ht > tp://www.shermanstravel.com/SnapShot.asp?SnapShotID=1582 > >

> $272+: Quickie beach trips w/air to FLORIDA, Caribbean, more >
> Source: > Expedia >
> href="http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1435">ht > tp://www.shermanstravel.com/SnapShot.asp?SnapShotID=1435 > >

> $299+: Air & 2 nts at 4-star hotel in ICELAND thru March >
> Source: > Icelandair >
> href="http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1583">ht > tp://www.shermanstravel.com/SnapShot.asp?SnapShotID=1583 > >

> More deals at:
> href="http://www.ShermansTravel.com/Top25">http://www.ShermansTravel.c > > om/Top25 >

> Sincerely, >

> James Sherman
> Publisher >

> P.S. Remember, since we don't book tickets, we offer you objective > editoria > l! >

> If you did not mean to subscribe to this free e-newsletter, then please > cli > ck below to unsubscribe (or use the unsubscribe link on your first > newslett > er). >

> href="http://nl.shermanstravel.com/u.php">http://nl.shermanstravel.com > > /u.php >

> For general inquiries:
> info@shermanstravel.com; 212-417-9130 ext. 107
> 224 W 30 St., Suite 802
> New York, NY 10001 >

> Privacy Policy:
> href="http://www.shermanstravel.com/privacy.asp">http://www.shermanstr > > avel.com/privacy.asp > > > > Welcome to Sherman's Top 25 List, our weekly e-newsletter, serving as > your > unbiased guide to top travel deals and destinations! > If you or your ISP has implemented spam controls, please remember to > add to > p25@shermanstravel.com and bulletin@shermanstravel.com to your contact > or e > xemptions list to ensure delivery. We will only send our Top 25 weekly > news > letter and an occasional ShermansTravel Special Issue or BULLETIN, > announci > ng newly released deals screened by our editors, from these addresses. > > Thank you for your interest. You'll find some of this week's top > screened d > eals, below. Click the links for more details. > > If you do not see your desired deal on the list below, please view This > Wee > k's Top 25 for a larger selection. > > $79+ OW: Clearance AIR SALE to US, Europe, more > Source: United > http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1579 > > $144: Air & 2-nt stay at TI-Mirage in LAS VEGAS > Source: Orbitz > http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1212 > > $158+ RT: Huge CARIBBEAN air sale > Source: US Airways > http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1580 > > $599: 5-nt MAUI air/hotel from both coasts > Source: Pleasant Holidays > http://www.shermanstravel.com/SnapShot.asp?SnapShotID=920 > > $405+: Air & 4-nt beachfront BAHAMAS stay > Source: Expedia > http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1581 > > $83+ RT: AirTran fare SALE across USA > Source: Expedia > http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1584 > > $333+: 3-nt air & hotel SKI SALE in Aspen, Vail, & more > Source: Expedia > http://www.shermanstravel.com/SnapShotImg.asp?SnapShotID=1585 > > $389+: LONDON or PARIS super sale with air & 4-nt hotel > Source: Gate1Travel.com > http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1582 > > $272+: Quickie beach trips w/air to FLORIDA, Caribbean, more > Source: Expedia > http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1435 > > $299+: Air & 2 nts at 4-star hotel in ICELAND thru March > Source: Icelandair > http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1583 > > More deals at: > http://www.ShermansTravel.com/Top25 > > Sincerely, > > James Sherman > Publisher > > P.S. Remember, since we don't book tickets, we offer you objective > editoria > l! > > If you did not mean to subscribe to this free e-newsletter, then please > cli > ck below to unsubscribe (or use the unsubscribe link on your first > newslett > er). > > http://nl.shermanstravel.com/u.php > > For general inquiries: > info@shermanstravel.com; 212-417-9130 ext. 107 > 224 W 30 St., Suite 802 > New York, NY 10001 > > Privacy Policy: > http://www.shermanstravel.com/privacy.asp > > > ----NEXT_BM_08277749300B4CE78BC2A678B08B728D > Content-Type: text/html; > charset="iso-8859-1" > Content-Transfer-Encoding: Quoted-Printable > > > > > Welcome to Sherman's Top 25 List > > > > Welcome to Sherman's Top 25 List, our weekly e-newsletter, > serving a > s your unbiased guide to top travel deals and destinations! >

> If you or your ISP has implemented spam controls, please remember to > add >>top25@shermanstravel.com and bulletin@shermanstravel.com to > > you > r contact or exemptions list to ensure delivery. > We will only send our Top 25 weekly newsletter and an occasional > ShermansTr > avel Special Issue or BULLETIN, announcing newly released deals > screened by > our editors, from these addresses. >

> Thank you for your interest. You'll find some of this week's top > screened d > eals, below. Click the links for more details. >

> If you do not see your desired deal on the list below, please view href > ="http://www.shermanstravel.com/top25">This Week's Top 25 for a > large > r selection. > >

> $79+ OW: Clearance AIR SALE to US, Europe, more >
> Source: > United >
> href="http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1579">ht > tp://www.shermanstravel.com/SnapShot.asp?SnapShotID=1579 > >

> $144: Air & 2-nt stay at TI-Mirage in LAS VEGAS >
> Source: > Orbitz >
> href="http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1212">ht > tp://www.shermanstravel.com/SnapShot.asp?SnapShotID=1212 > >

> $158+ RT: Huge CARIBBEAN air sale >
> Source: > US Airways >
> href="http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1580">ht > tp://www.shermanstravel.com/SnapShot.asp?SnapShotID=1580 > >

> $599: 5-nt MAUI air/hotel from both coasts >
> Source: > Pleasant Holidays >
> href="http://www.shermanstravel.com/SnapShot.asp?SnapShotID=920">htt > p://www.shermanstravel.com/SnapShot.asp?SnapShotID=920 > >

> $405+: Air & 4-nt beachfront BAHAMAS stay >
> Source: > Expedia >
> href="http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1581">ht > tp://www.shermanstravel.com/SnapShot.asp?SnapShotID=1581 > >

> $83+ RT: AirTran fare SALE across USA >
> Source: > Expedia >
> href="http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1584">ht > tp://www.shermanstravel.com/SnapShot.asp?SnapShotID=1584 > >

> $333+: 3-nt air & hotel SKI SALE in Aspen, Vail, & more >
> Source: > Expedia >
> href="http://www.shermanstravel.com/SnapShotImg.asp?SnapShotID=1585" > >>http://www.shermanstravel.com/SnapShotImg.asp?SnapShotID=1585 > > >

> $389+: LONDON or PARIS super sale with air & 4-nt hotel >
> Source: > Gate1Travel.com >
> href="http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1582">ht > tp://www.shermanstravel.com/SnapShot.asp?SnapShotID=1582 > >

> $272+: Quickie beach trips w/air to FLORIDA, Caribbean, more >
> Source: > Expedia >
> href="http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1435">ht > tp://www.shermanstravel.com/SnapShot.asp?SnapShotID=1435 > >

> $299+: Air & 2 nts at 4-star hotel in ICELAND thru March >
> Source: > Icelandair >
> href="http://www.shermanstravel.com/SnapShot.asp?SnapShotID=1583">ht > tp://www.shermanstravel.com/SnapShot.asp?SnapShotID=1583 > >

> More deals at:
> href="http://www.ShermansTravel.com/Top25">http://www.ShermansTravel.c > > om/Top25 >

> Sincerely, >

> James Sherman
> Publisher >

> P.S. Remember, since we don't book tickets, we offer you objective > editoria > l! >

> If you did not mean to subscribe to this free e-newsletter, then please > cli > ck below to unsubscribe (or use the unsubscribe link on your first > newslett > er). >

> href="http://nl.shermanstravel.com/u.php">http://nl.shermanstravel.com > > /u.php >

> For general inquiries:
> info@shermanstravel.com; 212-417-9130 ext. 107
> 224 W 30 St., Suite 802
> New York, NY 10001 >

> Privacy Policy:
> href="http://www.shermanstravel.com/privacy.asp">http://www.shermanstr > > avel.com/privacy.asp > > > > > > ----NEXT_BM_08277749300B4CE78BC2A678B08B728D-- > > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Thu Feb 10 21:45:25 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:30 2006 Subject: small spam score Message-ID: I probably changed the bayes score in MS. I should probably change all the bayes scores back to default. We have another spam filter that we are going to replace with MS when we switch to Exchange and I have been using what it caught as spam and adjusting my scores to make MS act more like our current scanner. Probably a bad idea...maybe our existing scanner is providing to many false positives. Thanks. >>> mkettler@EVI-INC.COM 2/10/2005 4:19:57 PM >>> At 04:00 PM 2/10/2005, David Curtis wrote: >I am still playing with spam scores. I had this e-mail make it through. >The score is correct but I would consider this spam. I would think that >an e-mail like this would make a higher score. Any advice would be >welcome. > >SpamCheck: not spam, SpamAssassin (score=3.214, > required 4.5, BAYES_00 0.60, HTML_30_40 0.02, HTML_MESSAGE >0.00, > MIME_QP_LONG_LINE 0.34, MISSING_MIMEOLE 0.01, > RCVD_IN_BSP_TRUSTED 2.22, TO_ADDRESS_EQ_REAL 0.03) Really, everything in that header would suggest the message should be very strong non-spam. Is your system heavily corrupted? RCVD_IN_BSP_TRUSTED should have a negative score as it is a whitelist of legitimate mailers who are willing to pay cash if their subscribers complain to bonded sender about spamming. BAYES_00 should have a negative score. 1) are you positive it really is spam? It really looks like a legitimate subscriber-only newsletter to me. If it really is spam, file an abuse complaint with BondedSender.com right away. (see "report abuse" all the way at the bottom of the left column on their website.) Why is your BSP_TRUSTED rule set to a positive score anyway? Have you had frequent FP problems here and set it positive as a reaction? Is your trusted_networks set correctly? 2) If it really is spam, why is it hitting BAYES_00.. is your bayes DB corrupt or mistrained? It looks like someone hand over-rode it to a positive score.. If you're having to do something that extreme to avoid large numbers of FNs, you've got big problems in your bayes DB and you should consider just turning it off entirely, or wiping and starting fresh. You might also want to consider modifying the bayes_auto_learn_threshold_nonspam to something lower than the default. From the looks of how you've scored BAYES_00 you've got poisoning problems. You really should not be seeing either BSP_TRUSTED or BAYES_00 in spam aside from a rare few. If these are common in spam, you may need to do some more detailed examination of your setup. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Thu Feb 10 21:46:23 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:30 2006 Subject: small spam score Message-ID: I am not quite sure I follow. How would removing the dot change any scoring? >>> peter@UCGBOOK.COM 2/10/2005 4:34:42 PM >>> David Curtis wrote: > X-sbschools.net-MailScanner-SpamScore: 3 Remove the dot in your %org-name%. The idea is just to make your headers unique, not to include your complete domain name. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHTSOLUTIONS.COM Thu Feb 10 23:37:01 2005 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Internet Solutions Ltd) Date: Thu Jan 12 21:28:30 2006 Subject: small spam score Message-ID: > I am not quite sure I follow. How would removing the dot change any > scoring? Why don't you read the comments in MailScanner.conf? There is a very good reason why you should NOT use a dot "." in your organisation name. Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 Fax. +353 59 9146970 http://www.blacknight.ie/specialoffers.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHTSOLUTIONS.COM Thu Feb 10 23:36:11 2005 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Internet Solutions Ltd) Date: Thu Jan 12 21:28:30 2006 Subject: Mail monitoring on network Message-ID: Thanks for all the suggestions, however the problem is that they are currently using a shared hosting account with us for pop3 and will be moving to a direct SMTP shortly. In essence all we will be doing on our network is scanning the inbound mail, so we would have no control over the outbound. It looks like they will be using MailMarshal Michele Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 Fax. +353 59 9146970 http://www.blacknight.ie/specialoffers.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ree at THUNDERSTAR.NET Thu Feb 10 23:38:37 2005 From: ree at THUNDERSTAR.NET (Ron E.) Date: Thu Jan 12 21:28:30 2006 Subject: URGENT Zlib related problem Message-ID: Dear All, Hopefully someone has a fast answer to this one. I am running MailScanner 4.37.7-1 and clamav 0.80 - I was trying to update to clamav 0.82 and I got a warning about needing zlib 1.2.2 - I installed this but got another error about not finding zlib or zlib-devel when configuring the clamav source. I then tried to build the new zlib from source and then clamav configured properly, however, it would not make - I got an error about the wrong glibc. After various attempts at reverting to the prior zlib 1.2.1 which failed I now have a down system that is not processing email, even when clamav is disabled altogether. If anyone has any idea how to deal with this quickly other than rebuilding from scratch, I would be extremely interested. Thanks. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From b.addis at TIMESMEDIA.CO.NZ Fri Feb 11 00:32:51 2005 From: b.addis at TIMESMEDIA.CO.NZ (Brent Addis) Date: Thu Jan 12 21:28:30 2006 Subject: URGENT Zlib related problem Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] what distribution are you running? Regards, Brent Addis Group Systems Administrator Times Media Group "He who knows, does not speak. He who speaks, does not know". -- Lao Tsu Ron E. wrote: >Dear All, > >Hopefully someone has a fast answer to this one. > >I am running MailScanner 4.37.7-1 and clamav 0.80 - I was trying to >update to clamav 0.82 and I got a warning about needing zlib 1.2.2 - I >installed this but got another error about not finding zlib or zlib-devel >when configuring the clamav source. > >I then tried to build the new zlib from source and then clamav configured >properly, however, it would not make - I got an error about the wrong >glibc. > >After various attempts at reverting to the prior zlib 1.2.1 which failed I >now have a down system that is not processing email, even when clamav is >disabled altogether. > >If anyone has any idea how to deal with this quickly other than rebuilding >from scratch, I would be extremely interested. > >Thanks. > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dcurtis at SBSCHOOLS.NET Fri Feb 11 00:40:46 2005 From: dcurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:30 2006 Subject: small spam score Message-ID: Thanks. Was not realy a concern because it is just in as a test server now and when we go live it was just going to be incomming mail. We are close to changing our mind and may include it for outgoing mail so I will change it. Thanks, David Curtis dcurtis@sbschools.net (802) 652-7254 South Burlington School District 550 Dorset Street South Burlington, Vt 05403 >>> DCurtis@SBSCHOOLS.NET 02/10/05 4:46 PM >>> I am not quite sure I follow. How would removing the dot change any scoring? >>> peter@UCGBOOK.COM 2/10/2005 4:34:42 PM >>> David Curtis wrote: > X-sbschools.net-MailScanner-SpamScore: 3 Remove the dot in your %org-name%. The idea is just to make your headers unique, not to include your complete domain name. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dcurtis at SBSCHOOLS.NET Fri Feb 11 00:43:53 2005 From: dcurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:30 2006 Subject: URGENT Zlib related problem Message-ID: I ran into something simular to that when I was using perl - cspan to install clam. Are you using the perl/cspan install or the tar? Thanks, David Curtis dcurtis@sbschools.net (802) 652-7254 South Burlington School District 550 Dorset Street South Burlington, Vt 05403 >>> ree@THUNDERSTAR.NET 02/10/05 6:38 PM >>> Dear All, Hopefully someone has a fast answer to this one. I am running MailScanner 4.37.7-1 and clamav 0.80 - I was trying to update to clamav 0.82 and I got a warning about needing zlib 1.2.2 - I installed this but got another error about not finding zlib or zlib-devel when configuring the clamav source. I then tried to build the new zlib from source and then clamav configured properly, however, it would not make - I got an error about the wrong glibc. After various attempts at reverting to the prior zlib 1.2.1 which failed I now have a down system that is not processing email, even when clamav is disabled altogether. If anyone has any idea how to deal with this quickly other than rebuilding from scratch, I would be extremely interested. Thanks. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ree at THUNDERSTAR.NET Fri Feb 11 00:44:54 2005 From: ree at THUNDERSTAR.NET (Ron E.) Date: Thu Jan 12 21:28:30 2006 Subject: URGENT Zlib related problem Message-ID: I'm running Fedora Core 2 On Fri, 11 Feb 2005, Brent Addis wrote: > what distribution are you running? > > Regards, > > Brent Addis > Group Systems Administrator > Times Media Group > > "He who knows, does not speak. He who speaks, does not know". -- Lao Tsu > > > > Ron E. wrote: > > >Dear All, > > > >Hopefully someone has a fast answer to this one. > > > >I am running MailScanner 4.37.7-1 and clamav 0.80 - I was trying to > >update to clamav 0.82 and I got a warning about needing zlib 1.2.2 - I > >installed this but got another error about not finding zlib or zlib-devel > >when configuring the clamav source. > > > >I then tried to build the new zlib from source and then clamav configured > >properly, however, it would not make - I got an error about the wrong > >glibc. > > > >After various attempts at reverting to the prior zlib 1.2.1 which failed I > >now have a down system that is not processing email, even when clamav is > >disabled altogether. > > > >If anyone has any idea how to deal with this quickly other than rebuilding > >from scratch, I would be extremely interested. > > > >Thanks. > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From b.addis at TIMESMEDIA.CO.NZ Fri Feb 11 00:47:43 2005 From: b.addis at TIMESMEDIA.CO.NZ (Brent Addis) Date: Thu Jan 12 21:28:31 2006 Subject: URGENT Zlib related problem Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Sorry, can't help, never bothered with redhat centric stuff. Regards, Brent Addis Group Systems Administrator Times Media Group "He who knows, does not speak. He who speaks, does not know". -- Lao Tsu Ron E. wrote: >I'm running Fedora Core 2 > >On Fri, 11 Feb 2005, Brent Addis wrote: > > > >>what distribution are you running? >> >>Regards, >> >>Brent Addis >>Group Systems Administrator >>Times Media Group >> >>"He who knows, does not speak. He who speaks, does not know". -- Lao Tsu >> >> >> >>Ron E. wrote: >> >> >> >>>Dear All, >>> >>>Hopefully someone has a fast answer to this one. >>> >>>I am running MailScanner 4.37.7-1 and clamav 0.80 - I was trying to >>>update to clamav 0.82 and I got a warning about needing zlib 1.2.2 - I >>>installed this but got another error about not finding zlib or zlib-devel >>>when configuring the clamav source. >>> >>>I then tried to build the new zlib from source and then clamav configured >>>properly, however, it would not make - I got an error about the wrong >>>glibc. >>> >>>After various attempts at reverting to the prior zlib 1.2.1 which failed I >>>now have a down system that is not processing email, even when clamav is >>>disabled altogether. >>> >>>If anyone has any idea how to deal with this quickly other than rebuilding >>> >>> >>>from scratch, I would be extremely interested. >> >> >>>Thanks. >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >>> >>> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From eneal at dfi-intl.com Fri Feb 11 00:00:00 2005 From: eneal at dfi-intl.com (Errol Uriel Neal Jr.) Date: Thu Jan 12 21:28:31 2006 Subject: URGENT Zlib related problem Message-ID: Are you building from the source rpm or tar? -----Original Message----- From: "Ron E." Date: Thu, 10 Feb 2005 18:38:37 To:MAILSCANNER@JISCMAIL.AC.UK Subject: URGENT Zlib related problem Dear All, Hopefully someone has a fast answer to this one. I am running MailScanner 4.37.7-1 and clamav 0.80 - I was trying to update to clamav 0.82 and I got a warning about needing zlib 1.2.2 - I installed this but got another error about not finding zlib or zlib-devel when configuring the clamav source. I then tried to build the new zlib from source and then clamav configured properly, however, it would not make - I got an error about the wrong glibc. After various attempts at reverting to the prior zlib 1.2.1 which failed I now have a down system that is not processing email, even when clamav is disabled altogether. If anyone has any idea how to deal with this quickly other than rebuilding from scratch, I would be extremely interested. Thanks. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! __________________________________________ Errol Uriel Neal Jr. Network Administrator DFI International, Inc. 1717 Pennsylvania Ave NW, Suite 1300 Washington, DC 20006 Tel (202)452-6955 Fax (202)452-6910 eneal@dfi-intl.com www.dfi-intl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ree at THUNDERSTAR.NET Fri Feb 11 01:00:10 2005 From: ree at THUNDERSTAR.NET (Ron E.) Date: Thu Jan 12 21:28:31 2006 Subject: URGENT Zlib related problem Message-ID: I tried both installing from binary .rpm and building from source (tar) - then I ran into the problems and tried reverting but no go. I tried reverting by force installing the earlier .rpm for the version that was working and by building the earlier version that was working from source. On both I'm getting glibc related errors. One fellow I talked to gave me the idea of force removing the newer rpm and then reinstalling the correct rpm, or doing a yum update zlib Any thoughts? On Fri, 11 Feb 2005, Errol Uriel Neal Jr. wrote: > Are you building from the source rpm or tar? > > > -----Original Message----- > From: "Ron E." > Date: Thu, 10 Feb 2005 18:38:37 > To:MAILSCANNER@JISCMAIL.AC.UK > Subject: URGENT Zlib related problem > > Dear All, > > Hopefully someone has a fast answer to this one. > > I am running MailScanner 4.37.7-1 and clamav 0.80 - I was trying to > update to clamav 0.82 and I got a warning about needing zlib 1.2.2 - I > installed this but got another error about not finding zlib or zlib-devel > when configuring the clamav source. > > I then tried to build the new zlib from source and then clamav configured > properly, however, it would not make - I got an error about the wrong > glibc. > > After various attempts at reverting to the prior zlib 1.2.1 which failed I > now have a down system that is not processing email, even when clamav is > disabled altogether. > > If anyone has any idea how to deal with this quickly other than rebuilding > from scratch, I would be extremely interested. > > Thanks. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > __________________________________________ > Errol Uriel Neal Jr. > Network Administrator > DFI International, Inc. > 1717 Pennsylvania Ave NW, Suite 1300 > Washington, DC 20006 > Tel (202)452-6955 > Fax (202)452-6910 > eneal@dfi-intl.com > www.dfi-intl.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ree at THUNDERSTAR.NET Fri Feb 11 01:01:24 2005 From: ree at THUNDERSTAR.NET (Ron E.) Date: Thu Jan 12 21:28:31 2006 Subject: URGENT Zlib related problem Message-ID: I'm using the tar unfortunately. I am using the perl module for clam - clamavmodule,and I tried also just switching to plain clamav but same results on both unfortunately. Any thoughts? On Thu, 10 Feb 2005, David Curtis wrote: > I ran into something simular to that when I was using perl - cspan to > install clam. Are you using the perl/cspan install or the tar? > > Thanks, > David Curtis > dcurtis@sbschools.net > (802) 652-7254 > South Burlington School District > 550 Dorset Street > South Burlington, Vt 05403 > >>> ree@THUNDERSTAR.NET 02/10/05 6:38 PM >>> > Dear All, > > Hopefully someone has a fast answer to this one. > > I am running MailScanner 4.37.7-1 and clamav 0.80 - I was trying to > update to clamav 0.82 and I got a warning about needing zlib 1.2.2 - I > installed this but got another error about not finding zlib or > zlib-devel > when configuring the clamav source. > > I then tried to build the new zlib from source and then clamav > configured > properly, however, it would not make - I got an error about the wrong > glibc. > > After various attempts at reverting to the prior zlib 1.2.1 which failed > I > now have a down system that is not processing email, even when clamav > is > disabled altogether. > > If anyone has any idea how to deal with this quickly other than > rebuilding > from scratch, I would be extremely interested. > > Thanks. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From schrock at DAYZED.COM Fri Feb 11 01:40:57 2005 From: schrock at DAYZED.COM (Avery Day) Date: Thu Jan 12 21:28:31 2006 Subject: Blank Email Messages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I had a similar problem a while back. Not sure if its the same problem or not. This might sound stupid but what I found out was one of the optional extra headers that I was using was really long. Not sure which one it was, this was a few months ago. I simply shortened my custom header from around 30 or so characters down to 8 and the problem went away. So if I were you just for sh*ts and giggles, I would look through all of the headers that you might be adding in and make sure that you don't have any really long lines. Its just a thought. Schrock Kurt Bishop wrote: >Hi, > >Recently we have been getting reports of blank or mostly blank messages >being sent & received through our server. We have tried to narrow dow the >problem and believe that MailScanner (or something related) is altering the >HTML message and the mail client cannot display it properly. > >For example, I received a message the was blank except for the last line of >the sender's signature. When doing a View Source on the message, I could >see that the HTML version of the message had been reduced to only include >what I could see on screen. However, the plain text version of the message >was completely intact as the sender had written it. Similarly, my >text-based mail client received a copy of this message which contained the >entire message body as expected. > >The mail server logs showed the following entry when the message passed through: > >Feb 6 05:27:26 mail MailScanner[26382]: Content Checks: Detected and will >disarm HTML message in j16ARH09027988 > >Here's a quick summary of our environment: > >OS: Fedora Core 3 >Kernel: 2.6.9-1.681_FC3 >MailScanner: 4.36.4-1 >Sendmail: 8.13.1-2 >SpamAssassin: 3.0.1-0.FC3 > >These are the only MailScanner.conf entries I could find mentioning "disarm": > >Allow Script Tags = disarm >Allow WebBugs = disarm > >Here are some other MailScanner.conf entries that may be informational: > >Dangerous Content Scanning = yes >Allow Partial Messages = no >Allow External Message Bodies = no >Find Phishing Fraud = yes >Allow IFrame Tags = no >Log IFrame Tags = no >Allow Form Tags = yes >Allow Object Codebase Tags = no >Convert Dangerous HTML To Text = no >Convert HTML To Text = no > >Any suggestions would be greatly appreicated. Thanks. > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------------------------------------- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. >MailScanner thanks transtec Computers for their support. > > > ------------------------------------------------------- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Fri Feb 11 01:48:46 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:31 2006 Subject: URGENT Zlib related problem Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I was forced to try and install MS on some ones FC3 machine yesterday and gave up after trying to install clamav .82 - zlib in FC is 1.2.1 and clam has a built in tyest during compile (read the output) that it will let you install with this version that is known to be buggy but do not ask for help from clamav if you do. I think if you insist on using distros like FC for production machines then you are on your own when it comes to this sort of stuff. FC is NOT designed for use as a production server. Simple. Ron E. wrote: > I tried both installing from binary .rpm and building from source (tar) - > then I ran into the problems and tried reverting but no go. > > I tried reverting by force installing the earlier .rpm for the version > that was working and by building the earlier version that was working from > source. On both I'm getting glibc related errors. > > One fellow I talked to gave me the idea of force removing the newer rpm > and then reinstalling the correct rpm, or doing a yum update zlib > > Any thoughts? > > > > On Fri, 11 Feb 2005, Errol Uriel Neal Jr. wrote: > > >>Are you building from the source rpm or tar? >> >> >>-----Original Message----- >>From: "Ron E." >>Date: Thu, 10 Feb 2005 18:38:37 >>To:MAILSCANNER@JISCMAIL.AC.UK >>Subject: URGENT Zlib related problem >> >>Dear All, >> >>Hopefully someone has a fast answer to this one. >> >>I am running MailScanner 4.37.7-1 and clamav 0.80 - I was trying to >>update to clamav 0.82 and I got a warning about needing zlib 1.2.2 - I >>installed this but got another error about not finding zlib or zlib-devel >>when configuring the clamav source. >> >>I then tried to build the new zlib from source and then clamav configured >>properly, however, it would not make - I got an error about the wrong >>glibc. >> >>After various attempts at reverting to the prior zlib 1.2.1 which failed I >>now have a down system that is not processing email, even when clamav is >>disabled altogether. >> >>If anyone has any idea how to deal with this quickly other than rebuilding >>from scratch, I would be extremely interested. >> >>Thanks. >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >>__________________________________________ >>Errol Uriel Neal Jr. >>Network Administrator >>DFI International, Inc. >>1717 Pennsylvania Ave NW, Suite 1300 >>Washington, DC 20006 >>Tel (202)452-6955 >>Fax (202)452-6910 >>eneal@dfi-intl.com >>www.dfi-intl.com >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dcurtis at SBSCHOOLS.NET Fri Feb 11 02:05:30 2005 From: dcurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:31 2006 Subject: URGENT Zlib related problem Message-ID: Probably not much help...the problem I had I never realy found a solution for. I reinstalled every thing from scratch and install clamav before I installed all the other apps. Thanks, David Curtis dcurtis@sbschools.net (802) 652-7254 South Burlington School District 550 Dorset Street South Burlington, Vt 05403 >>> ree@THUNDERSTAR.NET 02/10/05 8:01 PM >>> I'm using the tar unfortunately. I am using the perl module for clam - clamavmodule,and I tried also just switching to plain clamav but same results on both unfortunately. Any thoughts? On Thu, 10 Feb 2005, David Curtis wrote: > I ran into something simular to that when I was using perl - cspan to > install clam. Are you using the perl/cspan install or the tar? > > Thanks, > David Curtis > dcurtis@sbschools.net > (802) 652-7254 > South Burlington School District > 550 Dorset Street > South Burlington, Vt 05403 > >>> ree@THUNDERSTAR.NET 02/10/05 6:38 PM >>> > Dear All, > > Hopefully someone has a fast answer to this one. > > I am running MailScanner 4.37.7-1 and clamav 0.80 - I was trying to > update to clamav 0.82 and I got a warning about needing zlib 1.2.2 - I > installed this but got another error about not finding zlib or > zlib-devel > when configuring the clamav source. > > I then tried to build the new zlib from source and then clamav > configured > properly, however, it would not make - I got an error about the wrong > glibc. > > After various attempts at reverting to the prior zlib 1.2.1 which failed > I > now have a down system that is not processing email, even when clamav > is > disabled altogether. > > If anyone has any idea how to deal with this quickly other than > rebuilding > from scratch, I would be extremely interested. > > Thanks. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From miguelk at konsultex.com.br Fri Feb 11 02:24:47 2005 From: miguelk at konsultex.com.br (Miguel Koren OBrien de Lacy) Date: Thu Jan 12 21:28:31 2006 Subject: URGENT Zlib related problem Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ron; I saw this thread rather late. At least I think it may be late for your needs. Anyway, I ran into the same problem with Clam 0.81 and now with 0.82. I noticed that it did not happen on all my servers (we are now manging 6 separate sites), which run FC1, FC2 and RH7.2 and RH9. On RH9 and RH7.2 it complains about al old version of curl as well. Even on 2 machines which are supposedly up to date with yum (with some differences that are supposedly not zlib related) I got different results. One one it complained, on the other it configured. So I decided, but I may be completely wrong, that this was not a very serious problem and used the --disable-version-check or someting like that which configre suggests. I have not had any problems (yet). I suggest you try this out as a quick fix. Miguel -- Konsultex Informatica (http://www.konsultex.com.br) ---------- Original Message ----------- From: "Ron E." To: MAILSCANNER@JISCMAIL.AC.UK Sent: Thu, 10 Feb 2005 18:38:37 -0500 Subject: URGENT Zlib related problem > Dear All, > > Hopefully someone has a fast answer to this one. > > I am running MailScanner 4.37.7-1 and clamav 0.80 - I was trying to > update to clamav 0.82 and I got a warning about needing zlib 1.2.2 - I > installed this but got another error about not finding zlib or zlib-devel > when configuring the clamav source. > > I then tried to build the new zlib from source and then clamav configured > properly, however, it would not make - I got an error about the wrong > glibc. > > After various attempts at reverting to the prior zlib 1.2.1 which failed I > now have a down system that is not processing email, even when clamav is > disabled altogether. > > If anyone has any idea how to deal with this quickly other than rebuilding > from scratch, I would be extremely interested. > > Thanks. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > Esta mensagem foi verificada pelo sistema de antivírus e > acredita-se estar livre de perigo. ------- End of Original Message ------- -- Esta mensagem foi verificada pelo sistema de antivírus e acredita-se estar livre de perigo. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ree at THUNDERSTAR.NET Fri Feb 11 02:35:10 2005 From: ree at THUNDERSTAR.NET (Ron E.) Date: Thu Jan 12 21:28:31 2006 Subject: URGENT Zlib related problem Message-ID: [ The following text is in the "X-UNKNOWN" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thank you very much for your input Miguel, and actually I am still working on this problem. It sounds like what you did would have worked out for me, however, I went ahead and tried updating zlib which is where all the trouble began. Any idea how I can revert to zlib 1.2.1 which at least worked? Thanks, Ron On Thu, 10 Feb 2005, Miguel Koren OBrien de Lacy wrote: > Ron; > > I saw this thread rather late. At least I think it may be late for your needs. Anyway, > I ran into the same problem with Clam 0.81 and now with 0.82. I noticed that it did > not happen on all my servers (we are now manging 6 separate sites), which run FC1, FC2 > and RH7.2 and RH9. On RH9 and RH7.2 it complains about al old version of curl as well. > Even on 2 machines which are supposedly up to date with yum (with some differences > that are supposedly not zlib related) I got different results. One one it complained, > on the other it configured. So I decided, but I may be completely wrong, that this was > not a very serious problem and used the --disable-version-check or someting like that > which configre suggests. I have not had any problems (yet). I suggest you try this out > as a quick fix. > > Miguel > > -- > Konsultex Informatica (http://www.konsultex.com.br) > > ---------- Original Message ----------- > From: "Ron E." > To: MAILSCANNER@JISCMAIL.AC.UK > Sent: Thu, 10 Feb 2005 18:38:37 -0500 > Subject: URGENT Zlib related problem > > > Dear All, > > > > Hopefully someone has a fast answer to this one. > > > > I am running MailScanner 4.37.7-1 and clamav 0.80 - I was trying to > > update to clamav 0.82 and I got a warning about needing zlib 1.2.2 - I > > installed this but got another error about not finding zlib or zlib-devel > > when configuring the clamav source. > > > > I then tried to build the new zlib from source and then clamav configured > > properly, however, it would not make - I got an error about the wrong > > glibc. > > > > After various attempts at reverting to the prior zlib 1.2.1 which failed I > > now have a down system that is not processing email, even when clamav is > > disabled altogether. > > > > If anyone has any idea how to deal with this quickly other than rebuilding > > from scratch, I would be extremely interested. > > > > Thanks. > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > -- > > Esta mensagem foi verificada pelo sistema de antivírus e > > acredita-se estar livre de perigo. > ------- End of Original Message ------- > > > -- > Esta mensagem foi verificada pelo sistema de antivírus e > acredita-se estar livre de perigo. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Fri Feb 11 04:18:08 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:31 2006 Subject: MailScanner for outbound only Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Well i just created a new mailscanner machine, configured postfix to accept mail from our subnets only, killed the MX so it doesnt recieved inbound mail, block the port on the firewall or in bound 25. We already had mailscanner doing in bound for half of our domains, we changed the rest of the MX to point to it and now have an seperate inbound and outbound systems. Which the boss wants to double so we have network and hardware redunancy. Now to convince the boss to buy Julian something expensive. Pete Raylund Lai wrote: > We do. But we use sendmail. It's simply set sendmail (the mailscanner > server) to be a relay of the internal mail server. We're allowing relay by > the mail server ip address. > > Cheers > Raylund ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Fri Feb 11 05:41:28 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:28:31 2006 Subject: URGENT Zlib related problem Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] The problem is that a thousand things are dependant on zlib and yum or apt for rpm will have updated all of them. (250mb odd of packages on fc3) Might be a good to start again, if this isnt a production machine. Ron E. wrote: > Thank you very much for your input Miguel, and actually I am still working > on this problem. > > It sounds like what you did would have worked out for me, however, I went > ahead and tried updating zlib which is where all the trouble began. > > Any idea how I can revert to zlib 1.2.1 which at least worked? > > Thanks, > > Ron > > On Thu, 10 Feb 2005, Miguel Koren OBrien de Lacy wrote: > > >>Ron; >> >>I saw this thread rather late. At least I think it may be late for your needs. Anyway, >>I ran into the same problem with Clam 0.81 and now with 0.82. I noticed that it did >>not happen on all my servers (we are now manging 6 separate sites), which run FC1, FC2 >>and RH7.2 and RH9. On RH9 and RH7.2 it complains about al old version of curl as well. >>Even on 2 machines which are supposedly up to date with yum (with some differences >>that are supposedly not zlib related) I got different results. One one it complained, >>on the other it configured. So I decided, but I may be completely wrong, that this was >>not a very serious problem and used the --disable-version-check or someting like that >>which configre suggests. I have not had any problems (yet). I suggest you try this out >>as a quick fix. >> >>Miguel >> >>-- >>Konsultex Informatica (http://www.konsultex.com.br) >> >>---------- Original Message ----------- >>From: "Ron E." >>To: MAILSCANNER@JISCMAIL.AC.UK >>Sent: Thu, 10 Feb 2005 18:38:37 -0500 >>Subject: URGENT Zlib related problem >> >> >>>Dear All, >>> >>>Hopefully someone has a fast answer to this one. >>> >>>I am running MailScanner 4.37.7-1 and clamav 0.80 - I was trying to >>>update to clamav 0.82 and I got a warning about needing zlib 1.2.2 - I >>>installed this but got another error about not finding zlib or zlib-devel >>>when configuring the clamav source. >>> >>>I then tried to build the new zlib from source and then clamav configured >>>properly, however, it would not make - I got an error about the wrong >>>glibc. >>> >>>After various attempts at reverting to the prior zlib 1.2.1 which failed I >>>now have a down system that is not processing email, even when clamav is >>>disabled altogether. >>> >>>If anyone has any idea how to deal with this quickly other than rebuilding >>>from scratch, I would be extremely interested. >>> >>>Thanks. >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >>>-- >>>Esta mensagem foi verificada pelo sistema de antiv�rus e >>> acredita-se estar livre de perigo. >> >>------- End of Original Message ------- >> >> >>-- >>Esta mensagem foi verificada pelo sistema de antiv�rus e >> acredita-se estar livre de perigo. >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > -- Kind regards Peter Russell Enitech IT 3a Grainstore crt Langwarrin Victoria 3910 0419 346 244 pete@enitech.com.au www.enitech.com.au ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From karen at PROJECTHARMONY.AM Fri Feb 11 06:10:31 2005 From: karen at PROJECTHARMONY.AM (Karen Mkoyan) Date: Thu Jan 12 21:28:31 2006 Subject: delivering SPAM to user folders Message-ID: Hello, Is there any script(s) available that delivers mail already marked as {SPAM} to ~user/mail/spam Thank you, Karen Mkoyan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Fri Feb 11 06:22:33 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:28:31 2006 Subject: delivering SPAM to user folders Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] No script required - simply use your spam actions Spam Actions = forward spam Pete Karen Mkoyan wrote: > Hello, > Is there any script(s) available that delivers mail already marked as > {SPAM} to ~user/mail/spam > > > Thank you, > > Karen Mkoyan > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > -- Kind regards Peter Russell Enitech IT 3a Grainstore crt Langwarrin Victoria 3910 0419 346 244 pete@enitech.com.au www.enitech.com.au ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From karen at PROJECTHARMONY.AM Fri Feb 11 06:28:38 2005 From: karen at PROJECTHARMONY.AM (Karen Mkoyan) Date: Thu Jan 12 21:28:31 2006 Subject: delivering SPAM to user folders Message-ID: [ The following text is in the "koi8-r" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Well, yes, but in that case all the spam mails will receive a user called 'spam'. What I want is that every single user has a file where the mailscanner or the script will store e-mails belonging to that user and marked as spam. Karen Mkoyan -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Pete Russell Sent: 11 ÆÅ×ÒÁÌÑ 2005 Ç. 10:23 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: delivering SPAM to user folders No script required - simply use your spam actions Spam Actions = forward spam Pete Karen Mkoyan wrote: > Hello, > Is there any script(s) available that delivers mail already marked as > {SPAM} to ~user/mail/spam > > > Thank you, > > Karen Mkoyan > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > -- Kind regards Peter Russell Enitech IT 3a Grainstore crt Langwarrin Victoria 3910 0419 346 244 pete@enitech.com.au www.enitech.com.au ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Fri Feb 11 07:28:56 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:28:31 2006 Subject: how small is small ? WebBugs Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] hi there, about the Allow WebBugs = disarm feature. how small is small ? to what max pixel size the img tags will be killed ? is it advisable to enable it ? greetings andy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From P.G.M.Peters at UTWENTE.NL Fri Feb 11 07:54:51 2005 From: P.G.M.Peters at UTWENTE.NL (Peter Peters) Date: Thu Jan 12 21:28:31 2006 Subject: Mail monitoring on network Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michele Neylon :: Blacknight Internet Solutions Ltd wrote on 11-2-2005 0:36: > It looks like they will be using MailMarshal Watch out for problems regarding open relays. We have had a department using that. It ran on the same machine as their mailserver. MailMarshal runs on port 25 and delivers mail on localhost on a standard port. The standard mailserver was used for relaying over that port. -- Peter Peters, senior beheerder (Security) Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Fri Feb 11 07:56:43 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:31 2006 Subject: URGENT Zlib related problem Message-ID: Hi! > It sounds like what you did would have worked out for me, however, I went > ahead and tried updating zlib which is where all the trouble began. > > Any idea how I can revert to zlib 1.2.1 which at least worked? http://mailscanner.prolocation.net/ Or the direct links: http://mailscanner.prolocation.net/zlib/zlib-1.2.2.2-1.i386.rpm http://mailscanner.prolocation.net/zlib/zlib-devel-1.2.2.2-1.i386.rpm Let me know if this fixes your problem. The above ones are builded for FC1 Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Fri Feb 11 07:58:57 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:31 2006 Subject: URGENT Zlib related problem Message-ID: Hi! > I was forced to try and install MS on some ones FC3 machine yesterday > and gave up after trying to install clamav .82 - zlib in FC is 1.2.1 and > clam has a built in tyest during compile (read the output) that it will > let you install with this version that is known to be buggy but do not > ask for help from clamav if you do. Fedora backported the changes, there is no problem known as far as i know. > FC is NOT designed for use as a production server. Simple. We process around 2-5M messages a day with FC setups. Matter of experience? Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Fri Feb 11 08:49:27 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:28:31 2006 Subject: Small Bug? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I find that on a fresh machine with RHEL3 and latest mailscanner and postfix, all from source that when i do a service MailScanner reload i see postfix[11376]: fatal: open /etc/postfix.in/main.cf: No such file or directory in the log. If i do restart or anything else i dont see it. This is a fresh install with no reference inm any config nor directory to this path. Doesnt appear to make a lot of difference, but i gues JF prefers to have it cleaned up? -- Kind regards Peter Russell ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Fri Feb 11 08:56:49 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:31 2006 Subject: Clamav Problem Solved Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, All! Dag Wieers released new RPM's of Clamav 0.82 with a patch that solves the false positives about Exploit.W32.MS05-002. The RPMs are, as usual, at http://dag.wieers.com/packages/clamav/ Regards Roger Jochem ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From shrek-m at GMX.DE Fri Feb 11 09:40:00 2005 From: shrek-m at GMX.DE (shrek-m@gmx.de) Date: Thu Jan 12 21:28:31 2006 Subject: URGENT Zlib related problem Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ron E. wrote: >One fellow I talked to gave me the idea of force removing the newer rpm >and then reinstalling the correct rpm, > # rpm -Uvh --replacefiles --replacepkgs --oldpackage $ man rpm --force Same as using --replacepkgs, --replacefiles, and --oldpackage. >or doing a yum update zlib > zlib-1.2.2.x is afaik only in rawhide eg. # yum --enablerepo=development update zlib http://download.fedora.redhat.com/pub/fedora/linux/core/development/i386/Fedora/RPMS/zlib-1.2.2.2-1.i386.rpm afair this package has no signature $ cat /etc/fedora-release ; clamscan --version ; rpm -qi zlib | head -4 Fedora Core release 3 (Heidelberg) ClamAV 0.81/704/Thu Feb 10 12:37:18 2005 Name : zlib Relocations: /usr Version : 1.2.2.2 Vendor: Red Hat, Inc. Release : 1 Build Date: Mo 03 Jan 2005 18:43:23 CET Install Date: Do 27 Jan 2005 15:14:02 CET Build Host: decompose.build.redhat.com -- shrek-m ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Fri Feb 11 09:50:41 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:28:31 2006 Subject: URGENT Zlib related problem Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I wasnt almost to add that "its not for production, unless in the hands of experienced admins" but i didnt want to sound, you know.... I dont like using, it and i dont see the point - but linux always develops in a personal taste debate :) As long as we are all using open source its all good - no? :) Raymond Dijkxhoorn wrote: > Hi! > >> I was forced to try and install MS on some ones FC3 machine yesterday >> and gave up after trying to install clamav .82 - zlib in FC is 1.2.1 and >> clam has a built in tyest during compile (read the output) that it will >> let you install with this version that is known to be buggy but do not >> ask for help from clamav if you do. > > > Fedora backported the changes, there is no problem known as far as i know. > >> FC is NOT designed for use as a production server. Simple. > > > We process around 2-5M messages a day with FC setups. Matter of > experience? > > Bye, > Raymond. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Fri Feb 11 09:54:20 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:31 2006 Subject: URGENT Zlib related problem Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Fri, February 11, 2005 9:50, Pete Russell said: > I wasnt almost to add that "its not for production, unless in the hands > of experienced admins" but i didnt want to sound, you know.... If it makes anyone feel better, I had the same problem on my (new) Suse 9.2 box, which may may decribe as being 'production quality' (What ever that really is in the *nix world :-) ) > > I dont like using, it and i dont see the point - but linux always > develops in a personal taste debate :) As long as we are all using open > source its all good - no? > Agreed! Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Feb 11 10:07:11 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:31 2006 Subject: MailScanner for outbound only Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Yes, bob is probably your mothers sisters husband or your mothers brother in this:-). We've "solved" it a bit differently.... The FW rule is deny for all but the outbound servers, then posting (on an appropriatly public source) the fact that any outbound mails have to take this route or be dropped dead. But your suggestion should work fine too, as long as you "trust" all subnets etc. -- Glenn -----Original Message----- From: MailScanner mailing list on behalf of Raylund Lai Sent: Thu 2/10/2005 9:48 PM To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Re: MailScanner for outbound only We do. But we use sendmail. It's simply set sendmail (the mailscanner server) to be a relay of the internal mail server. We're allowing relay by the mail server ip address. Cheers Raylund ----- Original Message ----- From: "Peter Russell" To: Sent: Thursday, February 10, 2005 3:28 PM Subject: MailScanner for outbound only >I have been asked to provide a machine that can scan all outbound smtp > traffic on the network. We have loads of students and some use own mail > clients, they ahve own unprotected laptops etc etc - so we will make a > firewall rule that all outbound on port 25 goes to this new mail relay. > > I am already familiar with mailscanner and postfix. > > Is this simply a matter of building a mailscanner machine, config > postfix to access mail from the firewall interface only, and bob's your > mothers brother? > > Who does aoutbound scanning - how do you do it? anyone got any better > suggestions for wyhole of company outbound scanning? > > Thanks > Pete > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Feb 11 10:10:47 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:31 2006 Subject: MailScanner for outbound only Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Good Luck convincing your PHB to spend a nit:-). (And sorry to all for my non-necessary post in this thread... Hateful webmail lacking proper threading... Didn't see the resolution. Sigh. And now I've wasted some more seconds of your time:) -- Glenn -----Original Message----- From: MailScanner mailing list on behalf of Peter Russell Sent: Fri 2/11/2005 5:18 AM To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Re: MailScanner for outbound only Well i just created a new mailscanner machine, configured postfix to accept mail from our subnets only, killed the MX so it doesnt recieved inbound mail, block the port on the firewall or in bound 25. We already had mailscanner doing in bound for half of our domains, we changed the rest of the MX to point to it and now have an seperate inbound and outbound systems. Which the boss wants to double so we have network and hardware redunancy. Now to convince the boss to buy Julian something expensive. Pete Raylund Lai wrote: > We do. But we use sendmail. It's simply set sendmail (the mailscanner > server) to be a relay of the internal mail server. We're allowing relay by > the mail server ip address. > > Cheers > Raylund ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Fri Feb 11 10:22:46 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:28:31 2006 Subject: MailScanner for outbound only Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Not a waste of my time, at all. AND the boss has agreed to part with "a few hundred" now and some more when we double the mailscanner population here - i eplxained that without donation i couldnt provide the support, and the JF couldnt develop and then he would have to be answering to the directors again about why we ahvent had external mail for a WEEK, while his senior tech talks with CA techs - i 'rode' in this morning, whipped up a mailscanner machine plugged in the same network space as the OLD CA machine and voila LOADS of mail routing occurs, safely. He is gonna have to pay for this stress relief. Only issue is that Julian's wishlist is almost empty - JF please add some nice items to your wishlist. Pete Steen, Glenn wrote: > Good Luck convincing your PHB to spend a nit:-). > > (And sorry to all for my non-necessary post in this thread... Hateful webmail lacking proper threading... Didn't see the resolution. Sigh. And now I've wasted some more seconds of your time:) > > -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Feb 11 10:26:45 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:31 2006 Subject: MailScanner for outbound only Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Great! I'm still working on mine... He forked over some cash for the book, but... well, we'll see;) Your story should go into the "success story" section, perhaps... -- Glenn -----Original Message----- From: MailScanner mailing list on behalf of Pete Russell Sent: Fri 2/11/2005 11:22 AM To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Re: MailScanner for outbound only Not a waste of my time, at all. AND the boss has agreed to part with "a few hundred" now and some more when we double the mailscanner population here - i eplxained that without donation i couldnt provide the support, and the JF couldnt develop and then he would have to be answering to the directors again about why we ahvent had external mail for a WEEK, while his senior tech talks with CA techs - i 'rode' in this morning, whipped up a mailscanner machine plugged in the same network space as the OLD CA machine and voila LOADS of mail routing occurs, safely. He is gonna have to pay for this stress relief. Only issue is that Julian's wishlist is almost empty - JF please add some nice items to your wishlist. Pete Steen, Glenn wrote: > Good Luck convincing your PHB to spend a nit:-). > > (And sorry to all for my non-necessary post in this thread... Hateful webmail lacking proper threading... Didn't see the resolution. Sigh. And now I've wasted some more seconds of your time:) > > -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Feb 11 10:45:39 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:31 2006 Subject: Clamav Problem Solved Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] It's a known issue in the rc-script. IIRC someone posted a fix for it. Or just ignore it, all is well with your one queue setup anyway:-) -- Glenn -----Original Message----- From: MailScanner mailing list on behalf of Roger Jochem Sent: Fri 2/11/2005 9:56 AM To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Clamav Problem Solved Hello, All! Dag Wieers released new RPM's of Clamav 0.82 with a patch that solves the false positives about Exploit.W32.MS05-002. The RPMs are, as usual, at http://dag.wieers.com/packages/clamav/ Regards Roger Jochem ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Feb 11 10:52:09 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:31 2006 Subject: Clamav Problem Solved Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have to stop using this crummy webmail thing.... This reply was intended to a completely different post. Have absolutely no idea how this got mixed up (well, perhaps "fat fingers" featured in it somehow:). -- Glenn -----Original Message----- From: MailScanner mailing list on behalf of Steen, Glenn Sent: Fri 2/11/2005 11:45 AM To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Re: Clamav Problem Solved It's a known issue in the rc-script. IIRC someone posted a fix for it. Or just ignore it, all is well with your one queue setup anyway:-) -- Glenn -----Original Message----- From: MailScanner mailing list on behalf of Roger Jochem Sent: Fri 2/11/2005 9:56 AM To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Clamav Problem Solved Hello, All! Dag Wieers released new RPM's of Clamav 0.82 with a patch that solves the false positives about Exploit.W32.MS05-002. The RPMs are, as usual, at http://dag.wieers.com/packages/clamav/ Regards Roger Jochem ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Feb 11 10:59:07 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:31 2006 Subject: Small Bug? Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Now answering the correct post.... It's a known issue in the rc-script. IIRC someone posted a fix for it. Or just ignore it, all is well with your "one queue setup" anyway:-) -- Glenn -----Original Message----- From: MailScanner mailing list on behalf of Pete Russell Sent: Fri 2/11/2005 9:49 AM To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Small Bug? I find that on a fresh machine with RHEL3 and latest mailscanner and postfix, all from source that when i do a service MailScanner reload i see postfix[11376]: fatal: open /etc/postfix.in/main.cf: No such file or directory in the log. If i do restart or anything else i dont see it. This is a fresh install with no reference inm any config nor directory to this path. Doesnt appear to make a lot of difference, but i gues JF prefers to have it cleaned up? -- Kind regards Peter Russell ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Feb 11 11:15:13 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:31 2006 Subject: URGENT Zlib related problem Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] (Sorry all for a longish post of pretty obvious views) A rule of thumb that wont help you much in dealing with your messed up system: Never install from source what has already been installed from binary package, or the other way around. Confusion and chaos lies along that path. If you absolutely have to get the source version, be sure to deinstall the binary one first (if at all possible...). As I'm sure someone has already menitoned, usually there is a backported update to things like this. Find a get that. The source version of clamav cannot have a view on that matter, only on the known source versions of zlib, so... the warning should perhaps read "... but please do use the disable-check option if you're absolutely sure you've got all the relevant fixes", but that would probably just lead to more confusion:-). Now, to deal with your system... I'm not entirely sure you've accounted for the exact things you've done, so being precise about what to do is pretty hard. The no-brainers are of course to remove any vestiges of the botched source install of zlib ("make -n install" is your friend there), and try forceload a working rpm copy (this might mean reverting to an older one with rpm --oldpackage ...). If you updated other libs (like glibc with a --force...) you might be in for a fun round of trying to get to an "equilibrium" where all packages are in a working sync. When all is said and done, it's pretty likely that your time is best spent restoring a backup or building a completely new install. -- Glenn -----Original Message----- From: MailScanner mailing list on behalf of Ron E. Sent: Fri 2/11/2005 3:35 AM To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Re: URGENT Zlib related problem Thank you very much for your input Miguel, and actually I am still working on this problem. It sounds like what you did would have worked out for me, however, I went ahead and tried updating zlib which is where all the trouble began. Any idea how I can revert to zlib 1.2.1 which at least worked? Thanks, Ron On Thu, 10 Feb 2005, Miguel Koren OBrien de Lacy wrote: > Ron; > > I saw this thread rather late. At least I think it may be late for your needs. Anyway, > I ran into the same problem with Clam 0.81 and now with 0.82. I noticed that it did > not happen on all my servers (we are now manging 6 separate sites), which run FC1, FC2 > and RH7.2 and RH9. On RH9 and RH7.2 it complains about al old version of curl as well. > Even on 2 machines which are supposedly up to date with yum (with some differences > that are supposedly not zlib related) I got different results. One one it complained, > on the other it configured. So I decided, but I may be completely wrong, that this was > not a very serious problem and used the --disable-version-check or someting like that > which configre suggests. I have not had any problems (yet). I suggest you try this out > as a quick fix. > > Miguel > > -- > Konsultex Informatica (http://www.konsultex.com.br) > > ---------- Original Message ----------- > From: "Ron E." > To: MAILSCANNER@JISCMAIL.AC.UK > Sent: Thu, 10 Feb 2005 18:38:37 -0500 > Subject: URGENT Zlib related problem > > > Dear All, > > > > Hopefully someone has a fast answer to this one. > > > > I am running MailScanner 4.37.7-1 and clamav 0.80 - I was trying to > > update to clamav 0.82 and I got a warning about needing zlib 1.2.2 - I > > installed this but got another error about not finding zlib or zlib-devel > > when configuring the clamav source. > > > > I then tried to build the new zlib from source and then clamav configured > > properly, however, it would not make - I got an error about the wrong > > glibc. > > > > After various attempts at reverting to the prior zlib 1.2.1 which failed I > > now have a down system that is not processing email, even when clamav is > > disabled altogether. > > > > If anyone has any idea how to deal with this quickly other than rebuilding > > from scratch, I would be extremely interested. > > > > Thanks. > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > -- > > Esta mensagem foi verificada pelo sistema de antivírus e > > acredita-se estar livre de perigo. > ------- End of Original Message ------- > > > -- > Esta mensagem foi verificada pelo sistema de antivírus e > acredita-se estar livre de perigo. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Fri Feb 11 12:46:34 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:28:31 2006 Subject: Configuring sendmail not to reveal internal hostnames Message-ID: Would this work if you manage more than one domain on the box? -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Wednesday, January 19, 2005 11:44 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Configuring sendmail not to reveal internal hostnames Put this in your sendmail.mc file and rebuild the sendmail.cf file MASQUERADE_AS(`ecs.soton.ac.uk') FEATURE(masquerade_envelope) FEATURE(allmasquerade) Obviously you will want to change ecs.soton.ac.uk to your domain name. Errol Neal wrote: >Excuse me, I mean *not* to expose. Sorry > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Errol Neal >Sent: Wednesday, January 19, 2005 11:16 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: OT: Configuring sendmail not to reveal internal hostnames > >As the subject says, this is OT. I apologize. > >I'm searching for a means by which I can tell sendmail to expose the >host names of local computers on our network. The computers are named >after the users they are associated with so that reveals a lot to folks >in the outside world. Anyone know of a means to disable this? I just >want to disable the reverse lookup. > > > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Fri Feb 11 12:50:13 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:28:31 2006 Subject: Doesn't scan for virus on spam forwarded to an email address Message-ID: You can always install clamav-milter so that sendmail catches viruses before mailscanner does, thereby reducing the load on your server - if you use sendmail. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Thursday, January 20, 2005 11:45 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Doesn't scan for virus on spam forwarded to an email address Upgrade to the latest version and see if it still a problem. I can't remember from that long ago (10 months). Danny Beland wrote: >Here is a description of our system. > >MailScanner 4.28.6 >SpamAssassin 2.64 >McAfee virus scanner > >The way were are setup is that all spam is forwarded to an email account. >The problem we have is that if the email is detected as spam, the >email is forwarded to the spam email account without being scanned for >viruses. Some emails are detected as spam and contain a virus. >Is there a way to scan for viruses before scanning for spam? >Maybe there is other ways to deal with this problem, but that is the >only solution I found. > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Fri Feb 11 13:04:02 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:28:31 2006 Subject: Bit Defender Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi there, was thinking about installing bit defender seeing as the license permits me to use it for free. Can anyone comment on whether this is worth using at all? Because i searched the arcvhives and found some posts from JF and he was saying it wasnt really that great, but these are 2 year old posts - anyone know if its improved since then? is it better than etrust/ca ? or is it a waste of time? Pete ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Fri Feb 11 13:07:30 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:28:31 2006 Subject: AW: Bit Defender Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] hi, why not clamav ? >-----Ursprüngliche Nachricht----- >Von: Pete Russell [mailto:pete@ENITECH.COM.AU] >Gesendet: Freitag, 11. Februar 2005 14:04 >An: MAILSCANNER@JISCMAIL.AC.UK >Betreff: Bit Defender > > >Hi there, was thinking about installing bit defender seeing as >the license permits me to use it for free. > >Can anyone comment on whether this is worth using at all? > >Because i searched the arcvhives and found some posts from JF >and he was saying it wasnt really that great, but these are 2 >year old posts - anyone know if its improved since then? is it >better than etrust/ca ? or is it a waste of time? Pete > >------------------------ MailScanner list >------------------------ To unsubscribe, email >jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in >the body of the email. Before posting, read the MAQ >(http://www.mailscanner.biz/maq/) and the archives >(http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john at OMEGADATA.NO Fri Feb 11 13:17:56 2005 From: john at OMEGADATA.NO (John Berntsen) Date: Thu Jan 12 21:28:31 2006 Subject: Bit Defender Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Why not use both? works like a charm. Med vennlig hilsen / Regards John Berntsen -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Dörfler Andreas Sent: 11. februar 2005 14:08 To: MAILSCANNER@JISCMAIL.AC.UK Subject: AW: Bit Defender hi, why not clamav ? >-----Ursprüngliche Nachricht----- >Von: Pete Russell [mailto:pete@ENITECH.COM.AU] >Gesendet: Freitag, 11. Februar 2005 14:04 >An: MAILSCANNER@JISCMAIL.AC.UK >Betreff: Bit Defender > > >Hi there, was thinking about installing bit defender seeing as >the license permits me to use it for free. > >Can anyone comment on whether this is worth using at all? > >Because i searched the arcvhives and found some posts from JF >and he was saying it wasnt really that great, but these are 2 >year old posts - anyone know if its improved since then? is it >better than etrust/ca ? or is it a waste of time? Pete > >------------------------ MailScanner list >------------------------ To unsubscribe, email >jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in >the body of the email. Before posting, read the MAQ >(http://www.mailscanner.biz/maq/) and the archives >(http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Fri Feb 11 13:32:51 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:28:31 2006 Subject: URGENT Zlib related problem Message-ID: True. All my setups use FC 1, 2 or 3 and work fine. Even that zlib thing didn't give me any trouble, it always compiled fine. Guess it's a matter of personal experience; as always, YMMV. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Drew Marshall Sent: Friday, February 11, 2005 4:54 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: URGENT Zlib related problem On Fri, February 11, 2005 9:50, Pete Russell said: > I wasnt almost to add that "its not for production, unless in the > hands of experienced admins" but i didnt want to sound, you know.... If it makes anyone feel better, I had the same problem on my (new) Suse 9.2 box, which may may decribe as being 'production quality' (What ever that really is in the *nix world :-) ) > > I dont like using, it and i dont see the point - but linux always > develops in a personal taste debate :) As long as we are all using > open source its all good - no? > Agreed! Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Fri Feb 11 13:35:14 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:28:31 2006 Subject: Bit Defender Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ditto. It's been a long time since I last looked, but a few of the other av packages let you use a "personal license", which is good if you run your own server for your personal use. If you bother downloading test versions of some of the mailscanner-supported av packages, you can even get those to work and try them out. All in all I remember once just for sh*ts and giggles I got about 10 AV scanners (commercial, trial and free) working at one time on one mailscanner box, and they worked (and updated themselves) perfectly. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of John Berntsen Sent: Friday, February 11, 2005 8:18 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Bit Defender Why not use both? works like a charm. Med vennlig hilsen / Regards John Berntsen -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Dörfler Andreas Sent: 11. februar 2005 14:08 To: MAILSCANNER@JISCMAIL.AC.UK Subject: AW: Bit Defender hi, why not clamav ? >-----Ursprüngliche Nachricht----- >Von: Pete Russell [mailto:pete@ENITECH.COM.AU] >Gesendet: Freitag, 11. Februar 2005 14:04 >An: MAILSCANNER@JISCMAIL.AC.UK >Betreff: Bit Defender > > >Hi there, was thinking about installing bit defender seeing as the >license permits me to use it for free. > >Can anyone comment on whether this is worth using at all? > >Because i searched the arcvhives and found some posts from JF and he >was saying it wasnt really that great, but these are 2 year old posts - >anyone know if its improved since then? is it better than etrust/ca ? >or is it a waste of time? Pete > >------------------------ MailScanner list >------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk >with the words: 'leave mailscanner' in the body of the email. Before >posting, read the MAQ >(http://www.mailscanner.biz/maq/) and the archives >(http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Fri Feb 11 13:42:58 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:28:31 2006 Subject: Bit Defender Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Pete Russell wrote: > Hi there, was thinking about installing bit defender seeing as the > license permits me to use it for free. > > Can anyone comment on whether this is worth using at all? > > Because i searched the arcvhives and found some posts from JF and he was > saying it wasnt really that great, but these are 2 year old posts - > anyone know if its improved since then? is it better than etrust/ca ? or > is it a waste of time? > Pete > A reply I received today from the bitdefender team.. --------------------------------------------------- The bdc scanner is free to use. If you want to protect your emails against spam and viruses, you have to buy BitDefender for mailserver. But you can try it before buying the product by downloading it from: ftp://ftp.bitdefender.com/pub/linux/mailserver/ For buying, please visit: http://www.bitdefender.com/bd/site/buy.php?section1=1 --------------------------------------------------- My Question was: --------------------------------------------------- > This URL for BitDefender Linux Edition says that its a freeware > product, is this also the case for commercial usage? > http://www.bitdefender.com/bd/site/products.php?p_id=16 > > I am planning to use it with a third party scanner like amavis / > qmail-scanner, please let me know if this is fine OR if I need to > procure a license and if so then what is the cost for the same. --------------------------------------------------- Confused I am!! should I continue using it OR buy a license. Technically I am happily willing to dump uvscan and replace it bitdefender as long as clam is also present. Clam incidently is our primary choice due to the efficient use of resources compared to uvscan & bitdefender. The hits (read viruses caught) for clam being higher than both uvscan and bitdefender (partly due to clam's phishing detection). I suggest you clarify with support@bitdefender.com for licensing before you start using it. In any case I would recommend using clam. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Fri Feb 11 13:48:27 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:28:31 2006 Subject: Bit Defender Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Of course i am usijng clamav already. My question was is it worth the effort to have both? Does BD ever catch a virus not caught by clamav? Pete John Berntsen wrote: > Why not use both? works like a charm. > > > Med vennlig hilsen / Regards > John Berntsen > > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf > Of Dörfler Andreas > Sent: 11. februar 2005 14:08 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: AW: Bit Defender > > hi, > > why not clamav ? > > >>-----Ursprüngliche Nachricht----- >>Von: Pete Russell [mailto:pete@ENITECH.COM.AU] >>Gesendet: Freitag, 11. Februar 2005 14:04 >>An: MAILSCANNER@JISCMAIL.AC.UK >>Betreff: Bit Defender >> >> >>Hi there, was thinking about installing bit defender seeing as >>the license permits me to use it for free. >> >>Can anyone comment on whether this is worth using at all? >> >>Because i searched the arcvhives and found some posts from JF >>and he was saying it wasnt really that great, but these are 2 >>year old posts - anyone know if its improved since then? is it >>better than etrust/ca ? or is it a waste of time? Pete >> >>------------------------ MailScanner list >>------------------------ To unsubscribe, email >>jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in >>the body of the email. Before posting, read the MAQ >>(http://www.mailscanner.biz/maq/) and the archives >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Fri Feb 11 14:06:00 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:28:31 2006 Subject: Bit Defender Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Pete Russell wrote: > Of course i am usijng clamav already. > > My question was is it worth the effort to have both? Does BD ever catch > a virus not caught by clamav? > > Pete twice in ~3000 mails.. I am ASSUMING that this was due to the fact the clam was probably being updated at that time (thereby creating a lock asking MS not to use it). Also in the same result, thrice did uvscan detect a virus when both clam / bdc failed to detect it. Again in the same result, 10 times clam detected a virus when both uvscan / bdc failed to detect it (all attributed to phishing detection). So this contradicts my previous statement that clam detects more viruses compared to uvscan. Some statistics for viruses detected over a period of 12 hours that you might find interesting. Bitdefender: 2992 ClamAV: 3075 McAfee: 3065 - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Feb 11 14:08:09 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:31 2006 Subject: Bit Defender Message-ID: The more scanners the better your trap will be. That's why SA is so good, Rules + bayes + RBLs + URI-RBLS + SPF ++++ no once solution is ever perfect.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Dhawal Doshy wrote: > Pete Russell wrote: > >> Of course i am usijng clamav already. >> >> My question was is it worth the effort to have both? Does BD ever catch >> a virus not caught by clamav? >> >> Pete > > > twice in ~3000 mails.. I am ASSUMING that this was due to the fact the > clam was probably being updated at that time (thereby creating a lock > asking MS not to use it). > > Also in the same result, thrice did uvscan detect a virus when both clam > / bdc failed to detect it. > > Again in the same result, 10 times clam detected a virus when both > uvscan / bdc failed to detect it (all attributed to phishing detection). > So this contradicts my previous statement that clam detects more viruses > compared to uvscan. > > Some statistics for viruses detected over a period of 12 hours that you > might find interesting. > > Bitdefender: 2992 > ClamAV: 3075 > McAfee: 3065 > > - dhawal > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Fri Feb 11 14:41:11 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:28:31 2006 Subject: Bit Defender Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Pete Russell wrote: > Hi there, was thinking about installing bit defender seeing as the > license permits me to use it for free. > > Can anyone comment on whether this is worth using at all? > > Because i searched the arcvhives and found some posts from JF and he was > saying it wasnt really that great, but these are 2 year old posts - > anyone know if its improved since then? is it better than etrust/ca ? or > is it a waste of time? > Pete > Here are my stats for the last week: found 12437 infected messages 1025 messages detected only by McAfee 3 messages detected only by Bitdefender 187 messages detected only by MailScanner MS detection: filename rules (no EXE, BAT, ...). As you can see there were only ~ 1200 messages detected by only one scanner. Most of them ~ 11200 were detected by more than one. I use Bitdefender but I don't really like it. I don't think they provide much support for it. If it weren't for Clam's false positives about some file types heavily used here I would change Bitdefender for Clam any time! Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From Glenn.Steen at AP1.SE Fri Feb 11 17:34:59 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:31 2006 Subject: Bit Defender Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I'd guess the big difference here is that McAfee and Clamav both have phishing detection, and BD don't (and Clam catches a few more than uvscan). This is my experience at least. I've been using all three for a while, and at some point in time all have been the sole saving factor (disregarding the phishing bit). Statistivally the FN/FP rates are very low for all, and the "time to market" is generally very good for all (although mcafee often is last, when a new threat comes around). I've personally reported at least one virus that clamav didn't catch and uvscan _should_ have caught... but didn't (a bizex thing variant), and reading the clamav virusdb announce list, one can see that BD is often cited as the source (along with a host of other). What this shows is that one should never "put all eggs in one basket", but instead use at least two or three different... provided the volumes allow it, of course. About the licensing bit... What is there to be confused about? bdc is free to use, is what they say... How you use it is pretty much not their business:-):-). That they push their own MS-lookalike isn't surprising, now is it? -- Glenn -----Original Message----- From: MailScanner mailing list on behalf of Dhawal Doshy Sent: fr 2005-02-11 15:06 To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Re: Bit Defender Pete Russell wrote: > Of course i am usijng clamav already. > > My question was is it worth the effort to have both? Does BD ever catch > a virus not caught by clamav? > > Pete twice in ~3000 mails.. I am ASSUMING that this was due to the fact the clam was probably being updated at that time (thereby creating a lock asking MS not to use it). Also in the same result, thrice did uvscan detect a virus when both clam / bdc failed to detect it. Again in the same result, 10 times clam detected a virus when both uvscan / bdc failed to detect it (all attributed to phishing detection). So this contradicts my previous statement that clam detects more viruses compared to uvscan. Some statistics for viruses detected over a period of 12 hours that you might find interesting. Bitdefender: 2992 ClamAV: 3075 McAfee: 3065 - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mark at TIPPINGMAR.COM Fri Feb 11 17:51:00 2005 From: mark at TIPPINGMAR.COM (Mark Nienberg) Date: Thu Jan 12 21:28:31 2006 Subject: delivering SPAM to user folders Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Karen Mkoyan wrote: >Hello, >Is there any script(s) available that delivers mail already marked as >{SPAM} to ~user/mail/spam > > > The following ".procmailrc" script can be placed in each user's home directory so that procmail will deliver messages marked as spam into a paricular mailbox named "spam". I assume your users have IMAP access so they will be able to view the spam folder. Maybe this can be done on systemwide basis, but I haven't thought about that. MAILDIR=$HOME/mail # Make sure this directory exists! # Move Mailscanner marked spam to Spam folder :0: * ^Subject:.\{Spam\? spam -- Mark Nienberg, SE Tipping Mar + associates 1906 Shattuck Ave Berkeley, CA 94704 http://www.tippingmar.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From webalizer at NWCWEB.COM Fri Feb 11 17:56:56 2005 From: webalizer at NWCWEB.COM (Dave Duffner - NWCWEB.com) Date: Thu Jan 12 21:28:31 2006 Subject: Unable to Anaylze Message Message-ID: Greetings, We're suddenly seeing a slew of these errors and can't pin down what's failing to cause them. We're using the ClamAV pack with MailScanner, it auto-updates itself daily but I haven't noted anyone with complaints about a revision of it causing these errors. We get virus notifications from MS stating that there's a virus inside, but then within that notice it's stating it can't analyze the message. Content varies, source varies so we haven't found a pattern that might give clues either... Any ideas? David J. Duffner VP Operations NWC Corporation www.nwcxpress.com -- Message scanned by MailScanner, and is believed to be clean. CONFIDENTIALITY NOTICE: This transmission intended for the specified destination and person. If this is not you, this e-mail must be deleted immediately. www.nwcweb.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mikes at HARTWELLCORP.COM Fri Feb 11 18:51:52 2005 From: mikes at HARTWELLCORP.COM (Michael St. Laurent) Date: Thu Jan 12 21:28:31 2006 Subject: Just got this phishing email Message-ID: I've attached what appears to be a phishing email for the list to review and enjoy. ;-D -- Michael St. Laurent Hartwell Corporation ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2: "{Spam?} "Your Scotiabank Account May Be Suspended"" ] Date: Fri, 11 Feb 2005 10:48:55 -0800 From: securitybank@scotiabank.com Reply-To: notfy@scotiabank.com To: mikes@hartwellcorp.com Subject: {Spam?} "Your Scotiabank Account May Be Suspended" Dear valued Scotiabank client, Recently there have been a large number of identify theft attempts targeting Scotiabank customers. In order to safeguard your account we require that you confirm your Personal details. This process is mandatory. Please click here and submit the required information. Failure to do so may result in a temporary cessation of your account services pending submission. Thank you for your promt attention to this matter and your co-operation in helping us maintain the integrity of our customers accounts. Scotiabank respects your privacy. Click here to read the Scotiabank Group Privacy Policy Statement. Please do not reply to this e-mails, as this is an unmonitored alias. (c) 2005 Scotiabank, Inc. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Feb 11 18:54:54 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:31 2006 Subject: Bit Defender Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] And how many of those approximately 1200 were *not* phishing? As said, BD don't do phishing. One can argue that this is bad, sure, but knowing this... The 3 or so that would've gone through is more interresting (to me at least:-). Sure BD is a pile of manure in some ways (I've had at least two bum updates requiring manual intervention to correct), but on the whole it's worth a lot more than the price my somewhat tightfisted PHB is ready to pay for it (which is... nothing:-). -- Glenn -----Original Message----- From: MailScanner mailing list on behalf of Denis Beauchemin Sent: fr 2005-02-11 15:41 To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Re: Bit Defender Here are my stats for the last week: found 12437 infected messages 1025 messages detected only by McAfee 3 messages detected only by Bitdefender 187 messages detected only by MailScanner ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mcampbell at ITCONVERGENCE.COM Fri Feb 11 21:43:00 2005 From: mcampbell at ITCONVERGENCE.COM (Mark Campbell) Date: Thu Jan 12 21:28:31 2006 Subject: End users not being informed of blocked files. Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hey Guys, Iâ^À^Ùve been using MailScanner for nearly a year now, excellent program, Iâ^À^Ùm a huge fan. However of late Iâ^À^Ùve just noticed a problem in regards to users being notified of their files, which are either password protected or virus effected (but not bad file extension) being blocked. The problem is that they are not notified â^غ only I am. I get an email from myself to myself with the blocked file notice. Iâ^À^Ùm not sure why this is, the ideal action would be that the end user and the sender would be notified, so that if the file needs to be released I can do so and the sender can go about sending the file in a different manner. Here is an excerpt from the maillog of one such emails: Feb 11 12:26:10 ireland MailScanner[24008]: Message j1BKPuSV008814 from 69.25.110.70 (xxxxxxx@xxxxxxxxx.com) to itconvergence.com is not spam, SpamAssassin (score=-2.566, required 5, AWL 0.01, BAYES_00 -2.60, HTML_MESSAGE 0.00, UPPERCASE_25_50 0.03) Feb 11 12:26:11 ireland MailScanner[24008]: Password-protected archive (VSClient-SPL-7.5.txt) in j1BKPuSV008814 Feb 11 12:26:11 ireland MailScanner[24008]: Virus and Content Scanning: Starting Feb 11 12:26:13 ireland MailScanner[24008]: Saved infected "VSClient-SPL-7.5.txt" to /var/spool/MailScanner/quarantine/20050211/j1BKPuSV008814 Feb 11 12:26:13 ireland sendmail[8861]: j1BKQDv6008861: from=mcampbell@itconvergence.com, size=508, class=0, nrcpts=1, msgid=<200502112026.j1BKQDv6008861@ireland.itconvergence.com>, relay=root@localhost Feb 11 12:26:13 ireland sendmail[8863]: j1BKQDq8008863: from=, size=753, class=0, nrcpts=1, msgid=<200502112026.j1BKQDv6008861@ireland.itconvergence.com>, proto=ESMTP, daemon=MTA, relay=localhost [127.0.0.1] Feb 11 12:26:13 ireland sendmail[8863]: j1BKQDq8008863: to=, delay=00:00:00, mailer=esmtp, pri=30753, stat=queued Feb 11 12:26:13 ireland sendmail[8861]: j1BKQDv6008861: to=mcampbell@itconvergence.com, ctladdr=mcampbell@itconvergence.com (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30508, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (j1BKQDq8008863 Message accepted for delivery) Where Jamaica is my internal email server, and mcampbell is my account. If you require me to post my MailScanner.conf please let me know which section and I will. Thanks in advance for any assistance Mark Mark Campbell -- IT Convergence OS Administrator From dickenson at CFMC.COM Fri Feb 11 22:48:09 2005 From: dickenson at CFMC.COM (Jim Dickenson) Date: Thu Jan 12 21:28:31 2006 Subject: OT Sendmail configuration question Message-ID: Some time ago there was talk on this list about using a relatively new option in sendmail. As I recall there is some option that allows one to delay the response to a helo or ehlo line. The theory was that spammers could not afford to wait when sending messages and they would not wait for the delay time. Can someone remind me what the command was. I tried to search the archive but not knowing exactly what I am searching for I did not find the past messages. Thanks, -- Jim Dickenson mailto:dickenson@cfmc.com CfMC http://www.cfmc.com/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mcampbell at ITCONVERGENCE.COM Fri Feb 11 22:46:32 2005 From: mcampbell at ITCONVERGENCE.COM (Mark Campbell) Date: Thu Jan 12 21:28:31 2006 Subject: OT Sendmail configuration question Message-ID: Is this what you're looking for? During an SMTP conversation, a client introduces itself to a server using the HELO or EHLO command. The standard does not specify what should be said here, and many Windows clients in fact use a "bogus" name: for instance, the domain name of the destination server. Nevertheless, it may sometimes be useful to check the argument to HELO/EHLO, as many SPAM programs use bogus arguments in a consistent manner. In a very helpful e-mail, a sendmail maintainer explained to me how this could be done. The trick is to use delayed macro expansion with the $s macro. As the sendmail manual explains, $s is a transient macro: at startup, when sendmail reads its configuration file, it contains the name of the host on which sendmail runs, but during an SMTP conversation, it expands into the hostname supplied by the remote client as the argument to HELO/EHLO. By writing $&s, it is possible to delay the expansion of this macro, so it is expanded only when it is needed; e.g., during Local_check_rcpt. Consequently, my sendmail.mc file contains a local rule set similar to the following (note that Local_check_rcpt, if exists, is automatically called by sendmail at the appropriate stage of processing the envelope): SLocal_check_rcpt R$* $: $&s Rbogus.domain $#error $: 550 Spam Forbidden\ ($&s) R$* $@ OK REF: http://www.vttoth.com/heloehlo.htm Mark Mark Campbell -- IT Convergence OS Administrator -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jim Dickenson Sent: Friday, February 11, 2005 4:48 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: OT Sendmail configuration question Some time ago there was talk on this list about using a relatively new option in sendmail. As I recall there is some option that allows one to delay the response to a helo or ehlo line. The theory was that spammers could not afford to wait when sending messages and they would not wait for the delay time. Can someone remind me what the command was. I tried to search the archive but not knowing exactly what I am searching for I did not find the past messages. Thanks, -- Jim Dickenson mailto:dickenson@cfmc.com CfMC http://www.cfmc.com/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Fri Feb 11 22:54:38 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:28:31 2006 Subject: OT Sendmail configuration question Message-ID: I don't think that's what he means. It's an option in newer sendmail versions (8.13 I think) that lets you insert a delay between the HELO from the client and the OK from the server. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mark Campbell Sent: Friday, February 11, 2005 5:47 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: OT Sendmail configuration question Is this what you're looking for? During an SMTP conversation, a client introduces itself to a server using the HELO or EHLO command. The standard does not specify what should be said here, and many Windows clients in fact use a "bogus" name: for instance, the domain name of the destination server. Nevertheless, it may sometimes be useful to check the argument to HELO/EHLO, as many SPAM programs use bogus arguments in a consistent manner. In a very helpful e-mail, a sendmail maintainer explained to me how this could be done. The trick is to use delayed macro expansion with the $s macro. As the sendmail manual explains, $s is a transient macro: at startup, when sendmail reads its configuration file, it contains the name of the host on which sendmail runs, but during an SMTP conversation, it expands into the hostname supplied by the remote client as the argument to HELO/EHLO. By writing $&s, it is possible to delay the expansion of this macro, so it is expanded only when it is needed; e.g., during Local_check_rcpt. Consequently, my sendmail.mc file contains a local rule set similar to the following (note that Local_check_rcpt, if exists, is automatically called by sendmail at the appropriate stage of processing the envelope): SLocal_check_rcpt R$* $: $&s Rbogus.domain $#error $: 550 Spam Forbidden\ ($&s) R$* $@ OK REF: http://www.vttoth.com/heloehlo.htm Mark Mark Campbell -- IT Convergence OS Administrator -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jim Dickenson Sent: Friday, February 11, 2005 4:48 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: OT Sendmail configuration question Some time ago there was talk on this list about using a relatively new option in sendmail. As I recall there is some option that allows one to delay the response to a helo or ehlo line. The theory was that spammers could not afford to wait when sending messages and they would not wait for the delay time. Can someone remind me what the command was. I tried to search the archive but not knowing exactly what I am searching for I did not find the past messages. Thanks, -- Jim Dickenson mailto:dickenson@cfmc.com CfMC http://www.cfmc.com/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Fri Feb 11 23:32:33 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:28:31 2006 Subject: OT Sendmail configuration question Message-ID: Jim Dickenson wrote: > Some time ago there was talk on this list about using a relatively > new option in sendmail. As I recall there is some option that allows > one to delay the response to a helo or ehlo line. The theory was that > spammers could not afford to wait when sending messages and they > would not wait for the delay time. > > Can someone remind me what the command was. > > I tried to search the archive but not knowing exactly what I am > searching for I did not find the past messages. > > Thanks, I think you may be talking about the greet_pause feature of sendmail 8.13.x Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jrudd at UCSC.EDU Fri Feb 11 23:32:55 2005 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:28:31 2006 Subject: OT Sendmail configuration question Message-ID: I think he's actually talking about the server delaying the pre-HELO/EHLO greeting (the server's 220 greeting). It's new to sendmail 8.13.x, and it's called "greet_pause". What you want to do, is anywhere after your "access_db" declaration in the mc file, put: FEATURE(`greet_pause', `30000')dnl The 30000 is in milliseconds, so that's a 30 second delay. Note that there are some side effects if you go higher than 28 seconds (verizon does "call backs" when accepting email from you, and if they don't get a valid response in 28 seconds, they give up and reject your message). Also, you can put entries in your access_db that look like this: # 220 GreetPause (miliseconds) # GreetPause:127.0.0 0 GreetPause:128.114.125 0 GreetPause:128.114 3000 GreetPause:169.233 15000 GreetPause: 30000 These set aside other delays based upon the connecting host. 0 means "disable the delay". On Feb 11, 2005, at 14:54, Alex Neuman van der Hans wrote: > I don't think that's what he means. It's an option in newer sendmail > versions (8.13 I think) that lets you insert a delay between the HELO > from > the client and the OK from the server. > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf > Of Mark Campbell > Sent: Friday, February 11, 2005 5:47 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: OT Sendmail configuration question > > Is this what you're looking for? > > During an SMTP conversation, a client introduces itself to a server > using > the HELO or EHLO command. The standard does not specify what should be > said > here, and many Windows clients in fact use a "bogus" > name: for instance, the domain name of the destination server. > Nevertheless, it may sometimes be useful to check the argument to > HELO/EHLO, > as many SPAM programs use bogus arguments in a consistent manner. > > In a very helpful e-mail, a sendmail maintainer explained to me how > this > could be done. The trick is to use delayed macro expansion with the $s > macro. As the sendmail manual explains, $s is a transient macro: at > startup, > when sendmail reads its configuration file, it contains the name of > the host > on which sendmail runs, but during an SMTP conversation, it expands > into the > hostname supplied by the remote client as the argument to HELO/EHLO. By > writing $&s, it is possible to delay the expansion of this macro, so > it is > expanded only when it is needed; e.g., during Local_check_rcpt. > > Consequently, my sendmail.mc file contains a local rule set similar to > the > following (note that Local_check_rcpt, if exists, is automatically > called by > sendmail at the appropriate stage of processing the envelope): > > SLocal_check_rcpt > R$* $: $&s > Rbogus.domain $#error $: 550 Spam Forbidden\ ($&s) > R$* $@ OK > > > REF: http://www.vttoth.com/heloehlo.htm > > Mark > > Mark Campbell > -- > IT Convergence OS Administrator > > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf > Of Jim Dickenson > Sent: Friday, February 11, 2005 4:48 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: OT Sendmail configuration question > > Some time ago there was talk on this list about using a relatively new > option in sendmail. As I recall there is some option that allows one to > delay the response to a helo or ehlo line. The theory was that spammers > could not afford to wait when sending messages and they would not wait > for > the delay time. > > Can someone remind me what the command was. > > I tried to search the archive but not knowing exactly what I am > searching > for I did not find the past messages. > > Thanks, > -- > Jim Dickenson > mailto:dickenson@cfmc.com > > CfMC > http://www.cfmc.com/ > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dickenson at CFMC.COM Sat Feb 12 00:16:15 2005 From: dickenson at CFMC.COM (Jim Dickenson) Date: Thu Jan 12 21:28:31 2006 Subject: OT Sendmail configuration question Message-ID: Thanks very much. This looks like what I was looking for. If you do not know what to search for it is real hard to find it. Thanks for the info -- Jim Dickenson mailto:dickenson@cfmc.com CfMC http://www.cfmc.com/ > From: John Rudd > Reply-To: MailScanner mailing list > Date: Fri, 11 Feb 2005 15:32:55 -0800 > To: > Subject: Re: OT Sendmail configuration question > > I think he's actually talking about the server delaying the > pre-HELO/EHLO greeting (the server's 220 greeting). It's new to > sendmail 8.13.x, and it's called "greet_pause". > > What you want to do, is anywhere after your "access_db" declaration in > the mc file, put: > > FEATURE(`greet_pause', `30000')dnl > > The 30000 is in milliseconds, so that's a 30 second delay. Note that > there are some side effects if you go higher than 28 seconds (verizon > does "call backs" when accepting email from you, and if they don't get > a valid response in 28 seconds, they give up and reject your message). > > Also, you can put entries in your access_db that look like this: > > # 220 GreetPause (miliseconds) > # > GreetPause:127.0.0 0 > GreetPause:128.114.125 0 > GreetPause:128.114 3000 > GreetPause:169.233 15000 > GreetPause: 30000 > > These set aside other delays based upon the connecting host. 0 means > "disable the delay". > > > On Feb 11, 2005, at 14:54, Alex Neuman van der Hans wrote: > >> I don't think that's what he means. It's an option in newer sendmail >> versions (8.13 I think) that lets you insert a delay between the HELO >> from >> the client and the OK from the server. >> >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> Behalf >> Of Mark Campbell >> Sent: Friday, February 11, 2005 5:47 PM >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: OT Sendmail configuration question >> >> Is this what you're looking for? >> >> During an SMTP conversation, a client introduces itself to a server >> using >> the HELO or EHLO command. The standard does not specify what should be >> said >> here, and many Windows clients in fact use a "bogus" >> name: for instance, the domain name of the destination server. >> Nevertheless, it may sometimes be useful to check the argument to >> HELO/EHLO, >> as many SPAM programs use bogus arguments in a consistent manner. >> >> In a very helpful e-mail, a sendmail maintainer explained to me how >> this >> could be done. The trick is to use delayed macro expansion with the $s >> macro. As the sendmail manual explains, $s is a transient macro: at >> startup, >> when sendmail reads its configuration file, it contains the name of >> the host >> on which sendmail runs, but during an SMTP conversation, it expands >> into the >> hostname supplied by the remote client as the argument to HELO/EHLO. By >> writing $&s, it is possible to delay the expansion of this macro, so >> it is >> expanded only when it is needed; e.g., during Local_check_rcpt. >> >> Consequently, my sendmail.mc file contains a local rule set similar to >> the >> following (note that Local_check_rcpt, if exists, is automatically >> called by >> sendmail at the appropriate stage of processing the envelope): >> >> SLocal_check_rcpt >> R$* $: $&s >> Rbogus.domain $#error $: 550 Spam Forbidden\ ($&s) >> R$* $@ OK >> >> >> REF: http://www.vttoth.com/heloehlo.htm >> >> Mark >> >> Mark Campbell >> -- >> IT Convergence OS Administrator >> >> >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> Behalf >> Of Jim Dickenson >> Sent: Friday, February 11, 2005 4:48 PM >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: OT Sendmail configuration question >> >> Some time ago there was talk on this list about using a relatively new >> option in sendmail. As I recall there is some option that allows one to >> delay the response to a helo or ehlo line. The theory was that spammers >> could not afford to wait when sending messages and they would not wait >> for >> the delay time. >> >> Can someone remind me what the command was. >> >> I tried to search the archive but not knowing exactly what I am >> searching >> for I did not find the past messages. >> >> Thanks, >> -- >> Jim Dickenson >> mailto:dickenson@cfmc.com >> >> CfMC >> http://www.cfmc.com/ >> ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Sat Feb 12 01:49:10 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:28:31 2006 Subject: OT Sendmail configuration question Message-ID: There is *no* way to do this on sendmail 8.12, is there? Maybe through a milter? Just asking, not intended as flamebait (you know, people screaming RTFM and the like)... -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of John Rudd Sent: Friday, February 11, 2005 6:33 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: OT Sendmail configuration question I think he's actually talking about the server delaying the pre-HELO/EHLO greeting (the server's 220 greeting). It's new to sendmail 8.13.x, and it's called "greet_pause". What you want to do, is anywhere after your "access_db" declaration in the mc file, put: FEATURE(`greet_pause', `30000')dnl The 30000 is in milliseconds, so that's a 30 second delay. Note that there are some side effects if you go higher than 28 seconds (verizon does "call backs" when accepting email from you, and if they don't get a valid response in 28 seconds, they give up and reject your message). Also, you can put entries in your access_db that look like this: # 220 GreetPause (miliseconds) # GreetPause:127.0.0 0 GreetPause:128.114.125 0 GreetPause:128.114 3000 GreetPause:169.233 15000 GreetPause: 30000 These set aside other delays based upon the connecting host. 0 means "disable the delay". On Feb 11, 2005, at 14:54, Alex Neuman van der Hans wrote: > I don't think that's what he means. It's an option in newer sendmail > versions (8.13 I think) that lets you insert a delay between the HELO > from the client and the OK from the server. > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Mark Campbell > Sent: Friday, February 11, 2005 5:47 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: OT Sendmail configuration question > > Is this what you're looking for? > > During an SMTP conversation, a client introduces itself to a server > using the HELO or EHLO command. The standard does not specify what > should be said here, and many Windows clients in fact use a "bogus" > name: for instance, the domain name of the destination server. > Nevertheless, it may sometimes be useful to check the argument to > HELO/EHLO, as many SPAM programs use bogus arguments in a consistent > manner. > > In a very helpful e-mail, a sendmail maintainer explained to me how > this could be done. The trick is to use delayed macro expansion with > the $s macro. As the sendmail manual explains, $s is a transient > macro: at startup, when sendmail reads its configuration file, it > contains the name of the host on which sendmail runs, but during an > SMTP conversation, it expands into the hostname supplied by the remote > client as the argument to HELO/EHLO. By writing $&s, it is possible to > delay the expansion of this macro, so it is expanded only when it is > needed; e.g., during Local_check_rcpt. > > Consequently, my sendmail.mc file contains a local rule set similar to > the following (note that Local_check_rcpt, if exists, is automatically > called by sendmail at the appropriate stage of processing the > envelope): > > SLocal_check_rcpt > R$* $: $&s > Rbogus.domain $#error $: 550 Spam Forbidden\ ($&s) > R$* $@ OK > > > REF: http://www.vttoth.com/heloehlo.htm > > Mark > > Mark Campbell > -- > IT Convergence OS Administrator > > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Jim Dickenson > Sent: Friday, February 11, 2005 4:48 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: OT Sendmail configuration question > > Some time ago there was talk on this list about using a relatively new > option in sendmail. As I recall there is some option that allows one > to delay the response to a helo or ehlo line. The theory was that > spammers could not afford to wait when sending messages and they would > not wait for the delay time. > > Can someone remind me what the command was. > > I tried to search the archive but not knowing exactly what I am > searching for I did not find the past messages. > > Thanks, > -- > Jim Dickenson > mailto:dickenson@cfmc.com > > CfMC > http://www.cfmc.com/ > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Sat Feb 12 03:16:54 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:28:31 2006 Subject: Bit Defender Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] How did you get those stats out of mailscanner? Dhawal Doshy wrote: > Pete Russell wrote: > >> Of course i am usijng clamav already. >> >> My question was is it worth the effort to have both? Does BD ever catch >> a virus not caught by clamav? >> >> Pete > > > twice in ~3000 mails.. I am ASSUMING that this was due to the fact the > clam was probably being updated at that time (thereby creating a lock > asking MS not to use it). > > Also in the same result, thrice did uvscan detect a virus when both clam > / bdc failed to detect it. > > Again in the same result, 10 times clam detected a virus when both > uvscan / bdc failed to detect it (all attributed to phishing detection). > So this contradicts my previous statement that clam detects more viruses > compared to uvscan. > > Some statistics for viruses detected over a period of 12 hours that you > might find interesting. > > Bitdefender: 2992 > ClamAV: 3075 > McAfee: 3065 > > - dhawal > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jrudd at UCSC.EDU Sat Feb 12 05:01:41 2005 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:28:31 2006 Subject: OT Sendmail configuration question Message-ID: No, milters don't happen until later in the conversation (as far as I know), so I don't think milters can do it. It required new code, so I'm pretty sure you really need to use 8.13 and not 8.12. But, 8.13.1 is pretty rock solid. I can't think of a reason NOT to upgrade to it from 8.12. On Feb 11, 2005, at 5:49 PM, Alex Neuman van der Hans wrote: > There is *no* way to do this on sendmail 8.12, is there? Maybe through > a > milter? Just asking, not intended as flamebait (you know, people > screaming > RTFM and the like)... > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf > Of John Rudd > Sent: Friday, February 11, 2005 6:33 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: OT Sendmail configuration question > > I think he's actually talking about the server delaying the > pre-HELO/EHLO > greeting (the server's 220 greeting). It's new to sendmail 8.13.x, > and it's > called "greet_pause". > > What you want to do, is anywhere after your "access_db" declaration in > the > mc file, put: > > FEATURE(`greet_pause', `30000')dnl > > The 30000 is in milliseconds, so that's a 30 second delay. Note that > there > are some side effects if you go higher than 28 seconds (verizon does > "call > backs" when accepting email from you, and if they don't get a valid > response > in 28 seconds, they give up and reject your message). > > Also, you can put entries in your access_db that look like this: > > # 220 GreetPause (miliseconds) > # > GreetPause:127.0.0 0 > GreetPause:128.114.125 0 > GreetPause:128.114 3000 > GreetPause:169.233 15000 > GreetPause: 30000 > > These set aside other delays based upon the connecting host. 0 means > "disable the delay". > > > On Feb 11, 2005, at 14:54, Alex Neuman van der Hans wrote: > >> I don't think that's what he means. It's an option in newer sendmail >> versions (8.13 I think) that lets you insert a delay between the HELO >> from the client and the OK from the server. >> >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> Behalf Of Mark Campbell >> Sent: Friday, February 11, 2005 5:47 PM >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: OT Sendmail configuration question >> >> Is this what you're looking for? >> >> During an SMTP conversation, a client introduces itself to a server >> using the HELO or EHLO command. The standard does not specify what >> should be said here, and many Windows clients in fact use a "bogus" >> name: for instance, the domain name of the destination server. >> Nevertheless, it may sometimes be useful to check the argument to >> HELO/EHLO, as many SPAM programs use bogus arguments in a consistent >> manner. >> >> In a very helpful e-mail, a sendmail maintainer explained to me how >> this could be done. The trick is to use delayed macro expansion with >> the $s macro. As the sendmail manual explains, $s is a transient >> macro: at startup, when sendmail reads its configuration file, it >> contains the name of the host on which sendmail runs, but during an >> SMTP conversation, it expands into the hostname supplied by the remote >> client as the argument to HELO/EHLO. By writing $&s, it is possible to >> delay the expansion of this macro, so it is expanded only when it is >> needed; e.g., during Local_check_rcpt. >> >> Consequently, my sendmail.mc file contains a local rule set similar to >> the following (note that Local_check_rcpt, if exists, is automatically >> called by sendmail at the appropriate stage of processing the >> envelope): >> >> SLocal_check_rcpt >> R$* $: $&s >> Rbogus.domain $#error $: 550 Spam Forbidden\ ($&s) >> R$* $@ OK >> >> >> REF: http://www.vttoth.com/heloehlo.htm >> >> Mark >> >> Mark Campbell >> -- >> IT Convergence OS Administrator >> >> >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> Behalf Of Jim Dickenson >> Sent: Friday, February 11, 2005 4:48 PM >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: OT Sendmail configuration question >> >> Some time ago there was talk on this list about using a relatively new >> option in sendmail. As I recall there is some option that allows one >> to delay the response to a helo or ehlo line. The theory was that >> spammers could not afford to wait when sending messages and they would >> not wait for the delay time. >> >> Can someone remind me what the command was. >> >> I tried to search the archive but not knowing exactly what I am >> searching for I did not find the past messages. >> >> Thanks, >> -- >> Jim Dickenson >> mailto:dickenson@cfmc.com >> >> CfMC >> http://www.cfmc.com/ >> >> ------------------------ MailScanner list ------------------------ To >> unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the >> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> ------------------------ MailScanner list ------------------------ To >> unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the >> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> ------------------------ MailScanner list ------------------------ To >> unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the >> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Sat Feb 12 10:58:38 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:28:31 2006 Subject: Bit Defender Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Pete Russell wrote: > How did you get those stats out of mailscanner? egrep, awk on the maillog and finally pscp + import into excel did the trick. egrep -i 'ClamAV found|McAfee found|Bitdefender found' \ /patch/to/maillog | awk -F " " '{print $5$8":"$10}' > \ somefile.txt Not exactly scientific or flawless but does the trick. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Sat Feb 12 12:47:42 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:28:31 2006 Subject: OT Sendmail configuration question Message-ID: As others have said, the greet_pause feature of sendmail 8.13. I've been using it since 8.13.0, it works well. I use a standard 7 sec delay, with my own site exempted via access.db entries. I also use smtptrapd (http://smtptrapd.inodes.org) on a secondary MX to attract spammers to that. Both help keep the spammers at bay. Jeff Earickson Colby College On Fri, 11 Feb 2005, Jim Dickenson wrote: > Date: Fri, 11 Feb 2005 14:48:09 -0800 > From: Jim Dickenson > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: OT Sendmail configuration question > > Some time ago there was talk on this list about using a relatively new > option in sendmail. As I recall there is some option that allows one to > delay the response to a helo or ehlo line. The theory was that spammers > could not afford to wait when sending messages and they would not wait for > the delay time. > > Can someone remind me what the command was. > > I tried to search the archive but not knowing exactly what I am searching > for I did not find the past messages. > > Thanks, > -- > Jim Dickenson > mailto:dickenson@cfmc.com > > CfMC > http://www.cfmc.com/ > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From waldner at WALDNER.PRIV.AT Sat Feb 12 17:06:42 2005 From: waldner at WALDNER.PRIV.AT (Robert Waldner) Date: Thu Jan 12 21:28:31 2006 Subject: MailScanner 4.37.7, postfix 2.1.5: hash_queue_names Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi! MS complains Feb 12 18:02:42 newka MailScanner[16463]: Messages found but no hashed queue directories. Please enable hashed queues for incoming and deferred with a depth of 1 or 2. See the Postfix documentation for hash_queue_names and hash_queue_depth although I've set hash_queue_depth = 1 hash_queue_names = deferred defer incoming in postfix' main.cf. Any hints? cheers+TIA, &rw -- -- "[Perl] isn't a programming language, it's a thousand special -- case rules flying in close formation." - Peter da Silva ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PGP-SIGNATURE 196bytes. ] [ Unable to print this part. ] From dhawal at NETMAGICSOLUTIONS.COM Sat Feb 12 19:38:55 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:28:31 2006 Subject: MailScanner 4.37.7, postfix 2.1.5: hash_queue_names Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Try "hash_queue_names = deferred,defer,incoming,hold", the hold is used for the single instance postfix with MS. Though I use this.. hash_queue_names = incoming,active,deferred,bounce,defer,flush,hold - dhawal Robert Waldner writes: > Feb 12 18:02:42 newka MailScanner[16463]: Messages found but no hashed > queue directories. Please enable hashed queues for incoming and > deferred with a depth of 1 or 2. See the Postfix documentation for > hash_queue_names and hash_queue_depth > > although I've set > > hash_queue_depth = 1 > hash_queue_names = deferred defer incoming > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From luca.palazzo at NCE-ICT.IT Sat Feb 12 20:25:33 2005 From: luca.palazzo at NCE-ICT.IT (Luca Palazzo) Date: Thu Jan 12 21:28:31 2006 Subject: Clamav module problem.. solved (i think) Message-ID: [ The following text is in the "ISO-8859-15" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I had some problem with MS non finding Bagz.E using clamavmodule. I've solved the problem with this patch in SweepVirus.pm --- SweepViruses.pm 2005-01-25 22:17:02.000000000 +0100 +++ /opt/MailScanner/lib/MailScanner/SweepViruses.pm 2005-02-12 00:06:38.000000000 +0100 @@ -1002,10 +1002,12 @@ if (MailScanner::Config::Value('allowpasszips')) { # || $haverar) { $results = $Clam->scan("$dirname/$childname/$filename", Mail::ClamAV::CL_SCAN_ARCHIVE() | + Mail::ClamAV::CL_SCAN_PE() | Mail::ClamAV::CL_SCAN_OLE2()); } else { $results = $Clam->scan("$dirname/$childname/$filename", Mail::ClamAV::CL_SCAN_ARCHIVE() | + Mail::ClamAV::CL_SCAN_PE() | Mail::ClamAV::CL_SCAN_BLOCKENCRYPTED() | Mail::ClamAV::CL_SCAN_OLE2()); What about it? Thanks Luca -- Luca Palazzo System Engineer N.C.E. Network Consulting Engineering s.r.l. Via Etnea, 52 - 95028 Valverde (CT) - ITALY Tel/Fax: +39 095 524190 Mobile: +39 340 4608689 web: www.nce-ict.it mail: luca.palazzo@nce-ict.it ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Sat Feb 12 20:46:13 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:28:31 2006 Subject: notice: up2date and perl Message-ID: In a typical MailScanner installation 2p2date, on a Red Hat or yum on a CentOS, Whitebox and Tao system will update: perl-5.8.0-89.10.i386.rpm perl-CGI-2.81-89.10.i386.rpm perl-CPAN-1.61-89.10.i386.rpm perl-DBI-1.32-9.i386.rpm perl-DB_File-1.804-89.10.i386.rpm The new perl upgrade appears to install an older version of MIME::Base64 but since Julian installs and references his own version (3.05) of MIME::Base64 in /usr/lib/MailScanner/utilities, this doesn't seem to stop MailScanner from working correctly. After the update I used CPAN to install the latest version of MIME::Base64 with no problems since some mail related applications, i.e. the latest openwebmail, will break if they find the older version. Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Sat Feb 12 22:04:14 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:31 2006 Subject: MailScanner 4.37.7, postfix 2.1.5: hash_queue_names Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Robert Waldner wrote: >Hi! > >MS complains > >Feb 12 18:02:42 newka MailScanner[16463]: Messages found but no hashed > queue directories. Please enable hashed queues for incoming and > deferred with a depth of 1 or 2. See the Postfix documentation for > hash_queue_names and hash_queue_depth > >although I've set > >hash_queue_depth = 1 >hash_queue_names = deferred defer incoming > >in postfix' main.cf. > > > Check your /var/spool/postfix directory, I would think you have a razor log (I think it's called .razor.log) file living in there, which is what causes this complaint. You need to specify in spam.assassin.prefs the log location. It's been discussed before so the SpamAssassin command is in the archive (Sorry don't know it off the top of my head ;-) ) Regards Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From waldner at WALDNER.PRIV.AT Sun Feb 13 00:04:21 2005 From: waldner at WALDNER.PRIV.AT (Robert Waldner) Date: Thu Jan 12 21:28:32 2006 Subject: MailScanner 4.37.7, postfix 2.1.5: hash_queue_names Message-ID: On Sat, 12 Feb 2005 22:04:14 GMT, Drew Marshall writes: >>Feb 12 18:02:42 newka MailScanner[16463]: Messages found but no hashed >> queue directories. Please enable hashed queues for incoming and >> deferred with a depth of 1 or 2. See the Postfix documentation for >> hash_queue_names and hash_queue_depth >> >>although I've set >> >>hash_queue_depth = 1 >>hash_queue_names = deferred defer incoming >> >>in postfix' main.cf. >Check your /var/spool/postfix directory, I would think you have a razor >log (I think it's called .razor.log) file living in there, which is what >causes this complaint. You need to specify in spam.assassin.prefs the >log location. It's been discussed before so the SpamAssassin command is >in the archive (Sorry don't know it off the top of my head ;-) ) That was it, thanks! (For the record, here, on Debian, it sufficed to tell it via /etc/razor/razor-agent.conf.) cheers, &rw -- -- Going to war for peace is like fucking for virginity. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PGP-SIGNATURE 196bytes. ] [ Unable to print this part. ] From alex at nkpanama.com Sun Feb 13 04:20:42 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:28:32 2006 Subject: OT Sendmail configuration question Message-ID: Know of any good apt4rpm (for fedora 1 and 2 using fedora.us's apt rpm package) repository I could get my hands on sendmail 8.13 from? -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jeff A. Earickson Sent: Saturday, February 12, 2005 7:48 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: OT Sendmail configuration question As others have said, the greet_pause feature of sendmail 8.13. I've been using it since 8.13.0, it works well. I use a standard 7 sec delay, with my own site exempted via access.db entries. I also use smtptrapd (http://smtptrapd.inodes.org) on a secondary MX to attract spammers to that. Both help keep the spammers at bay. Jeff Earickson Colby College On Fri, 11 Feb 2005, Jim Dickenson wrote: > Date: Fri, 11 Feb 2005 14:48:09 -0800 > From: Jim Dickenson > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: OT Sendmail configuration question > > Some time ago there was talk on this list about using a relatively new > option in sendmail. As I recall there is some option that allows one > to delay the response to a helo or ehlo line. The theory was that > spammers could not afford to wait when sending messages and they would > not wait for the delay time. > > Can someone remind me what the command was. > > I tried to search the archive but not knowing exactly what I am > searching for I did not find the past messages. > > Thanks, > -- > Jim Dickenson > mailto:dickenson@cfmc.com > > CfMC > http://www.cfmc.com/ > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ppporch at THEPORCH.COM Sun Feb 13 17:08:34 2005 From: ppporch at THEPORCH.COM (Phillip Porch) Date: Thu Jan 12 21:28:32 2006 Subject: Postfix snapshot mailscanner problem Message-ID: I have been using a snapshot of postfix dated 12/15/04 with MailScanner without problems. I decided to update to the current snapshot of postfix and found that all the messages in the queue now were not getting delivered. Postfix shows the emails in the queue but never delivers them. I searched this list and found references to a similar problem in the past. Just wanted to alert everyone that there seems to be a compatibility problem with the postfix 2.2 snapshots after 12/15/04. -- Phillip Porch ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at ELKNET.NET Sun Feb 13 18:28:02 2005 From: mailscanner at ELKNET.NET (Alan) Date: Thu Jan 12 21:28:32 2006 Subject: OT: Upgrading SA 3.0 to 3.0.2 Make Test failure Message-ID: If anyone could shed light here, it would be appreciated. I've exhausted my google and list searches. I have been running MS 4.38.10 with SA 3.0.0 without any problems. This past week I tried to upgrade SA from 3.0.0 to 3.0.2, and I keep getting two errors during make test. I have tried both the source tar install and the CPAN install, the same two errors happen. Here is the relevant section of the make test: t/spf....................... Not found: helo_pass = SPF_HELO_PASS # Failed test 1 in t/SATest.pm at line 530 Not found: pass = SPF_PASS # Failed test 2 in t/SATest.pm at line 530 fail #2 t/spf.......................FAILED tests 1-2 Failed 2/2 tests, 0.00% okay Sure would appreciate any pointers in how to fix this. Thanks! -Alan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHTSOLUTIONS.COM Sun Feb 13 18:47:20 2005 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Internet Solutions Ltd) Date: Thu Jan 12 21:28:32 2006 Subject: OT: Upgrading SA 3.0 to 3.0.2 Make Test failure Message-ID: > If anyone could shed light here, it would be appreciated. > I've exhausted my google and list searches. I have been > running MS 4.38.10 with SA 3.0.0 without any problems. This > past week I tried to upgrade SA from 3.0.0 to 3.0.2, and I > keep getting two errors during make test. I have tried both > the source tar install and the CPAN install, the same two > errors happen. Here is the relevant section of the make test: > t/spf....................... Not found: helo_pass = SPF_HELO_PASS > # Failed test 1 in t/SATest.pm at line 530 > Not found: pass = SPF_PASS > # Failed test 2 in t/SATest.pm at line 530 fail #2 > t/spf.......................FAILED tests 1-2 > Failed 2/2 tests, 0.00% okay > > Sure would appreciate any pointers in how to fix this. Thanks! -Alan Have you installed all the dependencies? AFAIR the SPF check is via a separate module In either case I do remember seeing a few posts over on the SA users list - you might try their archives M ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Feb 13 18:48:02 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:32 2006 Subject: Intermittent Blank Emails Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have seen this problem myself, but it has proven to be extremely hard to track down the cause. I have found a possible reason, and I have a fix in testing at the moment. It's going to take at least a couple of weeks to be able to tell if this fix has worked. It will be mentioned in the changelog of the next version if I have fixed the problem successfully. Greg Deputy wrote: >For the last few months I've been seeing intermittent messages that are >blank. Various senders, but the messages are usually HTML, and when I >ask the sender to resend, the message comes across. I'm now starting to >have other users report the same issue. > >When I check the logs I don't see anything out of the ordinary about the >blank message. > >I saw a post on this in the archives back in Nov of 03, but no replies. > > >Has anyone else seen this, or have any ideas what is going on? > >I just upgraded to MailScanner 4.38.10 today, have been running 4.35.9 >previously. Other details: Fedora Core 2, Postfix 2.1.5, ClamAV0.81. >Scanning about 15-20k messages a day. > >Thanks. > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Feb 13 18:51:53 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:32 2006 Subject: Intermittent Blank Emails Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] As a possible solution to this, look in /usr/lib/MailScanner/MailScanner/Message.pm. Around line 4190, there is a chunk of code which needs 1 line adding to it, as highlighted in the snippet below: $DisarmLinkURL = ''; $DisarmLinkURL = $attr->{'href'} if exists $attr->{'href'}; $DisarmInsideLink = 1; --->>> $DisarmInsideLink = 0 if $text =~ /\/\>$/; # JKF Catch /> empty A tags #print STDERR "DisarmInsideLink = $DisarmInsideLink\n"; } elsif ($tagname eq 'img' && $DisarmWebBug) { #print "It's an image\n"; if (exists $attr->{'width'} && $attr->{'width'}<=2 && exists $attr->{'height'} && $attr->{'height'}<=2) { If you try this fix, please let me know (off-list) if it helps at all or not. Pentland G. wrote: >In a newer developement it appears I have some more evidence. > >I turned off the "phishing" stuff and we haven't had another report. > >I'm still not fully convinced, I'm going to turn it back on and see if >the reports start again... > >If they do then a newer version of MailScanner to be installed. If that >doesn't solve it, it'll be back to Julian with my testing report for him >to comment. > >If the reports don't restart when phishing goes back on then I don't >where I'll be. > >Gary > >Fractal IT Dept. wrote: > > >>We've experienced a few blank "zen mails" as well. In one case I saw >>Outlook 2003 pop up it's little summary in the bottom-right that DID >>have part of the message body, but then the message was blank; this >>was Outlook 2000 sending to Outlook 2003. In other cases, we've had >>people complain that HTML messages from Outlook Express arrived at >>another Outlook Express but weer blank. >> >>I have no idea what the cause might be. >> >>------------------------ MailScanner list ------------------------ To >>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>mailscanner' in the body of the email. Before posting, read the MAQ >>(http://www.mailscanner.biz/maq/) and the archives >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Feb 13 18:56:13 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:32 2006 Subject: Missed anything important? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I am (more or less) back from my holiday now. I had a great time, and a good break from work and from MailScanner. I have been cruising the list, and the only important thing I have found so far is the "Re: Blank Email Messages" thread, which I have replied to. Have I missed anything that's very important in my absence? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mark at TIPPINGMAR.COM Sun Feb 13 19:40:08 2005 From: mark at TIPPINGMAR.COM (Mark Nienberg) Date: Thu Jan 12 21:28:32 2006 Subject: OT: Upgrading SA 3.0 to 3.0.2 Make Test failure Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Alan wrote: >If anyone could shed light here, it would be appreciated. I've exhausted my >google and list searches. I have been running MS 4.38.10 with SA 3.0.0 >without any problems. This past week I tried to upgrade SA from 3.0.0 to >3.0.2, and I keep getting two errors during make test. I have tried both the >source tar install and the CPAN install, the same two errors happen. Here is >the relevant section of the make test: >t/spf....................... Not found: helo_pass = SPF_HELO_PASS ># Failed test 1 in t/SATest.pm at line 530 > Not found: pass = SPF_PASS ># Failed test 2 in t/SATest.pm at line 530 fail #2 >t/spf.......................FAILED tests 1-2 > Failed 2/2 tests, 0.00% okay > >Sure would appreciate any pointers in how to fix this. Thanks! >-Alan > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > I had the same problem, installed it anyway, and everything works fine. Including the SPF checks. I think there is something wrong with the test. Mark Nienberg ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ppporch at THEPORCH.COM Sun Feb 13 21:12:53 2005 From: ppporch at THEPORCH.COM (Phillip Porch) Date: Thu Jan 12 21:28:32 2006 Subject: MailScanner 4.38.10 leaving email in queue with snapshot of postfix (hash_queue_names) Message-ID: I found the problem with MailScanner 4.38.10 and the current snapshot of postfix (02122005). The problem was the older version I was using was hashing several directories where the new snapshot only hashed deferred and defer. By adding the following line to the postfix main.cf file, things started working again. hash_queue_names = incoming, active, deferred, bounce, defer, flush, hold, trace MailScanner was putting out the following message until it was fixed. Messages found but no hashed queue directories. Please enable hashed queues for incoming and deferred with a depth of 1 or 2. See the Postfix documentation for hash_queue_names and hash_queue_depth -- Phillip Porch ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From spamtrap71892316634 at ANIME.NET Sun Feb 13 22:26:11 2005 From: spamtrap71892316634 at ANIME.NET (Dan Hollis) Date: Thu Jan 12 21:28:32 2006 Subject: Missed anything important? Message-ID: On Sun, 13 Feb 2005, Julian Field wrote: > Have I missed anything that's very important in my absence? Yeah, you won a bunch of lotteries, and several deposed african dictators have some investment opportunities for you. -Dan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at ELKNET.NET Mon Feb 14 00:57:17 2005 From: mailscanner at ELKNET.NET (Alan) Date: Thu Jan 12 21:28:32 2006 Subject: OT: Upgrading SA 3.0 to 3.0.2 Make Test failure Message-ID: On Sun, 13 Feb 2005 18:47:20 -0000, Michele Neylon :: Blacknight Internet Solutions Ltd wrote: >AFAIR the SPF check is via a separate module I believe so, SPF has been working fine under SA 3.0.0 Besides, under the CPAN install I was of the understanding that any needed prerequisites would be prompted to install. >In either case I do remember seeing a few posts over on the SA users list - >you might try their archives That's where I started my search. I'll go back and try again. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at ELKNET.NET Mon Feb 14 00:59:03 2005 From: mailscanner at ELKNET.NET (Alan) Date: Thu Jan 12 21:28:32 2006 Subject: OT: Upgrading SA 3.0 to 3.0.2 Make Test failure Message-ID: Mark, Thanks, I'll go ahead and install it. Appreciate you sharing your experience. -Alan On Sun, 13 Feb 2005 11:40:08 -0800, Mark Nienberg wrote: >I had the same problem, installed it anyway, and everything works fine. >Including the SPF checks. I think there is something wrong with the test. > >Mark Nienberg ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at ELKNET.NET Mon Feb 14 01:18:55 2005 From: mailscanner at ELKNET.NET (Alan) Date: Thu Jan 12 21:28:32 2006 Subject: OT: Upgrading SA 3.0 to 3.0.2 Make Test failure Message-ID: Okay, I went back and searched the SA archives again. Using a diffeent archive, I found a reference to the problem I described and a test bug in SA 3.0.2 It turns out that the SPF test was testing against Google's SPF records, and Google has changed their records; end result is that the test results come back differently than expected, so the error shows up. SA 3.0.3 will no longer test against Google, but rather against an internal domain that the SA folks can control its response to the test. You can read further at http://bugzilla.spamassassin.org/show_bug.cgi?id=4044 Thanks all! -Alan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rpotter at RPCS.NET Mon Feb 14 02:54:48 2005 From: rpotter at RPCS.NET (Richard Potter) Date: Thu Jan 12 21:28:32 2006 Subject: W32/Bagle.BC@mm Message-ID: Here in Eastern Canada, Our server is getting pounded by this today. Anyone else noticing it? F-Prot, ClamAV, Bitdefender and MailScanner all find it. Cheers! -- Richard Potter RHCE Re/Max Kingston, ON CANADA ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From evertjan at VANRAMSELAAR.NL Mon Feb 14 06:04:14 2005 From: evertjan at VANRAMSELAAR.NL (Evert Jan van Ramselaar) Date: Thu Jan 12 21:28:32 2006 Subject: [Fwd: [Clamav-announce] announcing ClamAV 0.83] Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] ---------------------------- Original Message ---------------------------- Subject: [Clamav-announce] announcing ClamAV 0.83 From: "Luca Gibelli" Date: Mon, February 14, 2005 1:30 To: clamav-announce@lists.clamav.net -------------------------------------------------------------------------- Dear ClamAV users, due to a high number of bad files produced by broken software, the MS05-002 exploit detector now only checks specific RIFF files. This version also fixes a stability problem of clamav-milter/clamd and improves e-mail scanning. -- The ClamAV team (http://www.clamav.net/team.html) -- Luca Gibelli (luca at clamav.net) - http://www.ClamAV.net - A GPL virus scanner PGP Key Fingerprint: C782 121E 8C3A 90E3 7A87 D802 6277 8FF4 5EFC 5582 PGP Key Available on: Key Servers || http://www.clamav.net/gpg/nervoso.gpg _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-announce ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john at TRADOC.FR Mon Feb 14 07:31:40 2005 From: john at TRADOC.FR (John Wilcock) Date: Thu Jan 12 21:28:32 2006 Subject: Missed anything important? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > I am (more or less) back from my holiday now. I had a great time, and a > good break from work and from MailScanner. > > I have been cruising the list, and the only important thing I have found > so far is the "Re: Blank Email Messages" thread, which I have replied to. > > Have I missed anything that's very important in my absence? Nothing really important, but one micro-buglet that someone pointed out and that ought to be corrected in the next version: in the reload section of /etc/init.d/MailScanner the call to reload the incoming postfix isn't conditional on the instance actually existing, so doing service MailScanner reload on a single-instance postfix setup results in a warning that is totally harmless but potentially confusing to newbies. John. -- -- Over 2500 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Mon Feb 14 09:53:19 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:32 2006 Subject: Missed anything important? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] There is a thread saying "allowing pdf files" about the problem in some pdf files beying corrupted, and an txt file beying converted from DOS to UNIX format. I don't know if the problem is the same, but could be... ----- Original Message ----- From: "Julian Field" To: Sent: Sunday, February 13, 2005 3:56 PM Subject: Missed anything important? > I am (more or less) back from my holiday now. I had a great time, and a > good break from work and from MailScanner. > > I have been cruising the list, and the only important thing I have found > so far is the "Re: Blank Email Messages" thread, which I have replied to. > > Have I missed anything that's very important in my absence? > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.fiorenzi at INFOGROUP.IT Mon Feb 14 09:37:01 2005 From: a.fiorenzi at INFOGROUP.IT (Alessandro Fiorenzi) Date: Thu Jan 12 21:28:32 2006 Subject: how to reject mail with old dated mail or future date mail Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I would understand if it is passible to block or reject mail that come with old date or future date. Sure if I recive a mail with a date of 1 december 2000 I should think it could be spam, the same if I recive email with date of 2007 Anyone has found a solution? Thanks Alessandro Fiorenzi ------------------------------------------------------------------------- INFOGROUP S.P.A http://www.infogroup.it ------------------------------------------------------------------------- Dott. Fiorenzi Alessandro Consulente Tecnico Trib. Firenze - Siurezza Informatica - Collegio Periti e Esperti CCIAA Firenze Soci CLUSIT, ALSI System Security Administrator Tel : +390554365742 CE : +393356414477 @Email : a.fiorenzi@infogroup.it ------------------------------------------------------------------------- "Faber est suae quisque fortunae" ------------------------------------------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Mon Feb 14 09:53:17 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:28:32 2006 Subject: how to reject mail with old dated mail or future date mail Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Alessandro Fiorenzi wrote: > Hi, I would understand if it is passible to block or reject mail that > come with old date or future date. > > Sure if I recive a mail with a date of 1 december 2000 I should think it > could be spam, the same if I > recive email with date of 2007 > > Anyone has found a solution? > > Thanks > > Alessandro Fiorenzi If you use the default SA 3x rules, '20_head_tests.cf' to be precise then this rule will help you detect time / date greater than 3 hours in future / past. Try a lint test to see if this rule is included in spam.assassin.prefs.conf spamassassin -D -p /path/to/spam.assassin.prefs.conf --list - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Feb 14 10:03:10 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:32 2006 Subject: W32/Bagle.BC@mm Message-ID: Richard nop -usual netskey-P's and phishing rubbish mainly here in the UK. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Richard Potter wrote: > Here in Eastern Canada, Our server is getting pounded by this today. Anyone > else noticing it? > > F-Prot, ClamAV, Bitdefender and MailScanner all find it. > > > Cheers! > -- > Richard Potter RHCE > Re/Max > Kingston, ON CANADA > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jan-Peter.Koopmann at SECEIDOS.DE Mon Feb 14 10:50:41 2005 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:28:32 2006 Subject: OT: bogus-virus-warnings Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, did I miss something? My RulesDuJour script is not able to fetch the current bogus-virus-warnings.cf since www.timj.co.uk cannot be resolved anymore... Any hints? Kind regards, JP ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Feb 14 11:14:31 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:32 2006 Subject: OT: bogus-virus-warnings Message-ID: JP yes I got those as well. seems to work now.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Jan-Peter Koopmann wrote: > Hi, > > did I miss something? My RulesDuJour script is not able to fetch the current bogus-virus-warnings.cf since www.timj.co.uk cannot be resolved anymore... Any hints? > > Kind regards, > JP > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Christo at IT4AFRICA.CO.ZA Mon Feb 14 11:26:37 2005 From: Christo at IT4AFRICA.CO.ZA (Christo Bezuidenhout) Date: Thu Jan 12 21:28:32 2006 Subject: A1 fun Message-ID: Do anybody know how we can block these emails with the subject starting with A1 fun   We get a lot of them at the moment.   Any help appreciated.       K ind Regards, Christo Bezuidenhout E-Commerce Manager IT for Africa * Email mailto:christo@it4africa.co.za Christo@it4africa.co.za " Web http://www.ag-industries.com/ http://www.ag-industries.com ( Switchboard +27 12 665 9900 6 Fax +27 12 665 9911 H Address Lunar Place 1 Eddington Crescent Highveld Techno Park Centurion       ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From prandal at HEREFORDSHIRE.GOV.UK Mon Feb 14 11:54:29 2005 From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil) Date: Thu Jan 12 21:28:32 2006 Subject: Clamav module problem.. solved (i think) Message-ID: That looks right to me. In libclamav/clamav.h we have: define CL_SCAN_STDOPT (CL_SCAN_ARCHIVE | CL_SCAN_MAIL | CL_SCAN_OLE2 | CL_SCAN_HTML | CL_SCAN_PE) Should we also enable CL_SCAN_HTML? Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Luca Palazzo > Sent: 12 February 2005 20:26 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Clamav module problem.. solved (i think) > > Hi, > I had some problem with MS non finding Bagz.E using clamavmodule. > > I've solved the problem with this patch in SweepVirus.pm > > --- SweepViruses.pm 2005-01-25 22:17:02.000000000 +0100 > +++ /opt/MailScanner/lib/MailScanner/SweepViruses.pm 2005-02-12 > 00:06:38.000000000 +0100 > @@ -1002,10 +1002,12 @@ > if (MailScanner::Config::Value('allowpasszips')) { # > || $haverar) { > $results = $Clam->scan("$dirname/$childname/$filename", > Mail::ClamAV::CL_SCAN_ARCHIVE() | > + Mail::ClamAV::CL_SCAN_PE() | > Mail::ClamAV::CL_SCAN_OLE2()); > } else { > $results = $Clam->scan("$dirname/$childname/$filename", > Mail::ClamAV::CL_SCAN_ARCHIVE() | > + Mail::ClamAV::CL_SCAN_PE() | > > Mail::ClamAV::CL_SCAN_BLOCKENCRYPTED() | > Mail::ClamAV::CL_SCAN_OLE2()); > > What about it? > > Thanks > > Luca > > -- > > Luca Palazzo > System Engineer > > N.C.E. Network Consulting Engineering s.r.l. > Via Etnea, 52 - 95028 Valverde (CT) - ITALY > Tel/Fax: +39 095 524190 > Mobile: +39 340 4608689 > web: www.nce-ict.it > mail: luca.palazzo@nce-ict.it > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From luca.palazzo at NCE-ICT.IT Mon Feb 14 12:14:05 2005 From: luca.palazzo at NCE-ICT.IT (Luca Palazzo) Date: Thu Jan 12 21:28:32 2006 Subject: Clamav module problem.. solved (i think) Message-ID: [ The following text is in the "ISO-8859-15" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I think that it is not need. Infact, MS parses HTML (never checked for it but it does) Luca PS: I think that this should be included in next release of MS Randal, Phil ha scritto: >That looks right to me. > >In libclamav/clamav.h we have: > >define CL_SCAN_STDOPT (CL_SCAN_ARCHIVE | CL_SCAN_MAIL | >CL_SCAN_OLE2 | CL_SCAN_HTML | CL_SCAN_PE) > >Should we also enable CL_SCAN_HTML? > >Cheers, > >Phil > >---- >Phil Randal >Network Engineer >Herefordshire Council >Hereford, UK > > > >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Luca Palazzo >>Sent: 12 February 2005 20:26 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Clamav module problem.. solved (i think) >> >>Hi, >>I had some problem with MS non finding Bagz.E using clamavmodule. >> >>I've solved the problem with this patch in SweepVirus.pm >> >>--- SweepViruses.pm 2005-01-25 22:17:02.000000000 +0100 >>+++ /opt/MailScanner/lib/MailScanner/SweepViruses.pm 2005-02-12 >>00:06:38.000000000 +0100 >>@@ -1002,10 +1002,12 @@ >> if (MailScanner::Config::Value('allowpasszips')) { # >>|| $haverar) { >> $results = $Clam->scan("$dirname/$childname/$filename", >> Mail::ClamAV::CL_SCAN_ARCHIVE() | >>+ Mail::ClamAV::CL_SCAN_PE() | >> Mail::ClamAV::CL_SCAN_OLE2()); >> } else { >> $results = $Clam->scan("$dirname/$childname/$filename", >> Mail::ClamAV::CL_SCAN_ARCHIVE() | >>+ Mail::ClamAV::CL_SCAN_PE() | >> >>Mail::ClamAV::CL_SCAN_BLOCKENCRYPTED() | >> Mail::ClamAV::CL_SCAN_OLE2()); >> >>What about it? >> >>Thanks >> >>Luca >> >>-- >> >>Luca Palazzo >>System Engineer >> >>N.C.E. Network Consulting Engineering s.r.l. >>Via Etnea, 52 - 95028 Valverde (CT) - ITALY >>Tel/Fax: +39 095 524190 >>Mobile: +39 340 4608689 >>web: www.nce-ict.it >>mail: luca.palazzo@nce-ict.it >> >>------------------------ MailScanner list >>------------------------ To unsubscribe, email >>jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ >>(http://www.mailscanner.biz/maq/) and the archives >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > > -- Luca Palazzo System Engineer N.C.E. Network Consulting Engineering s.r.l. Via Etnea, 52 - 95028 Valverde (CT) - ITALY Tel/Fax: +39 095 524190 Mobile: +39 340 4608689 web: www.nce-ict.it mail: luca.palazzo@nce-ict.it ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Mon Feb 14 12:19:03 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:32 2006 Subject: Clamav module problem.. solved (i think) Message-ID: Hi! > In libclamav/clamav.h we have: > > define CL_SCAN_STDOPT (CL_SCAN_ARCHIVE | CL_SCAN_MAIL | > CL_SCAN_OLE2 | CL_SCAN_HTML | CL_SCAN_PE) > > Should we also enable CL_SCAN_HTML? There are some more changes for the clam module, mailed Julian last night. Sounds like a plan. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From prandal at HEREFORDSHIRE.GOV.UK Mon Feb 14 12:20:34 2005 From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil) Date: Thu Jan 12 21:28:32 2006 Subject: Clamav module problem.. solved (i think) Message-ID: But wouldn't ClamAV need this to detect the Phishing stuff it has patterns for? Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Luca Palazzo > Sent: 14 February 2005 12:14 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Clamav module problem.. solved (i think) > > I think that it is not need. Infact, MS parses HTML (never > checked for it but it does) > > Luca > PS: I think that this should be included in next release of MS > > Randal, Phil ha scritto: > > >That looks right to me. > > > >In libclamav/clamav.h we have: > > > >define CL_SCAN_STDOPT (CL_SCAN_ARCHIVE | CL_SCAN_MAIL | > >CL_SCAN_OLE2 | CL_SCAN_HTML | CL_SCAN_PE) > > > >Should we also enable CL_SCAN_HTML? > > > >Cheers, > > > >Phil > > > >---- > >Phil Randal > >Network Engineer > >Herefordshire Council > >Hereford, UK > > > > > > > >>-----Original Message----- > >>From: MailScanner mailing list > >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Luca Palazzo > >>Sent: 12 February 2005 20:26 > >>To: MAILSCANNER@JISCMAIL.AC.UK > >>Subject: Clamav module problem.. solved (i think) > >> > >>Hi, > >>I had some problem with MS non finding Bagz.E using clamavmodule. > >> > >>I've solved the problem with this patch in SweepVirus.pm > >> > >>--- SweepViruses.pm 2005-01-25 22:17:02.000000000 +0100 > >>+++ /opt/MailScanner/lib/MailScanner/SweepViruses.pm 2005-02-12 > >>00:06:38.000000000 +0100 > >>@@ -1002,10 +1002,12 @@ > >> if (MailScanner::Config::Value('allowpasszips')) { # > >>|| $haverar) { > >> $results = $Clam->scan("$dirname/$childname/$filename", > >> Mail::ClamAV::CL_SCAN_ARCHIVE() | > >>+ Mail::ClamAV::CL_SCAN_PE() | > >> Mail::ClamAV::CL_SCAN_OLE2()); > >> } else { > >> $results = $Clam->scan("$dirname/$childname/$filename", > >> Mail::ClamAV::CL_SCAN_ARCHIVE() | > >>+ Mail::ClamAV::CL_SCAN_PE() | > >> > >>Mail::ClamAV::CL_SCAN_BLOCKENCRYPTED() | > >> Mail::ClamAV::CL_SCAN_OLE2()); > >> > >>What about it? > >> > >>Thanks > >> > >>Luca > >> > >>-- > >> > >>Luca Palazzo > >>System Engineer > >> > >>N.C.E. Network Consulting Engineering s.r.l. > >>Via Etnea, 52 - 95028 Valverde (CT) - ITALY > >>Tel/Fax: +39 095 524190 > >>Mobile: +39 340 4608689 > >>web: www.nce-ict.it > >>mail: luca.palazzo@nce-ict.it > >> > >>------------------------ MailScanner list > >>------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk > >>with the words: > >>'leave mailscanner' in the body of the email. > >>Before posting, read the MAQ > >>(http://www.mailscanner.biz/maq/) and the archives > >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >>Support MailScanner development - buy the book off the website! > >> > >> > >> > > > >------------------------ MailScanner list > ------------------------ To > >unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the > >archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > > > > > > > > > -- > > Luca Palazzo > System Engineer > > N.C.E. Network Consulting Engineering s.r.l. > Via Etnea, 52 - 95028 Valverde (CT) - ITALY > Tel/Fax: +39 095 524190 > Mobile: +39 340 4608689 > web: www.nce-ict.it > mail: luca.palazzo@nce-ict.it > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jkf at ecs.soton.ac.uk Mon Feb 14 12:25:52 2005 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:32 2006 Subject: Clamav module problem.. solved (i think) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You did? Please can you re-send. Raymond Dijkxhoorn wrote: > Hi! > >> In libclamav/clamav.h we have: >> >> define CL_SCAN_STDOPT (CL_SCAN_ARCHIVE | CL_SCAN_MAIL | >> CL_SCAN_OLE2 | CL_SCAN_HTML | CL_SCAN_PE) >> >> Should we also enable CL_SCAN_HTML? > > > There are some more changes for the clam module, mailed Julian last > night. Sounds like a plan. > > Bye, > Raymond. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Mon Feb 14 12:27:16 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:28:32 2006 Subject: bogus-virus-warnings Message-ID: Sounds like a DNS failure on your end. It works fine here nslookup www.timj.co.uk Server: 127.0.0.1 Address: 127.0.0.1#53 Non-authoritative answer: www.timj.co.uk canonical name = web.firecluster.net. Name: web.firecluster.net Address: 80.168.3.10 Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jan-Peter Koopmann Sent: Monday, February 14, 2005 4:51 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: OT: bogus-virus-warnings Hi, did I miss something? My RulesDuJour script is not able to fetch the current bogus-virus-warnings.cf since www.timj.co.uk cannot be resolved anymore... Any hints? Kind regards, JP ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Mon Feb 14 12:29:42 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:32 2006 Subject: Clamav module problem.. solved (i think) Message-ID: Hi! > You did? Please can you re-send. >> There are some more changes for the clam module, mailed Julian last >> night. Sounds like a plan. Resended. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john at TRADOC.FR Mon Feb 14 12:44:36 2005 From: john at TRADOC.FR (John Wilcock) Date: Thu Jan 12 21:28:32 2006 Subject: Clamav module problem.. solved (i think) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Randal, Phil wrote: > But wouldn't ClamAV need this to detect the Phishing stuff it has > patterns for? Ah... maybe that explains why I've never seen ClamAVmodule hit any phishing stuff... John. -- -- Over 2500 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brad at BECKENHAUER.COM Mon Feb 14 14:34:15 2005 From: brad at BECKENHAUER.COM (Brad Beckenhauer) Date: Thu Jan 12 21:28:32 2006 Subject: Missed anything important? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Welcome back Julian, Glad to hear you had a nice trip. Found one small issue in tarball 4.35.11 concerning the check_MailScanner.cron > I noticed that check_MailScanner.cron is trying to call > /opt/MailScanner/bin/check_MailScanner which has been renamed to > check_mailscanner (no caps). Solution (pay attention to the case of the file name): edit the /opt/MailScanner/bin/cron/check_MailScanner.cron file and change the filename case in line 19 from: /opt/MailScanner/bin/check_MailScanner to: /opt/MailScanner/bin/check_mailscanner thanks! Brad ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jan-Peter.Koopmann at SECEIDOS.DE Mon Feb 14 14:36:15 2005 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:28:32 2006 Subject: bogus-virus-warnings Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Sounds like a DNS failure on your end. It works fine here Was a DNS problem on their side I suppose. Everything works again now... :-) Thanks guys, JP ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Mon Feb 14 14:39:49 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:32 2006 Subject: bogus-virus-warnings Message-ID: >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mike Kercher >Sent: 14 February 2005 12:27 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: bogus-virus-warnings > >Sounds like a DNS failure on your end. It works fine here > >nslookup www.timj.co.uk >Server: 127.0.0.1 >Address: 127.0.0.1#53 > >Non-authoritative answer: >www.timj.co.uk canonical name = web.firecluster.net. >Name: web.firecluster.net >Address: 80.168.3.10 > [snip] We see the same problem with this site as Jan-Peter and Martin have reported. It happens about once per week with us. If it is a DNS problem then it is more likely to do with _their_ name server(s) rather than ours. Quentin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From adrik at SALESMANAGER.NL Mon Feb 14 15:20:37 2005 From: adrik at SALESMANAGER.NL (Adri Koppes) Date: Thu Jan 12 21:28:32 2006 Subject: Missing lines/scores from SA long report Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Since my last upgrade of MS to vertsion 4.37.7, I noticed sometimes there is information missing from the long spam report. It seems some lines are truncated and merged with the remainder of another line. Has anyone else noticed this? Adri. Here's a snip from an affected email message: X-MailScanner-SpamCheck: spam, SpamAssassin (score=9.604, required 5, BAYES_50 0.00, FORGED_YAHOO_RCVD 2.70, HTML_30_40 0.02, HTML_MESSAGE 0.00, RCVD_IN_BL_NIGERIA_NET 5.00, RCVD_IN_BL_SPAMCOP_NET 1.22, SUBJ_ALL_CAPS 0.67, UPPERCASE_75_100 0.00) X--MailScanner-SpamScore: 9 X-MailScanner-From: xxxxxxxx@yahoo.com X-MailScanner-To: xxxx@salesmanager.nl This is a multi-part message in MIME format... --======18019==27509====== Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Our MailScanner believes that the attachment to this message sent to = you =20 To: xxxx@salesmanager.nl From: xxxxxxxx@yahoo.com Subject: MAIL ORDER................. is Unsolicited Commercial Email (spam). Unless you are sure that this = message is incorrectly thought to be spam, please delete this message without = opening it. Opening spam messages might allow the spammer to verify your email address. If you believe that this message has been incorrectly marked as spam, = please forward this email to postmaster. pts rule name description ---- ---------------------- = -------------------------------------------------- 0.7 SUBJ_ALL_CAPS Subject is all capitals 2.7 FORGED_YAHOO_RCVD 'From' yahoo.com does not match 'Received' = headers 0.0 HTML_30_40 BODY: Message is 30 HTML 0.0 HTML_MESSAGE BODY: HTML included in message 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60 = uppercase --======18019==27509====== ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkehler at WRHA.MB.CA Mon Feb 14 15:20:42 2005 From: mkehler at WRHA.MB.CA (Matt Kehler) Date: Thu Jan 12 21:28:32 2006 Subject: no spam checks from *one* server? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Right now our MS/SA scans everything, both in and out, for viruses, spam, file extensions, etc. I'd like to change this so there are no spam checks on anything coming from *one* specific mail server. I still want to keep everything else (virus checks, signing rules, etc). Where is the best/easiest place to do this? MS 4.33.3 SA 3.0.0 thanks Matt This email and/or any documents in this transmission is intended for the addressee(s) only and may contain legally privileged or confidential information. Any unauthorized use, disclosure, distribution, copying or dissemination is strictly prohibited. If you receive this transmission in error, please notify the sender immediately and return the original. Ce courriel et tout document dans cette transmission est destiné à la personne ou aux personnes à qui il est adressé. Il peut contenir des informations privilégiées ou confidentielles. Toute utilisation, divulgation, distribution, copie, ou diffusion non autorisée est strictement défendue. Si vous n'êtes pas le destinataire de ce message, veuillez en informer l'expéditeur immédiatement et lui remettre l'original. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Feb 14 15:35:09 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:32 2006 Subject: no spam checks from *one* server? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Please read up about rulesets. You just want to apply a ruleset to the "Spam Checks" setting. Rulesets are documented in The Book The MAQ The FAQ The /etc/MailScanner/rules/* files and numerous discussions on this mailing list :-) Matt Kehler wrote: > Right now our MS/SA scans everything, both in and out, for viruses, > spam, file extensions, etc. I'd like to change this so there are no > spam checks on anything coming from *one* specific mail server. I > still want to keep everything else (virus checks, signing rules, > etc). Where is the best/easiest place to do this? > > MS 4.33.3 > SA 3.0.0 > > thanks > Matt > This email and/or any documents in this transmission is intended for > the addressee(s) only and may contain legally privileged or > confidential information. Any unauthorized use, disclosure, > distribution, copying or dissemination is strictly prohibited. If you > receive this transmission in error, please notify the sender > immediately and return the original. Ce courriel et tout document dans > cette transmission est destiné à la personne ou aux personnes à qui il > est adressé. Il peut contenir des informations privilégiées ou > confidentielles. Toute utilisation, divulgation, distribution, copie, > ou diffusion non autorisée est strictement défendue. Si vous n'êtes > pas le destinataire de ce message, veuillez en informer l'expéditeur > immédiatement et lui remettre l'original. ------------------------ > MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkehler at WRHA.MB.CA Mon Feb 14 15:37:21 2005 From: mkehler at WRHA.MB.CA (Matt Kehler) Date: Thu Jan 12 21:28:32 2006 Subject: no spam checks from *one* server? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks Julian. I've read up on it all already, and am using rulesets for a few things, but it seems as though everyone does it slightly different, which is why I was asking. I'll just go with it and hope I don't break anything :) thanks Matt >>> MailScanner@ECS.SOTON.AC.UK 2/14/2005 9:35:09 AM >>> Please read up about rulesets. You just want to apply a ruleset to the "Spam Checks" setting. Rulesets are documented in The Book The MAQ The FAQ The /etc/MailScanner/rules/* files and numerous discussions on this mailing list :-) Matt Kehler wrote: > Right now our MS/SA scans everything, both in and out, for viruses, > spam, file extensions, etc. I'd like to change this so there are no > spam checks on anything coming from *one* specific mail server. I > still want to keep everything else (virus checks, signing rules, > etc). Where is the best/easiest place to do this? > > MS 4.33.3 > SA 3.0.0 > > thanks > Matt > This email and/or any documents in this transmission is intended for > the addressee(s) only and may contain legally privileged or > confidential information. Any unauthorized use, disclosure, > distribution, copying or dissemination is strictly prohibited. If you > receive this transmission in error, please notify the sender > immediately and return the original. Ce courriel et tout document dans > cette transmission est destiné à la personne ou aux personnes à qui il > est adressé. Il peut contenir des informations privilégiées ou > confidentielles. Toute utilisation, divulgation, distribution, copie, > ou diffusion non autorisée est strictement défendue. Si vous n'êtes > pas le destinataire de ce message, veuillez en informer l'expéditeur > immédiatement et lui remettre l'original. ------------------------ > MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email and/or any documents in this transmission is intended for the addressee(s) only and may contain legally privileged or confidential information. Any unauthorized use, disclosure, distribution, copying or dissemination is strictly prohibited. If you receive this transmission in error, please notify the sender immediately and return the original. Ce courriel et tout document dans cette transmission est destiné à la personne ou aux personnes à qui il est adressé. Il peut contenir des informations privilégiées ou confidentielles. Toute utilisation, divulgation, distribution, copie, ou diffusion non autorisée est strictement défendue. Si vous n'êtes pas le destinataire de ce message, veuillez en informer l'expéditeur immédiatement et lui remettre l'original. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From G.Pentland at SOTON.AC.UK Mon Feb 14 15:37:53 2005 From: G.Pentland at SOTON.AC.UK (Pentland G.) Date: Thu Jan 12 21:28:32 2006 Subject: no spam checks from *one* server? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Make a ruleset Spam Check = filename filename contains From: IPaddyof server no FromOrTo: default yes double check the readme's for exact syntax -----Original Message----- From: Matt Kehler [mailto:mkehler@WRHA.MB.CA] Sent: 14 February 2005 15:21 To: MAILSCANNER@JISCMAIL.AC.UK Subject: no spam checks from *one* server? Right now our MS/SA scans everything, both in and out, for viruses, spam, file extensions, etc. I'd like to change this so there are no spam checks on anything coming from *one* specific mail server. I still want to keep everything else (virus checks, signing rules, etc). Where is the best/easiest place to do this? MS 4.33.3 SA 3.0.0 thanks Matt This email and/or any documents in this transmission is intended for the addressee(s) only and may contain legally privileged or confidential information. Any unauthorized use, disclosure, distribution, copying or dissemination is strictly prohibited. If you receive this transmission in error, please notify the sender immediately and return the original. Ce courriel et tout document dans cette transmission est destiné à la personne ou aux personnes à qui il est adressé. Il peut contenir des informations privilégiées ou confidentielles. Toute utilisation, divulgation, distribution, copie, ou diffusion non autorisée est strictement défendue. Si vous n'êtes pas le destinataire de ce message, veuillez en informer l'expéditeur immédiatement et lui remettre l'original. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ^@ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From PHachey at CITY.CORNWALL.ON.CA Mon Feb 14 16:26:23 2005 From: PHachey at CITY.CORNWALL.ON.CA (Philip Hachey) Date: Thu Jan 12 21:28:32 2006 Subject: No header changes on spam messages? Message-ID: Hi. Has anyone else run into this problem? In all normal cases, MailScanner adds "X_MailScanner" headers to our incoming email and modifies the subject line if it is spam, a virus, etc.. However, in some strange cases, even though the message is detected as spam, no header changes happen. In all cases that I've seen so far, this only happens with those "forged" (or resulting from a forge) DSN delivery failure messages. A snip from the log for such a message follows. MailScanner did not modify the headers of this message: Feb 13 20:36:46 mx1 sendmail[15354]: j1E1ajkW015354: from=<>, size=7254, class=0, nrcpts=1, msgid=<200502140137.j1E1brWC011675@iwebination.cust.iaf.nl>, proto=ESMTP, daemon=MTA, relay=iwebination.cust.iaf.nl [80.89.232.72] Feb 13 20:36:46 mx1 sendmail[15354]: j1E1ajkW015354: to=<[#USER#]@[#LOCAL-DOMAIN#]>, delay=00:00:00, mailer=relay, pri=37254, stat=queued Feb 13 20:36:50 mx1 MailScanner[13359]: New Batch: Scanning 1 messages, 7752 bytes Feb 13 20:36:50 mx1 MailScanner[13359]: Spam Checks: Starting Feb 13 20:37:00 mx1 MailScanner[13359]: Message j1E1ajkW015354 from 80.89.232.72 () to [#LOCAL-DOMAIN#] is spam, SpamAssassin (score=7.321, required 3, BAYES_40 -1.10, HTML_BACKHAIR_8 0.73, HTML_FONT_BIG 0.14, HTML_MESSAGE 0.00, HTML_OBFUSCATE_10_20 0.86, HTML_TAG_EXIST_TBODY 0.11, HTML_TEXT_AFTER_BODY 0.06, J_CHICKENPOX_13 0.60, MIME_HTML_MOSTLY 1.02, SARE_HTML_INV_TAG 2.22, SARE_STRIPE 1.67, URIBL_SBL 1.00) Feb 13 20:37:00 mx1 MailScanner[13359]: Spam Checks: Found 1 spam messages Feb 13 20:37:00 mx1 MailScanner[13359]: Spam Actions: message j1E1ajkW015354 actions are deliver Feb 13 20:37:03 mx1 MailScanner[13359]: Virus and Content Scanning: Starting Feb 13 20:37:04 mx1 MailScanner[13359]: Found phishing fraud from ragouted.astronomersledby.com claiming to be www.railways.havebeenableestimate.com in j1E1ajkW015354 Feb 13 20:37:04 mx1 MailScanner[13359]: Content Checks: Detected and have disarmed HTML message in j1E1ajkW015354 from Feb 13 20:37:05 mx1 MailScanner[13359]: Uninfected: Delivered 1 messages Feb 13 20:37:05 mx1 sendmail[15372]: j1E1ajkW015354: to=<[#USER#]@[#LOCAL-DOMAIN#]>, delay=00:00:19, xdelay=00:00:00, mailer=relay, pri=127254, relay=[#HOST#].[#LOCAL-DOMAIN#] [#LOCAL-IP#], dsn=2.0.0, stat=Sent (Message accepted for delivery) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Mon Feb 14 16:28:27 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:28:32 2006 Subject: A1 fun Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Christo Bezuidenhout wrote: >Do anybody know how we can block these emails with the subject starting with A1 fun > >We get a lot of them at the moment. > > > Christo, If you use SA, it is very easy. Look at the MAQ (the link is at the bottom of every message). It points to http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/86.html Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From ssilva at SGVWATER.COM Mon Feb 14 19:37:42 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:32 2006 Subject: Bit Defender Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dhawal Doshy wrote: > Pete Russell wrote: > >> Hi there, was thinking about installing bit defender seeing as the >> license permits me to use it for free. >> >> Can anyone comment on whether this is worth using at all? >> >> Because i searched the arcvhives and found some posts from JF and he was >> saying it wasnt really that great, but these are 2 year old posts - >> anyone know if its improved since then? is it better than etrust/ca ? or >> is it a waste of time? >> Pete >> > > A reply I received today from the bitdefender team.. > --------------------------------------------------- > The bdc scanner is free to use. If you want to protect your emails > against spam and viruses, you have to buy BitDefender for mailserver. > But you can try it before buying the product by downloading it from: > ftp://ftp.bitdefender.com/pub/linux/mailserver/ > > For buying, please visit: > http://www.bitdefender.com/bd/site/buy.php?section1=1 > --------------------------------------------------- > > My Question was: > --------------------------------------------------- > > This URL for BitDefender Linux Edition says that its a freeware > > product, is this also the case for commercial usage? > > http://www.bitdefender.com/bd/site/products.php?p_id=16 > > > > I am planning to use it with a third party scanner like amavis / > > qmail-scanner, please let me know if this is fine OR if I need to > > procure a license and if so then what is the cost for the same. > --------------------------------------------------- > > Confused I am!! should I continue using it OR buy a license. > > Technically I am happily willing to dump uvscan and replace it > bitdefender as long as clam is also present. Clam incidently is our > primary choice due to the efficient use of resources compared to uvscan > & bitdefender. The hits (read viruses caught) for clam being higher than > both uvscan and bitdefender (partly due to clam's phishing detection). > > I suggest you clarify with support@bitdefender.com for licensing before > you start using it. In any case I would recommend using clam. > > - dhawal > According to this link http://www.bitdefender.com/bd/site/products.php?p_id=16 "BitDefender Linux Edition is a freeware product, which doesn't require a license to be used." -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Feb 14 19:44:02 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:32 2006 Subject: Bit Defender Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Denis Beauchemin wrote: > Pete Russell wrote: > >> Hi there, was thinking about installing bit defender seeing as the >> license permits me to use it for free. >> >> Can anyone comment on whether this is worth using at all? >> >> Because i searched the arcvhives and found some posts from JF and he was >> saying it wasnt really that great, but these are 2 year old posts - >> anyone know if its improved since then? is it better than etrust/ca ? or >> is it a waste of time? >> Pete >> > Here are my stats for the last week: > found 12437 infected messages > 1025 messages detected only by McAfee > 3 messages detected only by Bitdefender > 187 messages detected only by MailScanner > > MS detection: filename rules (no EXE, BAT, ...). As you can see there > were only ~ 1200 messages detected by only one scanner. Most of them ~ > 11200 were detected by more than one. > > I use Bitdefender but I don't really like it. I don't think they > provide much support for it. If it weren't for Clam's false positives > about some file types heavily used here I would change Bitdefender for > Clam any time! > > Denis > Why replace Bitdefender with ClamAV? Just use them both. You can never be too rich, too good looking, or have too many virus scanners. I have to agree with you that BitDefender isn't the first to be updated, but it is a good backup defense "just in case". I had my McAfee hosed about a year ago because of an update problem. Been using BitDefender and ClamAV along side since then. I always see mail that was only detected by one and not the others. And ClamAV was the first to spot many of the Phishing frauds now out. Now if someone could just invent the internet version of Ductape! -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Mon Feb 14 21:06:31 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:32 2006 Subject: no spam checks from *one* server? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Which MTA are you using? I use POstfix and we have an outbound mailscanner machine and an inbound one. OUr outbound one send plenty of mail to our inbound one at the moment while we develop a better plan for mail routing. I have simply added an entry to header_checks to stop messages from our outbound server from being sent to the hold queue for mailscanner to scan. Pete Matt Kehler wrote: > Thanks Julian. I've read up on it all already, and am using rulesets for > a few things, but it seems as though everyone does it slightly > different, which is why I was asking. I'll just go with it and hope I > don't break anything :) > > thanks > Matt > > >>> MailScanner@ECS.SOTON.AC.UK 2/14/2005 9:35:09 AM >>> > Please read up about rulesets. You just want to apply a ruleset to the > "Spam Checks" setting. Rulesets are documented in > The Book > The MAQ > The FAQ > The /etc/MailScanner/rules/* files > and numerous discussions on this mailing list > :-) > > Matt Kehler wrote: > > > Right now our MS/SA scans everything, both in and out, for viruses, > > spam, file extensions, etc. I'd like to change this so there are no > > spam checks on anything coming from *one* specific mail server. I > > still want to keep everything else (virus checks, signing rules, > > etc). Where is the best/easiest place to do this? > > > > MS 4.33.3 > > SA 3.0.0 > > > > thanks > > Matt > > This email and/or any documents in this transmission is intended for > > the addressee(s) only and may contain legally privileged or > > confidential information. Any unauthorized use, disclosure, > > distribution, copying or dissemination is strictly prohibited. If you > > receive this transmission in error, please notify the sender > > immediately and return the original. Ce courriel et tout document dans > > cette transmission est destiné à la personne ou aux personnes à qui il > > est adressé. Il peut contenir des informations privilégiées ou > > confidentielles. Toute utilisation, divulgation, distribution, copie, > > ou diffusion non autorisée est strictement défendue. Si vous n'êtes > > pas le destinataire de ce message, veuillez en informer l'expéditeur > > immédiatement et lui remettre l'original. ------------------------ > > MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > *Support MailScanner development - buy the book off the website!* > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > This email and/or any documents in this transmission is intended for the > addressee(s) only and may contain legally privileged or confidential > information. Any unauthorized use, disclosure, distribution, copying or > dissemination is strictly prohibited. If you receive this transmission > in error, please notify the sender immediately and return the original. > Ce courriel et tout document dans cette transmission est destiné à la > personne ou aux personnes à qui il est adressé. Il peut contenir des > informations privilégiées ou confidentielles. Toute utilisation, > divulgation, distribution, copie, ou diffusion non autorisée est > strictement défendue. Si vous n'êtes pas le destinataire de ce message, > veuillez en informer l'expéditeur immédiatement et lui remettre > l'original. ------------------------ MailScanner list > ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at ELKNET.NET Mon Feb 14 21:34:16 2005 From: mailscanner at ELKNET.NET (Alan) Date: Thu Jan 12 21:28:32 2006 Subject: Logging feature request Message-ID: Welcom back Julian! I have a feature request to ask that I hope is minor... You have supplied us with quite a few options to turn on and off the logging of many aspects of MailScanner. At present, if I set everyone of them to 'Off'... I'm seeing the following activities still being logged: Content checks: Content Checks: Detected and have disarmed HTML message in ... Precedence list checks: Skipping sender of precedence list Phishing checks: Found phishing fraud from Message renaming: ZM: message 2061436 renamed into 2060021 I would appreciate it if we could get some additional logging configurations settings so we could also turn each of these types of logs on and off. Thanks for your consideration of this request, -Alan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From harald.windisch at ITEXPERTS.AT Mon Feb 14 22:22:31 2005 From: harald.windisch at ITEXPERTS.AT (Harald Windisch) Date: Thu Jan 12 21:28:32 2006 Subject: Mailscanner & digitally signed emails Message-ID: Dear Mailscanner-admins! Did you ever had the need to let through digitally signed emails?? One of my customers does need it, but every signed email reaches the target with the message "the signature is invalid" I think its in the nature for mailscanners (and spamcheckers) to open and therefore change emails. So, what can i do to exclude the signed emails (like the encrypted ones). Thankful for any help greets harald windishc harald.windisch@itepxerts.at ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drolland at kdinet.com Mon Feb 14 23:47:48 2005 From: drolland at kdinet.com (Diane Rolland) Date: Thu Jan 12 21:28:32 2006 Subject: clamav virus updates configuration Message-ID: I'm using clamav with MS. It appears that the freshclam updates are being stored in /tmp Is it possible to configure this somewhere? I'd like to put it with the rest of my log files and enable some log rotation. Thanks!, Diane ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From christian at COLUMBIAFUELS.COM Tue Feb 15 00:05:35 2005 From: christian at COLUMBIAFUELS.COM (Christian Rasmussen) Date: Thu Jan 12 21:28:32 2006 Subject: clamav virus updates configuration Message-ID: **I haven't tried it** but it looks like you can change this in: /usr/lib/MailScanner/clamav-autoupdate (defined near the top) -Christian -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Diane Rolland Sent: Monday, February 14, 2005 3:48 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: clamav virus updates configuration I'm using clamav with MS. It appears that the freshclam updates are being stored in /tmp Is it possible to configure this somewhere? I'd like to put it with the rest of my log files and enable some log rotation. Thanks!, Diane ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dickenson at CFMC.COM Tue Feb 15 00:31:03 2005 From: dickenson at CFMC.COM (Jim Dickenson) Date: Thu Jan 12 21:28:32 2006 Subject: Virus Scanning = rule question Message-ID: Is is possible to use a rule like From: address@domain.com and From: 192.168.1.2 no To not virus check email from a specific user at a specific IP address? Just to let you all know I just went online with an inbound mail gateway using the GreetPause feature in sendmail 8.13.1 and it looks like the amount of spam has been dramatically reduced. It has only been a few hours but it is nice not getting a hundred spam messages every couple hours in my inbox. The system is running Fedora Core 3 with all updates as of a few days ago. I am using clamAV 0.82 and will update to 0.83 once I am sure things are stable for this change. Mail is scanned on the front-end sever and pushed over to a Linux 9 box where the mailboxes actually live. This other system is used as our outbound server as well. This is Fedora Core release 3 (Heidelberg) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.38.10 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.14 File::Temp 1.29 HTML::Entities 3.45 HTML::Parser 2.30 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 3.05 MIME::Base64 5.417 MIME::Decoder 5.417 MIME::Decoder::UU 5.417 MIME::Head 5.417 MIME::Parser 3.03 MIME::QuotedPrint 5.417 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.05 Sys::Syslog 1.02 Time::localtime Optional module versions are: 1.810 DB_File 1.10 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 0.44 Inline 0.13 Mail::ClamAV 3.000002 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.15 Net::CIDR::Lite 0.48 Net::DNS 0.32 Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.2 Sys::Hostname::Long 2.46 Test::Harness 0.54 Test::Simple 1.95 Text::Balanced 1.35 URI -- Jim Dickenson mailto:dickenson@cfmc.com CfMC http://www.cfmc.com/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ohookins at GMAIL.COM Tue Feb 15 01:38:59 2005 From: ohookins at GMAIL.COM (Oliver Hookins) Date: Thu Jan 12 21:28:32 2006 Subject: Sending spam emails to a unified IMAP folder Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi there, I had a look in the archives and saw some procmail scripts that would move any incoming spam emails for individual users into their 'spam' folder. However I'm looking to move all spam emails into a single IMAP folder regardless of which user it was originally destined for. Is this possible? Regards, Oliver ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Tue Feb 15 02:10:59 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:32 2006 Subject: Sending spam emails to a unified IMAP folder Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] No need for procmail - MailScanner does this. Read the comments in MailScanner.conf near Spam Actions = and High Spam Actions = It would be something like Spam Actions = store forward spam@yourdomain.com Julian has written scripts and guide that lives in the faqomatic on his website. Pete Oliver Hookins wrote: > Hi there, > > I had a look in the archives and saw some procmail scripts that would > move any incoming spam emails for individual users into their 'spam' > folder. However I'm looking to move all spam emails into a single IMAP > folder regardless of which user it was originally destined for. > > Is this possible? > > Regards, > Oliver > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Tue Feb 15 02:11:21 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:32 2006 Subject: Virus Scanning = rule question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] What if you had a rule in your MTA that didnt accept mail from domains that dont resolve properly, and then youn can just block the email address in the MS rulesets. This will provide coverage against all those using domain names they shouldnt? I have this turned on, but i cannot remember for the life of me where it controlled :) Pete Jim Dickenson wrote: > Is is possible to use a rule like > > From: address@domain.com and From: 192.168.1.2 no > > To not virus check email from a specific user at a specific IP address? > > > > > > Just to let you all know I just went online with an inbound mail gateway > using the GreetPause feature in sendmail 8.13.1 and it looks like the amount > of spam has been dramatically reduced. It has only been a few hours but it > is nice not getting a hundred spam messages every couple hours in my inbox. > > The system is running Fedora Core 3 with all updates as of a few days ago. I > am using clamAV 0.82 and will update to 0.83 once I am sure things are > stable for this change. Mail is scanned on the front-end sever and pushed > over to a Linux 9 box where the mailboxes actually live. This other system > is used as our outbound server as well. > > > This is Fedora Core release 3 (Heidelberg) > This is Perl version 5.008005 (5.8.5) > > This is MailScanner version 4.38.10 > Module versions are: > 1.00 AnyDBM_File > 1.14 Archive::Zip > 1.03 Carp > 1.119 Convert::BinHex > 1.00 DirHandle > 1.05 Fcntl > 2.73 File::Basename > 2.08 File::Copy > 2.01 FileHandle > 1.06 File::Path > 0.14 File::Temp > 1.29 HTML::Entities > 3.45 HTML::Parser > 2.30 HTML::TokeParser > 1.21 IO > 1.10 IO::File > 1.123 IO::Pipe > 3.05 MIME::Base64 > 5.417 MIME::Decoder > 5.417 MIME::Decoder::UU > 5.417 MIME::Head > 5.417 MIME::Parser > 3.03 MIME::QuotedPrint > 5.417 MIME::Tools > 0.10 Net::CIDR > 1.08 POSIX > 1.77 Socket > 0.05 Sys::Syslog > 1.02 Time::localtime > > Optional module versions are: > 1.810 DB_File > 1.10 Digest > 1.01 Digest::HMAC > 2.33 Digest::MD5 > 2.10 Digest::SHA1 > 0.44 Inline > 0.13 Mail::ClamAV > 3.000002 Mail::SpamAssassin > 1.997 Mail::SPF::Query > 0.15 Net::CIDR::Lite > 0.48 Net::DNS > 0.32 Net::LDAP > 1.94 Parse::RecDescent > missing SAVI > 1.2 Sys::Hostname::Long > 2.46 Test::Harness > 0.54 Test::Simple > 1.95 Text::Balanced > 1.35 URI > > > -- > Jim Dickenson > mailto:dickenson@cfmc.com > > CfMC > http://www.cfmc.com/ > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ohookins at GMAIL.COM Tue Feb 15 02:21:07 2005 From: ohookins at GMAIL.COM (Oliver Hookins) Date: Thu Jan 12 21:28:32 2006 Subject: Sending spam emails to a unified IMAP folder Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Russell wrote: > No need for procmail - MailScanner does this. > > Read the comments in MailScanner.conf near Spam Actions = and High Spam > Actions = > > It would be something like Spam Actions = store forward spam@yourdomain.com We probably wouldn't need 'store' if we are putting a copy somewhere else. > > Julian has written scripts and guide that lives in the faqomatic on his > website. I had a look in the FAQ but couldn't find anything before... could you point me in the right direction (link)? Thanks! > > Pete > > Oliver Hookins wrote: > >> Hi there, >> >> I had a look in the archives and saw some procmail scripts that would >> move any incoming spam emails for individual users into their 'spam' >> folder. However I'm looking to move all spam emails into a single IMAP >> folder regardless of which user it was originally destined for. >> >> Is this possible? >> >> Regards, >> Oliver ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dickenson at CFMC.COM Tue Feb 15 03:29:36 2005 From: dickenson at CFMC.COM (Jim Dickenson) Date: Thu Jan 12 21:28:32 2006 Subject: Virus Scanning = rule question Message-ID: I do not see how this would do what I want. Basically I want to allow email attachments from a single user sending email from a single IP address without virus scanning them. I do not want to not scan stuff from a particular email address because anyone can use any address they want. I do not want to not scan stuff from a particular IP address because if they are hacked I want some protection. -- Jim Dickenson mailto:dickenson@cfmc.com CfMC http://www.cfmc.com/ > From: Peter Russell > Reply-To: MailScanner mailing list > Date: Tue, 15 Feb 2005 13:11:21 +1100 > To: > Subject: Re: Virus Scanning = rule question > > What if you had a rule in your MTA that didnt accept mail from domains > that dont resolve properly, and then youn can just block the email > address in the MS rulesets. This will provide coverage against all those > using domain names they shouldnt? > > I have this turned on, but i cannot remember for the life of me where it > controlled :) > Pete > > Jim Dickenson wrote: >> Is is possible to use a rule like >> >> From: address@domain.com and From: 192.168.1.2 no >> >> To not virus check email from a specific user at a specific IP address? >> >> >> >> >> >> Just to let you all know I just went online with an inbound mail gateway >> using the GreetPause feature in sendmail 8.13.1 and it looks like the amount >> of spam has been dramatically reduced. It has only been a few hours but it >> is nice not getting a hundred spam messages every couple hours in my inbox. >> >> The system is running Fedora Core 3 with all updates as of a few days ago. I >> am using clamAV 0.82 and will update to 0.83 once I am sure things are >> stable for this change. Mail is scanned on the front-end sever and pushed >> over to a Linux 9 box where the mailboxes actually live. This other system >> is used as our outbound server as well. >> >> >> This is Fedora Core release 3 (Heidelberg) >> This is Perl version 5.008005 (5.8.5) >> >> This is MailScanner version 4.38.10 >> Module versions are: >> 1.00 AnyDBM_File >> 1.14 Archive::Zip >> 1.03 Carp >> 1.119 Convert::BinHex >> 1.00 DirHandle >> 1.05 Fcntl >> 2.73 File::Basename >> 2.08 File::Copy >> 2.01 FileHandle >> 1.06 File::Path >> 0.14 File::Temp >> 1.29 HTML::Entities >> 3.45 HTML::Parser >> 2.30 HTML::TokeParser >> 1.21 IO >> 1.10 IO::File >> 1.123 IO::Pipe >> 3.05 MIME::Base64 >> 5.417 MIME::Decoder >> 5.417 MIME::Decoder::UU >> 5.417 MIME::Head >> 5.417 MIME::Parser >> 3.03 MIME::QuotedPrint >> 5.417 MIME::Tools >> 0.10 Net::CIDR >> 1.08 POSIX >> 1.77 Socket >> 0.05 Sys::Syslog >> 1.02 Time::localtime >> >> Optional module versions are: >> 1.810 DB_File >> 1.10 Digest >> 1.01 Digest::HMAC >> 2.33 Digest::MD5 >> 2.10 Digest::SHA1 >> 0.44 Inline >> 0.13 Mail::ClamAV >> 3.000002 Mail::SpamAssassin >> 1.997 Mail::SPF::Query >> 0.15 Net::CIDR::Lite >> 0.48 Net::DNS >> 0.32 Net::LDAP >> 1.94 Parse::RecDescent >> missing SAVI >> 1.2 Sys::Hostname::Long >> 2.46 Test::Harness >> 0.54 Test::Simple >> 1.95 Text::Balanced >> 1.35 URI >> >> >> -- >> Jim Dickenson >> mailto:dickenson@cfmc.com >> >> CfMC >> http://www.cfmc.com/ >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ckowarzik at EMAIL.DE Tue Feb 15 08:09:01 2005 From: ckowarzik at EMAIL.DE (Christian Kowarzik) Date: Thu Jan 12 21:28:32 2006 Subject: Bit Defender Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dhawal Doshy wrote: > Pete Russell wrote: > >> Hi there, was thinking about installing bit defender seeing as the >> license permits me to use it for free. [..] > A reply I received today from the bitdefender team.. > --------------------------------------------------- > The bdc scanner is free to use. If you want to protect your emails > against spam and viruses, you have to buy BitDefender for mailserver. > But you can try it before buying the product by downloading it from: > ftp://ftp.bitdefender.com/pub/linux/mailserver/ > > For buying, please visit: > http://www.bitdefender.com/bd/site/buy.php?section1=1 > --------------------------------------------------- > > My Question was: > --------------------------------------------------- > > This URL for BitDefender Linux Edition says that its a freeware > > product, is this also the case for commercial usage? > > http://www.bitdefender.com/bd/site/products.php?p_id=16 > > > > I am planning to use it with a third party scanner like amavis / > > qmail-scanner, please let me know if this is fine OR if I need to > > procure a license and if so then what is the cost for the same. > --------------------------------------------------- > > Confused I am!! should I continue using it OR buy a license. [..] Read the reply from bitdefender-support carefully: The bitdefender team suggest a virus _and spam_ scanner, which is a different product: 'If you want to protect your emails against spam and viruses, you have to buy _BitDefender for mailserver_.' Follow there link for verification: 'For buying, please visit: 'http://www.bitdefender.com/bd/site/buy.php?section1=1' Christian ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Tue Feb 15 10:02:46 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:32 2006 Subject: Fw: Text files Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, Julian Did you have a change to read my posts about the text files. I'm having this problem with these particular text files and some binary files... I put the two problematic files in an web page, if somebody could make a test and see if it happens in your location too, would be intersting. The first one (file.prj) goes out from Outlook Express with 1,80 Kb, as an "ASCII text, with very long lines, with CRLF line terminators", and goes to the destinatary with 1,93 Kb, as an "ASCII text, with very long lines". The second one is a bigger file, identified only as "data" by the file command. It goes out with 916 Kb, and goes to the destinatary with 952 Kb. Really strange... (The sizes of the files are the one presented in Outlook Express, I just put these sizes here to show how the file sizes are diferent in my outbox and the destinatary inbox). The two files are at http://www.rudnick.com.br/files Regards Roger Jochem ----- Original Message ----- From: Roger Jochem To: MAILSCANNER@JISCMAIL.AC.UK Sent: Wednesday, February 09, 2005 10:44 AM Subject: Re: Text files The problem does not occur for all text files. I didn't figured out when it happens. The files where I encountered the problem are identified by the file comand as: ASCII text, with very long lines, with CRLF line terminators ----- Original Message ----- From: Roger Jochem To: MAILSCANNER@JISCMAIL.AC.UK Sent: Wednesday, February 09, 2005 10:42 AM Subject: Text files I'm facing a strange problem here. I have a RHEL 3 server running Sendmail + Mailscanner. When I send a message with a text file attached from my Windows 98 machine (I use Outlook Express as my mail client), the text file, that was a DOS file, goes to the destinatary as an UNIX file. How can I solve this? Regards Roger Jochem ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Feb 15 09:18:01 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:32 2006 Subject: Mailscanner & digitally signed emails Message-ID: Harald Is MS doing anything beyond putting extra headers in the email? (corporate disclaimer/html checks and fixing/...)>> check the logs for one of these emails and you might want to archive the email so you can can diff the before and after versions to see what changes are being made that messes with the signature. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Harald Windisch wrote: > Dear Mailscanner-admins! > > Did you ever had the need to let through digitally signed emails?? > One of my customers does need it, but every signed email reaches the > target with the message "the signature is invalid" > > I think its in the nature for mailscanners (and spamcheckers) to open and > therefore change emails. > > So, what can i do to exclude the signed emails (like the encrypted ones). > > Thankful for any help > > greets > harald windishc > > harald.windisch@itepxerts.at > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Feb 15 09:21:03 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:32 2006 Subject: Virus Scanning = rule question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Yes, that should work. Jim Dickenson wrote: >Is is possible to use a rule like > >From: address@domain.com and From: 192.168.1.2 no > >To not virus check email from a specific user at a specific IP address? > > > > > >Just to let you all know I just went online with an inbound mail gateway >using the GreetPause feature in sendmail 8.13.1 and it looks like the amount >of spam has been dramatically reduced. It has only been a few hours but it >is nice not getting a hundred spam messages every couple hours in my inbox. > >The system is running Fedora Core 3 with all updates as of a few days ago. I >am using clamAV 0.82 and will update to 0.83 once I am sure things are >stable for this change. Mail is scanned on the front-end sever and pushed >over to a Linux 9 box where the mailboxes actually live. This other system >is used as our outbound server as well. > > >This is Fedora Core release 3 (Heidelberg) >This is Perl version 5.008005 (5.8.5) > >This is MailScanner version 4.38.10 >Module versions are: >1.00 AnyDBM_File >1.14 Archive::Zip >1.03 Carp >1.119 Convert::BinHex >1.00 DirHandle >1.05 Fcntl >2.73 File::Basename >2.08 File::Copy >2.01 FileHandle >1.06 File::Path >0.14 File::Temp >1.29 HTML::Entities >3.45 HTML::Parser >2.30 HTML::TokeParser >1.21 IO >1.10 IO::File >1.123 IO::Pipe >3.05 MIME::Base64 >5.417 MIME::Decoder >5.417 MIME::Decoder::UU >5.417 MIME::Head >5.417 MIME::Parser >3.03 MIME::QuotedPrint >5.417 MIME::Tools >0.10 Net::CIDR >1.08 POSIX >1.77 Socket >0.05 Sys::Syslog >1.02 Time::localtime > >Optional module versions are: >1.810 DB_File >1.10 Digest >1.01 Digest::HMAC >2.33 Digest::MD5 >2.10 Digest::SHA1 >0.44 Inline >0.13 Mail::ClamAV >3.000002 Mail::SpamAssassin >1.997 Mail::SPF::Query >0.15 Net::CIDR::Lite >0.48 Net::DNS >0.32 Net::LDAP >1.94 Parse::RecDescent >missing SAVI >1.2 Sys::Hostname::Long >2.46 Test::Harness >0.54 Test::Simple >1.95 Text::Balanced >1.35 URI > > >-- >Jim Dickenson >mailto:dickenson@cfmc.com > >CfMC >http://www.cfmc.com/ > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Feb 15 09:21:50 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:32 2006 Subject: Sending spam emails to a unified IMAP folder Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Oliver Hookins wrote: > Peter Russell wrote: > >> No need for procmail - MailScanner does this. >> >> Read the comments in MailScanner.conf near Spam Actions = and High Spam >> Actions = >> >> It would be something like Spam Actions = store forward >> spam@yourdomain.com > > > We probably wouldn't need 'store' if we are putting a copy somewhere > else. > >> >> Julian has written scripts and guide that lives in the faqomatic on his >> website. > > > I had a look in the FAQ but couldn't find anything before... could you > point me in the right direction (link)? Thanks! It's in the book :-) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From David.While at UCE.AC.UK Tue Feb 15 10:37:33 2005 From: David.While at UCE.AC.UK (David While) Date: Thu Jan 12 21:28:32 2006 Subject: Double subject line Message-ID: I remember a thread concerning the fact that some emails had multiple subject header lines and that this caused the {Spam?} tag not to show up. I thought the solution was that MailScanner was going to add the {Spam?} tag to all the subject lines, however, I have just upgraded to the latest version 4.38.10 and only the first subject line is being tagged. This causes our web based client not to show the {Spam?} tag. We use Squirrelmail as the web client. The headers are shown below: the received lines have been chopped Subject: {Spam?} Productivity Increase Date: Tue, 15 Feb 2005 10:11:30 GMT Did: 40279920 X-BPS1: 40279920 From: sridgwell.pcservices@wwtmail.co.uk Mime-version: 1.0 Subject: Productivity Increase To: xxx@xxxx Content-type: multipart/report; boundary="======4793==20866======" X-BB-MailScanner-Information: Please contact the ISP for more information X-BB-MailScanner: Found to be clean X-BB-MailScanner-SpamCheck: spam, SpamAssassin (score=8.462, required 4.7, DOMAIN_RATIO 3.18, HTML_90_100 0.02, HTML_IMAGE_RATIO_02 0.02, HTML_MESSAGE 0.00, HTML_TEXT_AFTER_BODY 0.06, HTML_TEXT_AFTER_HTML 0.03, HTML_WEB_BUGS 0.04, MIME_HTML_ONLY 0.18, MSGID_FROM_MTA_HEADER 0.05, MSGID_FROM_MTA_ID 1.72, NO_REAL_NAME 0.01, SARE_HTML_HTML_AFTER 0.94, SARE_HTML_IMG_ONLY 2.22) X-BB-MailScanner-SpamScore: ssssssss X-MailScanner-From: xxx@xxxx I have changed the email addresses to protect the innocent!! -------------------------------------------- David While BSc CEng MBCS CITP Department of Computing & Information University of Central England Tel: 0121 331 6211 -------------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Feb 15 11:25:45 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:32 2006 Subject: Double subject line Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I will take a look. It will cause a slight slow-down as it will have to search all the headers, not just as many as are necessary to find the first one. David While wrote: >I remember a thread concerning the fact that some emails had multiple >subject header lines and that this caused the {Spam?} tag not to show >up. I thought the solution was that MailScanner was going to add the >{Spam?} tag to all the subject lines, however, I have just upgraded to >the latest version 4.38.10 and only the first subject line is being >tagged. This causes our web based client not to show the {Spam?} tag. We >use Squirrelmail as the web client. > >The headers are shown below: > >the received lines have been chopped > >Subject: {Spam?} Productivity Increase >Date: Tue, 15 Feb 2005 10:11:30 GMT >Did: 40279920 >X-BPS1: 40279920 >From: sridgwell.pcservices@wwtmail.co.uk >Mime-version: 1.0 >Subject: Productivity Increase >To: xxx@xxxx >Content-type: multipart/report; boundary="======4793==20866======" >X-BB-MailScanner-Information: Please contact the ISP for more >information >X-BB-MailScanner: Found to be clean >X-BB-MailScanner-SpamCheck: spam, SpamAssassin (score=8.462, required >4.7, > DOMAIN_RATIO 3.18, HTML_90_100 0.02, HTML_IMAGE_RATIO_02 0.02, > HTML_MESSAGE 0.00, HTML_TEXT_AFTER_BODY 0.06, > HTML_TEXT_AFTER_HTML 0.03, HTML_WEB_BUGS 0.04, MIME_HTML_ONLY 0.18, > MSGID_FROM_MTA_HEADER 0.05, MSGID_FROM_MTA_ID 1.72, > NO_REAL_NAME 0.01, SARE_HTML_HTML_AFTER 0.94, > SARE_HTML_IMG_ONLY 2.22) >X-BB-MailScanner-SpamScore: ssssssss >X-MailScanner-From: xxx@xxxx > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mauriciopcavalcanti at HOTMAIL.COM Tue Feb 15 13:05:38 2005 From: mauriciopcavalcanti at HOTMAIL.COM (Mauricio Cavalcanti) Date: Thu Jan 12 21:28:32 2006 Subject: Allowing PDF files Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have this kind of problem, using Pegasus Mail and files names like "name.file.date.pdf". If I attach name.pdf, i have no problems. Any issue to solve this? Regards, Mauricio. >From: "Hirsh, Joshua" >Reply-To: MailScanner mailing list >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Allowing PDF files >Date: Wed, 9 Feb 2005 13:59:35 -0500 > > > Maibe the problem with my text file (ASCII text, with very > > long lines, with CRLF line terminators) that changes size, > > and finished like an Unix file, have something to do with > > this PDF problem... The text attachmentment is also quoted > > printable in the e-mail... > > > It's quite possible. The comments on the patch that Julian applied read >as >follows: > > # Overload the MIME quoted-printable decoder. > # This version will make lines that end in \n now end in \r\n. > # This hopefully fixes problems with PDF files as they are now >extracted > # correctly. > > So it sounds like the cause to me, but most likely it's something Julian >will have to look into. > > > Regards, >-Joshua > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chuck.foster at STREAMSHIELD.COM Tue Feb 15 13:20:47 2005 From: chuck.foster at STREAMSHIELD.COM (Chuck Foster) Date: Thu Jan 12 21:28:32 2006 Subject: Quarantines Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, Would I be right in my observation that if MCP, Spam, and Virus quarantining are all active you could end up with three copies of the message in the quarantine hierarchy? It seems like: MCP Actions = store -> copy into /var/spool/MailScanner/quarantine/20050215/mcp/.... Spam Actions = store -> copy into /var/spool/MailScanner/quarantine/20050215/spam/.... Quarantine Infections = yes -> copy into /var/spool/MailScanner/quarantine/20050215/.... (assuming Keep Spam And MCP Archive Clean = no) Chuck This message should be regarded as confidential. If you have received this email in error please notify the sender and destroy it immediately. Statements of intent shall only become binding when confirmed in hard copy by an authorized signatory. This message has been scanned for all known viruses and dangerous content by StreamShield Protector, and has been found to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From niklas at ADNECOM.SE Tue Feb 15 13:54:27 2005 From: niklas at ADNECOM.SE (Niklas Olofsson) Date: Thu Jan 12 21:28:32 2006 Subject: QuarantineReport Message-ID: I'am testing QuarantineReport from fsl and I have one problem. If we recive a spam that contains multible recipients the QuarantineReport will have one entry for each recipient, this will make the report very hard to read for our users because sometime's it can be 50-100 recipients. Is this working as designed or am I doing something wrong here ?? best regards Niklas Olofsson ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drolland at kdinet.com Tue Feb 15 13:39:55 2005 From: drolland at kdinet.com (Diane Rolland) Date: Thu Jan 12 21:28:32 2006 Subject: Allowing PDF files Message-ID: I had a similar issue with they way my customer saves pdf doc and xls files with multiple ".". I added the three file types in filename.rules.conf to allow those file types. > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Mauricio Cavalcanti > Sent: Tuesday, February 15, 2005 7:06 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Allowing PDF files > > I have this kind of problem, using Pegasus Mail and files names like > "name.file.date.pdf". > > If I attach name.pdf, i have no problems. Any issue to solve this? > > Regards, > Mauricio. > > >From: "Hirsh, Joshua" > >Reply-To: MailScanner mailing list > >To: MAILSCANNER@JISCMAIL.AC.UK > >Subject: Re: Allowing PDF files > >Date: Wed, 9 Feb 2005 13:59:35 -0500 > > > > > Maibe the problem with my text file (ASCII text, with very > > > long lines, with CRLF line terminators) that changes size, > > > and finished like an Unix file, have something to do with > > > this PDF problem... The text attachmentment is also quoted > > > printable in the e-mail... > > > > > > It's quite possible. The comments on the patch that Julian applied read > >as > >follows: > > > > # Overload the MIME quoted-printable decoder. > > # This version will make lines that end in \n now end in \r\n. > > # This hopefully fixes problems with PDF files as they are now > >extracted > > # correctly. > > > > So it sounds like the cause to me, but most likely it's something > Julian > >will have to look into. > > > > > > Regards, > >-Joshua > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Tue Feb 15 13:44:12 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:28:32 2006 Subject: Allowing PDF files Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Mauricio Cavalcanti > Sent: Tuesday, February 15, 2005 8:06 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Allowing PDF files > > > I have this kind of problem, using Pegasus Mail and files names like > "name.file.date.pdf". > > If I attach name.pdf, i have no problems. Any issue to solve this? > They are getting caught by the multiple extension rule add something like allow \.pdf$ - - toward the top of your filename rules file, Bearing in mind that each item is separated by a tab NOT a space -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Tue Feb 15 14:34:16 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:28:32 2006 Subject: translation for ms-book ? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] hi julian ... and folks :) are there translations for the book planned or in progress ? primary im looking for german think not but a question wont hurt me :) greetings andy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Tue Feb 15 14:37:53 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:28:32 2006 Subject: QuarantineReport Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Niklas Olofsson > Sent: Tuesday, February 15, 2005 8:54 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: QuarantineReport > > I'am testing QuarantineReport from fsl and I have one problem. If we > recive a spam that contains multible recipients the QuarantineReport > will have one entry for each recipient, this will make the report very > hard to read for our users because sometime's it can be 50-100 > recipients. Is this working as designed or am I doing something wrong > here ?? > > best regards > > Niklas Olofsson > A couple of ways to prevent this: 1. Split up emails to multiple recipients into individual messages, one for each recipient, as the messages are received and before the messages are placed in MailScanner's incoming queue. 2. Limit the number of multiple recipients you will allow to be received at the site. I know this might not be possible for all sites but might be possible at smaller sites. Both of these solutions are implemented at the MTA level so the gory details are MTA dependent. Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From PHachey at CITY.CORNWALL.ON.CA Tue Feb 15 15:40:11 2005 From: PHachey at CITY.CORNWALL.ON.CA (Philip Hachey) Date: Thu Jan 12 21:28:32 2006 Subject: hardware for MailScanner server? Message-ID: Hi. I have recently greatly increased the number of users whose mail get scanned by our MailScanner server. Now, the hard drive tends to thrash a fair bit and SpamAssassin occasionally times out, especially during bursts. MailScanner needs to process around 40-60 messages per five minute interval. The server consists of a stripped down install of White Box Linux (a clone of RHEL3 -- 2.4 kernel), sendmail, MailScanner using RBL checks, and SpamAssassin using Bayes, Razor, DCC, Pyzor, and SURBL, as well as some additional custom rule files and rule files from www.rulesemporium.com. What would be a reasonable amount of RAM and CPU speed that could handle this? Thanks for any suggestions. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From PHachey at CITY.CORNWALL.ON.CA Tue Feb 15 15:45:31 2005 From: PHachey at CITY.CORNWALL.ON.CA (Philip Hachey) Date: Thu Jan 12 21:28:32 2006 Subject: hardware for MailScanner server? Message-ID: Oh and ClamAV also runs on this server, scanning each message for viruses. ----- Forwarded by Philip Hachey/JUSTICE/CityCornwall on 2005-02-15 10:44 ----- Philip Hachey Sent by: MailScanner mailing list 2005-02-15 10:40 Please respond to MailScanner mailing list To: MAILSCANNER@JISCMAIL.AC.UK cc: Subject: hardware for MailScanner server? Hi. I have recently greatly increased the number of users whose mail get scanned by our MailScanner server. Now, the hard drive tends to thrash a fair bit and SpamAssassin occasionally times out, especially during bursts. MailScanner needs to process around 40-60 messages per five minute interval. The server consists of a stripped down install of White Box Linux (a clone of RHEL3 -- 2.4 kernel), sendmail, MailScanner using RBL checks, and SpamAssassin using Bayes, Razor, DCC, Pyzor, and SURBL, as well as some additional custom rule files and rule files from www.rulesemporium.com. What would be a reasonable amount of RAM and CPU speed that could handle this? Thanks for any suggestions. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john at TRADOC.FR Tue Feb 15 15:49:28 2005 From: john at TRADOC.FR (John Wilcock) Date: Thu Jan 12 21:28:32 2006 Subject: Semi-OT: logwatch-pre6.0-4 Released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Just a quick heads-up for anyone using logwatch with MailScanner. The latest version includes quite a few changes in the mailscanner script (including a few from yours truly to summarise phishing logs and HTML exploits). The beta is available from www.logwatch.org. Apparently they are intending to release 6.0 very soon (this weekend?) so if anyone else has any suggestions for the mailscanner script... John. -- -- Over 2500 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From prandal at HEREFORDSHIRE.GOV.UK Tue Feb 15 16:01:57 2005 From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil) Date: Thu Jan 12 21:28:33 2006 Subject: hardware for MailScanner server? Message-ID: We deal with similar volumes using a comparable spamassassin setup here, with ClamAV, Bitdefender, and McAfee's uvscan without any problems on a 2.4GHz Pentium 4 box with 1GB of RAM and hardware-mirrored SCSI disks. I'd highly recommend virus scanning with both Bitdefender Linux Edition (free to use) and ClamAV. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Philip Hachey > Sent: 15 February 2005 15:46 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: hardware for MailScanner server? > > Oh and ClamAV also runs on this server, scanning each message > for viruses. > > ----- Forwarded by Philip Hachey/JUSTICE/CityCornwall on > 2005-02-15 10:44 > ----- > > > Philip Hachey Sent by: > MailScanner mailing list > 2005-02-15 10:40 > Please respond to MailScanner mailing list > > > To: MAILSCANNER@JISCMAIL.AC.UK > cc: > Subject: hardware for MailScanner server? > > > Hi. I have recently greatly increased the number of users > whose mail get scanned by our MailScanner server. Now, the > hard drive tends to thrash a fair bit and SpamAssassin > occasionally times out, especially during bursts. > MailScanner needs to process around 40-60 messages per five > minute interval. > > The server consists of a stripped down install of White Box > Linux (a clone of RHEL3 -- 2.4 kernel), sendmail, MailScanner > using RBL checks, and SpamAssassin using Bayes, Razor, DCC, > Pyzor, and SURBL, as well as some additional custom rule > files and rule files from www.rulesemporium.com. > > What would be a reasonable amount of RAM and CPU speed that > could handle this? > > Thanks for any suggestions. > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Feb 15 16:05:29 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:33 2006 Subject: hardware for MailScanner server? Message-ID: Philip Also depends on average message size.. RAM the more the better. Also using Razor & dcc & pyzor might ne a little over the top.. I also hope the bigevil.cf isn't one of the rules you are using... anyway my 2.8ghz PIV(ht) with 1.5 GB DDR RAM and SATA HD can do around 3,000 messages per hour and it's not that well tuned....(runs FreeBSD not Linux). That was last time I messed up and the queue was 550 messages which took around 10 minutes to clear. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Philip Hachey wrote: > Hi. I have recently greatly increased the number of users whose mail get > scanned by our MailScanner server. Now, the hard drive tends to thrash a > fair bit and SpamAssassin occasionally times out, especially during > bursts. MailScanner needs to process around 40-60 messages per five > minute interval. > > The server consists of a stripped down install of White Box Linux (a clone > of RHEL3 -- 2.4 kernel), sendmail, MailScanner using RBL checks, and > SpamAssassin using Bayes, Razor, DCC, Pyzor, and SURBL, as well as some > additional custom rule files and rule files from www.rulesemporium.com. > > What would be a reasonable amount of RAM and CPU speed that could handle > this? > > Thanks for any suggestions. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Feb 15 16:13:07 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:33 2006 Subject: OT: My holiday pictures Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] For those of you who are interested, my holiday photos are all on the web at www.jules.fm/gallery/ It's (obviously) the 2005 trip at the top that you are looking for. And the rest of the group were much older than me :-) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Feb 15 16:16:04 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:33 2006 Subject: Quarantines Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I think so, yes. Chuck Foster wrote: > Hi, > > Would I be right in my observation that if MCP, Spam, and Virus > quarantining are all active you could end up with three copies of the > message in the quarantine hierarchy? It seems like: > > > MCP Actions = store -> copy into > /var/spool/MailScanner/quarantine/20050215/mcp/.... > Spam Actions = store -> copy into > /var/spool/MailScanner/quarantine/20050215/spam/.... > Quarantine Infections = yes -> copy into > /var/spool/MailScanner/quarantine/20050215/.... > > (assuming Keep Spam And MCP Archive Clean = no) > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Feb 15 16:14:46 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:33 2006 Subject: translation for ms-book ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Sorry, no plans there I'm afraid. It would need someone with very good technical German and English to do a translation, and they would need a lot of spare time in which to do it as I can't pay them for doing it all. Dörfler Andreas wrote: >hi julian ... and folks :) > >are there translations for the book >planned or in progress ? >primary im looking for german > >think not but a question wont hurt me :) > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From phillip at EACSI.COM Tue Feb 15 16:28:16 2005 From: phillip at EACSI.COM (Phillip T. George) Date: Thu Jan 12 21:28:33 2006 Subject: Semi-OT: logwatch-pre6.0-4 Released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] John, That sounds great. Could I get a link to a site with more information on this script? I'm not sure if it already has these things below...it most likely does, but if not...these are my suggestions: Maybe a spam message summary and/or overall virus summary as well would be good. If there was some way to also include spams and viruses coming from an IP that would definitely be useful--it would let us know who we should "/sbin/iptables -I INPUT -s #.#.#.# -j DROP" :) Thanks, Phillip John Wilcock wrote: > Just a quick heads-up for anyone using logwatch with MailScanner. The > latest version includes quite a few changes in the mailscanner script > (including a few from yours truly to summarise phishing logs and HTML > exploits). > > The beta is available from www.logwatch.org. Apparently they are > intending to release 6.0 very soon (this weekend?) so if anyone else has > any suggestions for the mailscanner script... > > John. > > -- > -- Over 2500 webcams from ski resorts around the world - www.snoweye.com > -- Translate your technical documents and web pages - www.tradoc.fr > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john at TRADOC.FR Tue Feb 15 16:53:27 2005 From: john at TRADOC.FR (John Wilcock) Date: Thu Jan 12 21:28:33 2006 Subject: Semi-OT: logwatch-pre6.0-4 Released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Phillip T. George wrote: > That sounds great. Could I get a link to a site with more information > on this script? See www.logwatch.org. I don't think there's any information there about the mailscanner script in particular, but I've pasted a sample of the output below: > --------------------- MailScanner Begin ------------------------ > > MailScanner Status: > 566 messages Scanned by MailScanner > 5.6 Total MB > 76 Spam messages detected by MailScanner > 71 Spam messages with action(s) store > 5 Spam messages with action(s) store,deliver > 9 Viruses found by MailScanner > 8 Banned attachments found by MailScanner > 1 Content Problems found by MailScanner > 493 Messages delivered by MailScanner > > ClamAVModule Virus Report: (Total Seen = 9) > Trojan.Downloader.Small-165: 1 Times(s) > Worm.Bagle.AG.2: 4 Times(s) > Worm.Bagle.Gen-zippwd: 1 Times(s) > Worm.SomeFool.P: 3 Times(s) > > F-Prot Virus Report: (Total Seen = 9) > HTML/IFrame@expl : 1 Times(s) > W32/Bagle.AI@mm : 4 Times(s) > W32/Bagle.BC@mm : 1 Times(s) > W32/Netsky.Q.corr : 3 Times(s) > > Virus Sender Report: (Total Seen = 8) > 217.112.52.115 : 1 Times(s) > 62.4.16.80 : 2 Times(s) > 82.121.133.139 : 1 Times(s) > 82.121.133.165 : 1 Times(s) > 83.114.148.52 : 1 Times(s) > 83.114.150.59 : 1 Times(s) > 83.114.152.74 : 1 Times(s) > > Content Report: (Total Seen = 1) > HTML-specific exploits: 1 Times(s) > > Banned Filename Report: (Total Seen = 8) > Password-protected archive (Fish.zip): 1 Times(s) > possible virus hidden in a screensaver (05280e100c.9e62a data.rtf -space- .scr) : 1 Times(s) > possible virus hidden in a screensaver (e0408e100c.30068 message.scr) : 1 Times(s) > windows/dos executable (49734e100c.5f81c doll.exe) : 1 Times(s) > windows/dos executable (9eef3e11e5.e3f87 garry.com) : 1 Times(s) > windows/dos executable (abacfe100c.0997c mp3.exe) : 1 Times(s) > windows/dos executable (c418ae100c.4db55 cool_mp3.exe) : 1 Times(s) > windows/dos executable (e21f0e100c.c7235 siupd02.com) : 1 Times(s) > > Phishing Report: (Total Seen = 1) > www.emf2.com: 1 Times(s) > > Detail: > www.emf2.com claiming to be www.nicotime.fr: 1 Times(s) > > HTML

tag report: (Total Seen = 4) > alexandra.7105.150558.mailmenu.dbounce@votre.messagizer.fr : 1 Times(s) > bounce-mw-20599808@blast1.myfree.com : 1 Times(s) > chnetwork@newsletter.myabout.com : 1 Times(s) > owner-todaysl*stephen**tradoc*-fr@ablist.about.com : 1 Times(s) > > HTML